Robust Network Traffic Classification | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE/ACM Transactions on Netw... >Volume: 23 Issue: 4

Robust Network Traffic Classification

PDF
Jun Zhang; Xiao Chen; Yang Xiang; Wanlei Zhou; Jie Wu
All Authors

Abstract:

As a fundamental tool for network management and security, traffic classification has attracted increasing attention in recent years. A significant challenge to the robus...Show More

Metadata

Abstract:

As a fundamental tool for network management and security, traffic classification has attracted increasing attention in recent years. A significant challenge to the robustness of classification performance comes from zero-day applications previously unknown in traffic classification systems. In this paper, we propose a new scheme of Robust statistical Traffic Classification (RTC) by combining supervised and unsupervised machine learning techniques to meet this challenge. The proposed RTC scheme has the capability of identifying the traffic of zero-day applications as well as accurately discriminating predefined application classes. In addition, we develop a new method for automating the RTC scheme parameters optimization process. The empirical study on real-world traffic data confirms the effectiveness of the proposed scheme. When zero-day applications are present, the classification performance of the new scheme is significantly better than four state-of-the-art methods: random forest, correlation-based classification, semi-supervised clustering, and one-class SVM.
Published in: IEEE/ACM Transactions on Networking ( Volume: 23, Issue: 4, August 2015)
Page(s): 1257 - 1270
Date of Publication: 08 May 2014

ISSN Information:

DOI: 10.1109/TNET.2014.2320577
References is not available for this document.
Contents

I. Introduction

Traffic classification is fundamental to network management and security [1], which can identify different applications and protocols that exist in a network. For example, most QoS control mechanisms have a traffic classification module in order to properly prioritize different applications across the limited bandwidth. To implement appropriate security policies, it is essential for any network manager to obtain a proper understanding of applications and protocols in the network traffic. Over the last decade, traffic classification has been given a lot of attention from both industry and academia.

