Hierarchical TCP network traffic classification with adaptive optimisation
0
Citation
0
Reference
20
Related Paper
Abstract:
Nowadays, with the increasing deployment of modern packet-switching networks,
traffic classification is playing an important role in network administration. To
identify what kinds of traffic transmitting across networks can improve network
management in various ways, such as traffic shaping, differential services, enhanced
security, etc. By applying different policies to different kinds of traffic, Quality
of Service (QoS) can be achieved and the granularity can be as fine as flow-level.
Since illegal traffic can be identified and filtered, network security can be enhanced
by employing advanced traffic classification.
There are various traditional techniques for traffic classification. However,
some of them cannot handle traffic generated by applications using non-registered
ports or forged ports, some of them cannot deal with encrypted traffic and some
techniques require too much computational resources. The newly proposed technique
by other researchers, which uses statistical methods, gives an alternative
approach. It requires less resources, does not rely on ports and can deal with encrypted
traffic. Nevertheless, the performance of the classification using statistical
methods can be further improved.
In this thesis, we are aiming for optimising network traffic classification based
on the statistical approach. Because of the popularity of the TCP protocol, and
the difficulties for classification introduced by TCP traffic controls, our work is
focusing on classifying network traffic based on TCP protocol. An architecture has
been proposed for improving the classification performance, in terms of accuracy
and response time. Experiments have been taken and results have been evaluated
for proving the improved performance of the proposed optimised classifier.
In our work, network packets are reassembled into TCP flows. Then, the
statistical characteristics of flows are extracted. Finally the classes of input flows
can be determined by comparing them with the profiled samples. Instead of using only one algorithm for classifying all traffic flows, our proposed system employs
a series of binary classifiers, which use optimised algorithms to detect different
traffic classes separately. There is a decision making mechanism for dealing with
controversial results from the binary classifiers. Machining learning algorithms
including k-nearest neighbour, decision trees and artificial neural networks have
been taken into consideration together with a kind of non-parametric statistical
algorithm — Kolmogorov-Smirnov test. Besides algorithms, some parameters are
also optimised locally, such as detection windows, acceptance thresholds. This
hierarchical architecture gives traffic classifier more flexibility, higher accuracy
and less response time.Keywords:
Traffic classification
Network traffic simulation
Traffic policing
Deep Packet Inspection
Cite
Network traffic classification is challenging task in high speed network. Network monitoring is required for quality of service and analysis, therefore it generate network traffic. Existing system has some drawback, to overcome that drawback we have develop our system i.e classification of network traffic using machine learning algorithm. According to generated traffic information by client we have constructed boosted classifier with high accuracy. This system is used to classify application like FTP, Skype, TCP ,etc. For constructing c5.0 classifier we have to provide unique dataset and training set to algorithm. This paper shows how we implement machine learning algorithm and how we use that algorithm for classification of network traffic.
Traffic classification
Traffic Analysis
Statistical classification
Cite
Citations (0)
Recently, traffic classification (TC) becomes more and more important for network management and measurement tasks. The new-coming machine learning based classification methods can achieve high classification accuracy and fast identification ability; however, all these related TC methods up to now always have the assumption of the stability of classification model constituted from network traffic. It is not true since seldom real-world traffic is static. In this paper, we make a first step towards classifying dynamic online traffic in a data stream perspective to handle the dynamic real-time network traffic. In this paper, we validate the dynamic feature of real-world traffic for the first time, using concept drift from two different levels: overall traffic level and application level. The conclusion convinces us that the user behavior reflected in traffic can vary dramatically due to different conditions and different periods. We then propose a novel integrated dynamic online traffic classification framework; called DSTC (data stream based traffic classification). This DSTC differs from previous work since it aims to deal with dynamic traffic with online identification ability. It is a more realistic framework in which training phase can go simultaneously with classification phase and more accurate training model can be constructed with the feedback from classification result. Experiment results have shown that DSTC can have a high stable classification accuracy of above 95% for network traffic with different periods and user conditions, while accuracy for the traditional classification methodology can vary from 81% to 97% when dealing with different traffic.
Traffic classification
Identification
Feature (linguistics)
Cite
Citations (28)
Recently as the number of users and application traffic is increasing on high speed network, the importance of application traffic classification is growing more and more for efficient network resource management. Although a number of methods and algorithms for traffic classification have been introduced, they have some limitations in terms of accuracy and completeness. In this paper we propose an application traffic classification based multi-level architecture which integrates several signature-based methods and behavior algorithm, and analyzes traffic using correlation among traffic flows. By strengthening the strength and making up for the weakness of individual methods we could construct a flexible and robust multi-level classification system. Also, by experiments with our campus network traffic we proved the performance and validity of the proposed mechanism.
