Robust Network Traffic Classification | IEEE Journals & Magazine | IEEE Xplore

Robust Network Traffic Classification


Abstract:

As a fundamental tool for network management and security, traffic classification has attracted increasing attention in recent years. A significant challenge to the robus...Show More

Abstract:

As a fundamental tool for network management and security, traffic classification has attracted increasing attention in recent years. A significant challenge to the robustness of classification performance comes from zero-day applications previously unknown in traffic classification systems. In this paper, we propose a new scheme of Robust statistical Traffic Classification (RTC) by combining supervised and unsupervised machine learning techniques to meet this challenge. The proposed RTC scheme has the capability of identifying the traffic of zero-day applications as well as accurately discriminating predefined application classes. In addition, we develop a new method for automating the RTC scheme parameters optimization process. The empirical study on real-world traffic data confirms the effectiveness of the proposed scheme. When zero-day applications are present, the classification performance of the new scheme is significantly better than four state-of-the-art methods: random forest, correlation-based classification, semi-supervised clustering, and one-class SVM.
Published in: IEEE/ACM Transactions on Networking ( Volume: 23, Issue: 4, August 2015)
Page(s): 1257 - 1270
Date of Publication: 08 May 2014

ISSN Information:

References is not available for this document.

I. Introduction

Traffic classification is fundamental to network management and security [1], which can identify different applications and protocols that exist in a network. For example, most QoS control mechanisms have a traffic classification module in order to properly prioritize different applications across the limited bandwidth. To implement appropriate security policies, it is essential for any network manager to obtain a proper understanding of applications and protocols in the network traffic. Over the last decade, traffic classification has been given a lot of attention from both industry and academia.