Select All
1.
“Cisco WAN and application optimization solution guide”, 2008, [online] Available: http://www.cisco.com/c/en/us/td/docs/nsite/enterprise/wan/ wan_optimization /wan_opt_sg.html.
Google Scholar
2.
T. Nguyen and G. Armitage, "A survey of techniques for Internet traffic classificationusing machine learning", IEEE Commun. Surveys Tuts., vol. 10, no. 4, pp. 56-76, 2008.
View Article
Google Scholar
3.
H. Kim, "Internet trafficclassification demystified: myths caveats and the best practices", Proc. ACM CoNEXT Conf., pp. 1-12, 2008.
CrossRef Google Scholar
4.
J. Zhang, "Network traffic classification using correlationinformation", IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1, pp. 104-117, Jan. 2013.
View Article
Google Scholar
5.
A. Tongaonkar, R. Keralapura and A. Nucci, "Challenges in networkapplication identification", Proc. 5th USENIX Conf. Large-Scale Exploits Emergent Threats, pp. 1-3, 2012.
Google Scholar
6.
A. Moore and D. Zuev, "Internet traffic classificationusing Bayesian analysis techniques", Perform. Eval. Rev., vol. 33, no. 1, pp. 50-60, 2005.
CrossRef Google Scholar
7.
T. Auld, A. Moore and S. Gull, "Bayesian neural networks for Internet traffic classification", IEEE Trans. Neural Netw., vol. 18, no. 1, pp. 223-239, Jan. 2007.
View Article
Google Scholar
8.
A. Este, F. Gringoli and L. Salgarelli, "Support vector machinesfor TCP traffic classification", Comput. Netw., vol. 53, no. 14, pp. 2476-2490, 2009.
CrossRef Google Scholar
9.
J. Erman, A. Mahanti, M. Arlitt and C. Williamson, "Identifying and discriminatingbetween web and peer-to-peer traffic in the network core", Proc. Int. Conf. World Wide Web, pp. 883-892, 2007.
CrossRef Google Scholar
10.
L. Bernaille and R. Teixeira, "Early recognition ofencrypted applications", Proc. Passive Active Netw. Meas., pp. 165-175, 2007.
CrossRef Google Scholar
11.
B. Hullár, S. Laki and A. Gyorgy, "Early identification of peer-to-peer traffic", Proc. IEEE Int. Conf. Commun., pp. 1-6, 2011.
Google Scholar
12.
T. Nguyen and G. Armitage, "Training on multiple sub-flows to optimise the useof machine learning classifiers in real-world IP networks", IEEE Conf. Local Comput. Netw., pp. 369-376, 2006.
View Article
Google Scholar
13.
T. Nguyen, G. Armitage, P. Branch and S. Zander, "Timely and continuous machine-learning-based classificationfor interactive IP traffic", IEEE/ACM Trans. Netw., vol. 20, no. 6, pp. 1880-1894, Dec. 2012.
View Article
Google Scholar
14.
P. Bermolen, M. Mellia, M. Meo, D. Rossi and S. Valenti, "Abacus: Accurate behavioral classification P2P-TVtraffic", Comput. Netw., vol. 55, no. 6, pp. 1394-1411, 2011.
CrossRef Google Scholar
15.
E. Glatz and X. Dimitropoulos, "Classifying Internetone-way traffic", Proc. ACM SIGMETRICS/PERFORMANCE Joint Int. Conf. Meas. Model. Comput. Syst., pp. 417-418, 2012.
CrossRef Google Scholar
16.
Y. Jin, "A modular machine learning system for flow-leveltraffic classification in large networks", Trans. Knowl. Discov. Data, vol. 6, no. 1, pp. 4:1-4:34, 2012.
CrossRef Google Scholar
17.
A. Callado, J. Kelner, D. Sadok, C. A. Kamienski and S. Fernandes, "Better network traffic identificationthrough the independent combination of techniques", J. Netw. Comput. Appl., vol. 33, no. 4, pp. 433-446, 2010.
CrossRef Google Scholar
18.
V. Carela-Español, P. Barlet-Ros, A. Cabellos-Aparicio and J. Solé-Pareta, "Analysis of the impactof sampling on netflow traffic classification", Compu. Netw., vol. 55, no. 5, pp. 1083-1099, 2011.
CrossRef Google Scholar
19.
D. Bonfiglio, M. Mellia, M. Meo, D. Rossi and P. Tofanelli, "Revealing Skype traffic: when randomness plays withyou", Comput. Commun. Rev., vol. 37, no. 4, pp. 37-48, 2007.
CrossRef Google Scholar
20.
M. Crotti, M. Dusi, F. Gringoli and L. Salgarelli, "Traffic classification through simple statisticalfingerprinting", Comput. Commun. Rev., vol. 37, pp. 5-16, 2007.
CrossRef Google Scholar
21.
S. Valenti, D. Rossi, M. Meo, M. Mellia and P. Bermolen, "Accurate fine-grainedclassification P2P-TV applications by simply counting packets", Proc. 1st Int. Workshop Traffic Monitoring Anal., pp. 84-92, 2009.
CrossRef Google Scholar
22.
A. McGregor, M. Hall, P. Lorier and J. Brunskill, "Flow clustering usingmachine learning techniques", Proc. Passive Active Netw. Meas., pp. 205-214, 2004.
CrossRef Google Scholar
23.
S. Zander, T. Nguyen and G. Armitage, "Automated traffic classification and applicationidentification using machine learning", Proc. Annu. IEEE Conf. Local Comput. Netw., pp. 250-257, 2005.
View Article
Google Scholar
24.
J. Erman, A. Mahanti and M. Arlitt, "Internet traffic identification using machine learning", Proc. IEEE Global Telecommun. Conf., pp. 1-6, 2006.
View Article
Google Scholar
25.
J. Erman, M. Arlitt and A. Mahanti, "Traffic classificationusing clustering algorithms", Proc. SIGCOMM Workshop Mining Netw. Data, pp. 281-286, 2006.
CrossRef Google Scholar
26.
D. Liu and C. Lung, "P2P traffic identification and optimization usingfuzzy c-means clustering", Proc. IEEE Int. Conf. Fuzzy Syst., pp. 2245-2252, 2011.
View Article
Google Scholar
27.
L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule and K. Salamatian, "Traffic classification on the fly", Comput. Commun. Rev., vol. 36, pp. 23-26, 2006.
CrossRef Google Scholar
28.
Y. Wang, Y. Xiang and S.-Z. Yu, "An automatic application signature constructionsystem for unknown traffic", Concurrency Comput. Pract. Exper., vol. 22, no. 13, pp. 1927-1944, 2010.
CrossRef Google Scholar
29.
A. Finamore, M. Mellia and M. Meo, "Mining unclassified traffic using automatic clusteringtechniques", Traffic Monitoring Anal., vol. 6613, pp. 150-163, 2011.
CrossRef Google Scholar
30.
J. Ma, K. Levchenko, C. Kreibich, S. Savage and G. M. Voelker, "Unexpected means ofprotocol inference", Proc. ACM SIGCOMM Conf. Internet Meas., pp. 313-326, 2006.
CrossRef Google Scholar

Contact IEEE to Subscribe

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.