Traffic classification
Completeness (order theory)
Cite
Citations (0)
Identification
Traffic Analysis
Cite
Citations (9)
With the surge scale of Internet use and users growing,more and more web applications are developed,the use of the network and therefore extends into various fields.Application in any case,the administrator will need to monitor network running status in order to improve the quality of network service,and network security knowledge,to prevent cyber attacks on the use of the pipe network. All network traffic application layer classification technology as the core,but in the era of big data under the background of continuous diversification of network applications,network traffic classification are faced with many challenges.Based on a variety of reasons,the traditional port,loading,behavior patterns,and the statistical characteristics of network flow classification techniques have many bottlenecks and obstacles,so the new network traffic classification method,improve network traffic classification accuracy has important research value and practical significance.Based on this background,this article will original pattern recognition algorithm is applied in the field of network flow classification,and a comprehensive comparison of the various network traffic classification pattern recognition algorithms in different circumstances in the efficiency and accuracy.Finally,based on many experiments and combined with related theoretical analysis,in the network traffic pattern recognition algorithm is verified feasibility of the application layer,and the network traffic statistical feature selection and pattern recognition algorithm was applied to network traffic classification,important conclusions are given.
Traffic classification
Network traffic simulation
Cite
Citations (0)
Internet traffic classification is an essential task for managing large networks. Network design, routing optimization, quality of service management, anomaly and intrusion detection tasks can be improved with a good knowledge of the traffic.
Internet traffic engineering
Cite
Citations (30)
With the rapid development of the network, encrypted traffic classification plays a vital role in guaranteeing the quality of network services and ensuring the security of the network. Recent studies show that machine learning approaches based on statistical features and raw traffic sessions are effective for this task. However, the performance of the statistical-based approaches largely depends on the quality of the features. Experts need to design different features for different encrypted traffic classification tasks, which is time-consuming. Meanwhile, the raw traffic-based approach needs to uniformize the traffic size; this will cause the loss of information about the overall structure of the network traffic; for example, we do not know the time from the first packet to the last packet in a session. This paper proposes the CENTIME, which can extract comprehensive information based on ResNet and AutoEncoder to identify encrypted traffic. ResNet is used to extract information from uniformized traffic, and AutoEncoder is used to encode statistical features. The statistical features are used to compensate for the information loss caused by traffic uniformization. They only need to be designed once rather than be designed separately for different tasks. Moreover, the pooling layers are removed, and 1D convolution layers are used to help CENTIME make more effective use of raw traffic information. We evaluate the CENTIME on the public dataset "ISCX VPN-nonVPN", and the results demonstrate the CENTIME outperforms the state-of-the-art encrypted traffic classification methods. More importantly, comprehensive traffic features generated in the CENTIME can represent different classes of traffic well.
Traffic classification
Autoencoder
Pooling
Deep Packet Inspection
Traffic Analysis
Cite
Citations (9)
Traffic classification
Initialization
Cite
Citations (21)
Accurate traffic classification is a key requirement for different network and security monitoring/planning tools. The evolution of Internet protocols and applications has caused traditional traffic classification approaches to be ineffective in certain cases. Key causes of the inaccuracy include: (i) the increase in the encrypted traffic; (ii) the rise in the usage of dynamic port numbers for different applications; and (iii) multiple applications running over HTTP/HTTPS protocols. Traditional solutions for traffic analysis, classification, and measurement fall short in providing visibility in users' activities - a key requirement for network and security monitoring tools. In this paper, we evaluate an automatic classifier for encrypted Social media, Video and Audio traffic without relying on particular application layer header fields that can be easily modified. We leverage machine learning algorithms together with the features provided by the well-known off-the-shelf traffic flow exporters. We evaluate the performance of such a system also for generalization (robustness) purposes on different networks. Experimental results show promising performances in terms of generating robust traffic classification on large traffic data when the trained model is moved to different networks.
Traffic classification
Header
Robustness
Leverage (statistics)
Deep Packet Inspection
Cite
Citations (13)
Traffic classification is a fundamental component in advanced network management and security. Recent research has achieved certain success in the application of machine learning techniques into flow statistical feature based approach. However, most of flow statistical feature based methods classify traffic based on the assumption that all traffic flows are generated by the known applications. Considering the pervasive unknown applications in the real world environment, this assumption does not hold. In this paper, we cast unknown applications as a specific classification problem with insufficient negative training data and address it by proposing a binary classifier based framework. An iterative method is proposed to extract unknown information from a set of unlabelled traffic flows, which combines asymmetric bagging and flow correlation to guarantee the purity of extracted negatives. A binary classifier is used as an application signature which can operate on a bag of correlated flows instead of individual flows to further improve its effectiveness. We carry out a series of experiments in a real-world network traffic dataset to evaluate the proposed methods. The results show that the proposed method significantly outperforms the-state-of-art traffic classification methods under the situation of unknown applications present.
Traffic classification
Binary classification
Cite
Citations (17)