Abstract
Accurate and real-time classification of network traffic is significant to network operation and management such as QoS differentiation, traffic shaping and security surveillance. However, with many newly emerged P2P applications using dynamic port numbers, masquerading techniques, and payload encryption to avoid detection, traditional classification approaches turn to be ineffective. In this paper, we present a layered hybrid system to classify current Internet traffic, motivated by variety of network activities and their requirements of traffic classification. The proposed method could achieve fast and accurate traffic classification with low overheads and robustness to accommodate both known and unknown/encrypted applications. Furthermore, it is feasible to be used in the context of real-time traffic classification. Our experimental results show the distinct advantages of the proposed classification system, compared with the one-step Machine Learning (ML) approach.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
A. Madhukar and C. Williamson. A longitudinal study of P2P traffic classification. Proceedings of the 14th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS’ 2006), Monterey, CA, September 11–13, 2006, 179–188.
S. Sen, O. Spatscheck, and Dongmei Wang. Accurate, scalable in-network identification of P2P traffic using application signatures. Proceedings of the 13th international conference on World Wide Web, New York, NY, USA, May 17–22, 2004, 512–521.
T. Karagiannis, A. Roido, M. Aloutsos, et al. Transport layer identification of P2P traffic. Proceedings of the 2004 ACM SIGCOMM Internet Measurement Conference (IMC’2004), Taormina, Italy, October 25–27, 2004, 121–134.
P. Haffner, S. Sen, O. Spatscheck, et al. ACAS: Automated construction of application signatures. Proceeding of the 2005 ACM SIGCOMM Workshop on Mining Network Data (SIGCOMM’05), Philadelphia, Pennsylvania, USA, August 22–26, 2005, 197–202.
A. W. Moore and K. Papagiannaki. Toward the accurate identification of network applications. Proceedings of the Passive and Active Measurement Workshop (PAM’2005), Boston, MA, USA, March 31–April 1, 2005, 41–54.
T. Karagiannis, K. Papagiannaki, and M. Faloutsos. BLINC: multilevel traffic classification in the dark. ACM SIGCOMM Computer Communication Review, 35(2005)4, 229–240.
F. Constantinou, F. Constantinou, and P. Mavrommatis. Identifying known and unknown peer-to-peer traffic. Proceedings of Fifth IEEE International Symposium on Network Computing and Applications (NCA’2006), Cambridge, Massachusetts, USA, July 24–26, 2006, 93–102.
I. Dedinski, H. De Meer, L. Han, et al. Cross-layer peer-to-peer traffic identification and optimization based on active networking. Proceedings of the Seventh Annual International Working Conference on Active and Programmable Networks (IWAN’05), CICA, Sophia Antipolis, French Riviera, La Cote d’Azur, France, November 21–23, 2005.
S. Zander, T. Nguyen, and G. Armitage. Automated traffic classification and application identification using Machine Learning. Proceedings of the IEEE Conference on Local Computer Networks 30th Anniversary, Sydney, Australia, November 15–17, 2005, 250–257.
J. Erman, M. Arlitt, and A. Mahanti. Traffic classification using clustering algorithms. Proceedings of SIGCOMM Workshop on Mining Network Data, Pisa, Italy, September 11–15, 2006, 281–286.
A. McGregor, M. Hall, P. Lorier, and J. Brunskill. Flow clustering using machine learning techniques. Passive & Active Measurement Workshop, France, April 19–20, 2004, 321–324.
Tom Auld, Andrew W. Moore, and Stephen F. Gull. Bayesian neural networks for internet traffic classification. IEEE Transactions on Neural Networks, 18(2006)1, 223–239.
A. W. Moore and D. Zuev. Internet traffic classification using Bayesian analysis techniques. Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, Banff, Alberta, Canada, June 6–10, 2005, 50–60.
L. Bernaille, R. Teuxeira, I. Akodkenous, et al. Traffic classification on the fly. ACM SIGCOMM Computer Communication Review, 36(2006)2, 23–26.
J. R. Quinlan. C4.5: Programs for Machine Learning. San Francisco, Morgan Kaufmann, 1993, 35–44.
P. Junghun, T. Hsiao-Rong, and C. C. J. Kuo. GAbased Internet traffic classification technique for QoSprovisioning. Proceedings of the 2006 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP’06), Pasadena, California, USA, December 18–20, 2006, 251–254.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported in part by the National 863 Project of China (No.2006AA01Z232), Zhejiang Natural Science Foundation (No.Y1080935), and Research Innovation Program Project for Graduate Students in Jiangsu Province ( No.CX07B_110zF).
Communication author: Li Jun, born in 1971, female, Ph.D. candidate, Associate Professor. Nanjing University of Posts and Telecommunications, Nanjing 210003, China.
About this article
Cite this article
Li, J., Zhang, S., Lu, Y. et al. Hybrid internet traffic classification technique. J. Electron.(China) 26, 101–112 (2009). https://doi.org/10.1007/s11767-007-0110-4
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11767-007-0110-4