ABSTRACT
Internet traffic classification is an essential task for managing large networks. Network design, routing optimization, quality of service management, anomaly and intrusion detection tasks can be improved with a good knowledge of the traffic.
Traditional classification methods based on transport port analysis have become inappropriate for modern applications. Payload based analysis using pattern searching have privacy concerns and are usually slow and expensive in computational cost.
In recent years, traffic classification based on the statistical properties of flows has become a relevant topic. In this work we analyze the size of the firsts packets on both directions of a flow as a relevant statistical fingerprint. This fingerprint is enough for accurate traffic classification and so can be useful for early traffic identification in real time.
This work proposes the use of a supervised machine learning clustering method for traffic classification based on Support Vector Machines. We compare our method accuracy with a more classical centroid based approach, obtaining promising results.
- Application layer packet classifier for linux (l7-filter), http://17-filter.sourceforge.net/.Google Scholar
- L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian. Traffic classification on the fly. SIGCOMM Comput. Commun. Rev., 36(2):23--26, April 2006. Google ScholarDigital Library
- L. Bernaille, R. Teixeira, and K. Salamatian. Early application identification. In CoNEXT '06: Proceedings of the 2006 ACM CoNEXT conference, pages 1--12, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- C.-C. Chang and C.-J. Lin. LIBSVM: a library for support vector machines, 2001. Software available at http://www.csie.ntu.edu.tw/cjlin/libsvm.Google Scholar
- N. Cristianini and J. Shawe-Taylor. An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press, March 2000. Google ScholarDigital Library
- M. Crotti, M. Dusi, F. Gringoli, and L. Salgarelli. Traffic classification through simple statistical fingerprinting. SIGCOMM Comput. Commun. Rev., 37(1):5--16, 2007. Google ScholarDigital Library
- C. W. Hsu, C. C. Chang, and C. J. Lin. A practical guide to support vector classification. Technical report, Taipei, 2003.Google Scholar
- N.-F. Huang, G.-Y. Jai, and H.-C. Chao. Early identifying application traffic with application characteristics. pages 5788--5792, May 2008.Google Scholar
- T. Karagiannis, K. Papagiannaki, and M. Faloutsos. Blinc: multilevel traffic classification in the dark. SIGCOMM Comput. Commun. Rev., 35(4):229--240, 2005. Google ScholarDigital Library
- H.-C. Kim, K. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee. Internet traffic classification demystified: Myths, caveats, and the best practices. In ACM CoNEXT 2008. Google ScholarDigital Library
- Z. Li, R. Yuan, and X. Guan. Accurate classification of the internet traffic based on the svm method. pages 1373--1378, June 2007.Google Scholar
- J. Ma, K. Levchenko, C. Kreibich, S. Savage, and G. M. Voelker. Unexpected means of protocol inference. In IMC '06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pages 313--326, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- A. Mcgregor, M. Hall, P. Lorier, and J. Brunskill. Flow clustering using machine learning techniques. In In PAM, pages 205--214, 2004.Google ScholarCross Ref
- A. Moore and K. Papagiannaki. Toward the Accurate Identification of Network Applications. In Proceedings of the Passive y Active Measurement Workshop (PAM2005), March/Apri 2005. Google ScholarDigital Library
- A. W. Moore and D. Zuev. Internet traffic classification using bayesian analysis techniques. SIGMETRICS Perform. Eval. Rev., 33(1):50--60, June 2005. Google ScholarDigital Library
- M. Roughan, S. Sen, O. Spatscheck, and N. Duffield. Class-of-service mapping for qos: A statistical signature-based approach to ip traffic classification. In In IMCŠ04, pages 135--148, 2004. Google ScholarDigital Library
- S. Sen, O. Spatscheck, and D. Wang. Accurate, scalable in-network identification of p2p traffic using application signatures. In WWW '04: Proceedings of the 13th international conference on World Wide Web, pages 512--521, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- S. Valenti, D. Rossi, M. Meo, M. Mellia, and P. Bermolen. A behavioral classification framework for p2p-tv applications. Technical Report WP3.1, TELECOM ParisTech (France), Politecnico di Torino (Italy), January 2009.Google Scholar
- V. N. Vapnik. The nature of statistical learning theory. Springer-Verlag New York, Inc., New York, NY, USA, 1995. Google ScholarDigital Library
- R. D. A. M. Wei Li, Kaysar Abdin. Approaching real-time network traffic classification. Technical Report RR-06-12, Department of Computer Science, Queen Mary, University of London, Mile End Road, London E1 4NS, UK, October 2006.Google Scholar
- Y. xiang Yang, R. Wang, Y. Liu, S. zhen Li, and X. yong Zhou. Solving p2p traffic identification problems via optimized support vector machines. In AICCSA {21}, pages 165--171.Google Scholar
Index Terms
- Early traffic classification using support vector machines
Recommendations
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systemsAccurate traffic classification is of fundamental importance to numerous other network activities, from security monitoring to accounting, and from Quality of Service to providing operators with useful forecasts for long-term provisioning. We apply a ...
Statistical traffic classification by boosting support vector machines
LANC '12: Proceedings of the 7th Latin American Networking ConferenceIn recent years, traffic classification based on the statistical properties of flows has become an important topic. In this paper we statistically analyze the data length of the first few segments exchanged by a transport flow. This traffic ...
Support Vector Machines for TCP traffic classification
Support Vector Machines (SVM) represent one of the most promising Machine Learning (ML) tools that can be applied to the problem of traffic classification in IP networks. In the case of SVMs, there are still open questions that need to be addressed ...
Comments