Traffic classification - towards accurate real time network applications

Authors:
Zhu Li;Ruixi Yuan;Xiaohong Guan
Affiliations:
Center for Intelligent and Networked Systems, Department of Automation, Tsinghua University, Beijing, China;Center for Intelligent and Networked Systems, Department of Automation, Tsinghua University, Beijing, China;Center for Intelligent and Networked Systems, Department of Automation, Tsinghua University, Beijing, China
Venue:
HCI'07 Proceedings of the 12th international conference on Human-computer interaction: applications and services
Year:
2007

Citing 7
Cited 1

Behavioral Authentication of Server Flows

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Profiling internet backbone traffic: behavior models and applications

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures

Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Toward the accurate identification of network applications

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement

Regularized Linear Models in Stacked Generalization

MCS '09 Proceedings of the 8th International Workshop on Multiple Classifier Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Timely traffic identification is critical in network security monitoring and traffic engineering. Traditional methods using well-known ports, protocols and precise signature matching are no longer accurate with the proliferation of new applications. Recently, applying pattern recognition methods to classify network application traffic based on the flow parameters (e.g. port, flow duration, etc.) has become increasing popular. However, many methods developed in the previous works are either too complex to be applied in real-time, or suffer from lower accuracy due to the insufficient knowledge of the application. In this paper, we first give an overview on the developments of pattern recognition methods as traffic classification tools. We then develop two separate pattern recognition methods: one with supervised learning, and one with unsupervised learning, and apply them to classify traffic captured from a campus backbone network. The supervised learning method (an optimized SVM method) yields approximately 99.41% accuracy for the collected traffic. The unsupervised learning method (an entropy based clustering method) gets the average accuracy of 92.41% for the top 20 traffic generating hosts during the same time period. Performance test on a single PC with 3GHz Pentium 4 processors and 1GB of memory show that both methods can handle more than 10000 network flows per second, close to real time requirements for many situations.