BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Semi-supervised network traffic classification
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Web user-session inference by means of clustering techniques
IEEE/ACM Transactions on Networking (TON)
Analysis of UDP Traffic Usage on Internet Backbone Links
SAINT '09 Proceedings of the 2009 Ninth Annual International Symposium on Applications and the Internet
An automatic application signature construction system for unknown traffic
Concurrency and Computation: Practice & Experience - Advanced Topics on Scalable Computing
KISS: stochastic packet inspection classifier for UDP traffic
IEEE/ACM Transactions on Networking (TON)
Live traffic monitoring with tstat: capabilities and experiences
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
Network Awareness of P2P Live Streaming Applications: A Measurement Study
IEEE Transactions on Multimedia
Unsupervised traffic classification using flow statistical properties and IP packet payload
Journal of Computer and System Sciences
Hi-index | 0.00 |
In this paper we present a fully unsupervised algorithm to identify classes of traffic inside an aggregate. The algorithm leverages on the K-means clustering algorithm, augmented with a mechanism to automatically determine the number of traffic clusters. The signatures used for clustering are statistical representations of the application layer protocols. The proposed technique is extensively tested considering UDP traffic traces collected from operative networks. Performance tests show that it can clusterize the traffic in few tens of pure clusters, achieving an accuracy above 95%. Results are promising and suggest that the proposed approach might effectively be used for automatic traffic monitoring, e.g., to identify the birth of new applications and protocols, or the presence of anomalous or unexpected traffic.