Select All
1.
“Cisco WAN and application optimization solution guide”, 2008, [online] Available: http://www.cisco.com/c/en/us/td/docs/nsite/enterprise/wan/ wan_optimization /wan_opt_sg.html.
2.
T. Nguyen and G. Armitage, "A survey of techniques for Internet traffic classificationusing machine learning", IEEE Commun. Surveys Tuts., vol. 10, no. 4, pp. 56-76, 2008.
3.
H. Kim, "Internet trafficclassification demystified: myths caveats and the best practices", Proc. ACM CoNEXT Conf., pp. 1-12, 2008.
4.
J. Zhang, "Network traffic classification using correlationinformation", IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1, pp. 104-117, Jan. 2013.
5.
A. Tongaonkar, R. Keralapura and A. Nucci, "Challenges in networkapplication identification", Proc. 5th USENIX Conf. Large-Scale Exploits Emergent Threats, pp. 1-3, 2012.
6.
A. Moore and D. Zuev, "Internet traffic classificationusing Bayesian analysis techniques", Perform. Eval. Rev., vol. 33, no. 1, pp. 50-60, 2005.
7.
T. Auld, A. Moore and S. Gull, "Bayesian neural networks for Internet traffic classification", IEEE Trans. Neural Netw., vol. 18, no. 1, pp. 223-239, Jan. 2007.
8.
A. Este, F. Gringoli and L. Salgarelli, "Support vector machinesfor TCP traffic classification", Comput. Netw., vol. 53, no. 14, pp. 2476-2490, 2009.
9.
J. Erman, A. Mahanti, M. Arlitt and C. Williamson, "Identifying and discriminatingbetween web and peer-to-peer traffic in the network core", Proc. Int. Conf. World Wide Web, pp. 883-892, 2007.
10.
L. Bernaille and R. Teixeira, "Early recognition ofencrypted applications", Proc. Passive Active Netw. Meas., pp. 165-175, 2007.
11.
B. Hullár, S. Laki and A. Gyorgy, "Early identification of peer-to-peer traffic", Proc. IEEE Int. Conf. Commun., pp. 1-6, 2011.
12.
T. Nguyen and G. Armitage, "Training on multiple sub-flows to optimise the useof machine learning classifiers in real-world IP networks", IEEE Conf. Local Comput. Netw., pp. 369-376, 2006.
13.
T. Nguyen, G. Armitage, P. Branch and S. Zander, "Timely and continuous machine-learning-based classificationfor interactive IP traffic", IEEE/ACM Trans. Netw., vol. 20, no. 6, pp. 1880-1894, Dec. 2012.
14.
P. Bermolen, M. Mellia, M. Meo, D. Rossi and S. Valenti, "Abacus: Accurate behavioral classification P2P-TVtraffic", Comput. Netw., vol. 55, no. 6, pp. 1394-1411, 2011.
15.
E. Glatz and X. Dimitropoulos, "Classifying Internetone-way traffic", Proc. ACM SIGMETRICS/PERFORMANCE Joint Int. Conf. Meas. Model. Comput. Syst., pp. 417-418, 2012.
16.
Y. Jin, "A modular machine learning system for flow-leveltraffic classification in large networks", Trans. Knowl. Discov. Data, vol. 6, no. 1, pp. 4:1-4:34, 2012.
17.
A. Callado, J. Kelner, D. Sadok, C. A. Kamienski and S. Fernandes, "Better network traffic identificationthrough the independent combination of techniques", J. Netw. Comput. Appl., vol. 33, no. 4, pp. 433-446, 2010.
18.
V. Carela-Español, P. Barlet-Ros, A. Cabellos-Aparicio and J. Solé-Pareta, "Analysis of the impactof sampling on netflow traffic classification", Compu. Netw., vol. 55, no. 5, pp. 1083-1099, 2011.
19.
D. Bonfiglio, M. Mellia, M. Meo, D. Rossi and P. Tofanelli, "Revealing Skype traffic: when randomness plays withyou", Comput. Commun. Rev., vol. 37, no. 4, pp. 37-48, 2007.
20.
M. Crotti, M. Dusi, F. Gringoli and L. Salgarelli, "Traffic classification through simple statisticalfingerprinting", Comput. Commun. Rev., vol. 37, pp. 5-16, 2007.
21.
S. Valenti, D. Rossi, M. Meo, M. Mellia and P. Bermolen, "Accurate fine-grainedclassification P2P-TV applications by simply counting packets", Proc. 1st Int. Workshop Traffic Monitoring Anal., pp. 84-92, 2009.
22.
A. McGregor, M. Hall, P. Lorier and J. Brunskill, "Flow clustering usingmachine learning techniques", Proc. Passive Active Netw. Meas., pp. 205-214, 2004.
23.
S. Zander, T. Nguyen and G. Armitage, "Automated traffic classification and applicationidentification using machine learning", Proc. Annu. IEEE Conf. Local Comput. Netw., pp. 250-257, 2005.
24.
J. Erman, A. Mahanti and M. Arlitt, "Internet traffic identification using machine learning", Proc. IEEE Global Telecommun. Conf., pp. 1-6, 2006.
25.
J. Erman, M. Arlitt and A. Mahanti, "Traffic classificationusing clustering algorithms", Proc. SIGCOMM Workshop Mining Netw. Data, pp. 281-286, 2006.
26.
D. Liu and C. Lung, "P2P traffic identification and optimization usingfuzzy c-means clustering", Proc. IEEE Int. Conf. Fuzzy Syst., pp. 2245-2252, 2011.
27.
L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule and K. Salamatian, "Traffic classification on the fly", Comput. Commun. Rev., vol. 36, pp. 23-26, 2006.
28.
Y. Wang, Y. Xiang and S.-Z. Yu, "An automatic application signature constructionsystem for unknown traffic", Concurrency Comput. Pract. Exper., vol. 22, no. 13, pp. 1927-1944, 2010.
29.
A. Finamore, M. Mellia and M. Meo, "Mining unclassified traffic using automatic clusteringtechniques", Traffic Monitoring Anal., vol. 6613, pp. 150-163, 2011.
30.
J. Ma, K. Levchenko, C. Kreibich, S. Savage and G. M. Voelker, "Unexpected means ofprotocol inference", Proc. ACM SIGCOMM Conf. Internet Meas., pp. 313-326, 2006.

Contact IEEE to Subscribe

References

References is not available for this document.