High-Performance Internet Traffic Classification Using a Markov Model and Kullback-Leibler Divergence

As internet traffic rapidly increases, fast and accurate network classification is becoming essential for high quality of service control and early detection of network traffic abnormalities. Machine learning techniques based on statistical features of packet flows have recently become popular for network classification partly because of the limitations of traditional port- and payload-based methods. In this paper, we propose a Markov model-based network classification with a Kullback-Leibler divergence criterion. Our study is mainly focused on hard-to-classify (or overlapping) traffic patterns of network applications, which current techniques have difficulty dealing with. The results of simulations conducted using our proposed method indicate that the overall accuracy reaches around 90% with a reasonable group size of .

[1]  Georg Carle,et al.  TCP Traffic Classification Using Markov Models , 2010, TMA.

[2]  Wenjun Wu,et al.  A Parallelized Network Traffic Classification Based on Hidden Markov Model , 2011, 2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[3]  Francesco Palmieri,et al.  A nonlinear, recurrence-based approach to traffic classification , 2009, Comput. Networks.

[4]  Carey L. Williamson,et al.  Offline/realtime traffic classification using semi-supervised learning , 2007, Perform. Evaluation.

[5]  Alfredo De Santis,et al.  Characterizing and Classifying Card-Sharing Traffic through Wavelet Analysis , 2011, 2011 Third International Conference on Intelligent Networking and Collaborative Systems.

[6]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[7]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[8]  Jun Zhang,et al.  Network Traffic Classification Using Correlation Information , 2013, IEEE Transactions on Parallel and Distributed Systems.

[9]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[10]  Antonio Pescapè,et al.  Classification of Network Traffic via Packet-Level Hidden Markov Models , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[11]  Lars-Åke Larzon,et al.  Reducing the TCP acknowledgment frequency , 2007, CCRV.

[12]  Alfredo De Santis,et al.  Network anomaly detection with the restricted Boltzmann machine , 2013, Neurocomputing.

[13]  Michalis Faloutsos,et al.  Is P2P dying or just hiding? [P2P traffic measurement] , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[14]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[15]  Francesco Palmieri,et al.  A distributed approach to network anomaly detection based on independent component analysis , 2014, Concurr. Comput. Pract. Exp..

[16]  Wujian Ye,et al.  Hybrid P2P traffic classification with heuristic rules and machine learning , 2014, Soft Computing.

[17]  Bo Yang,et al.  Online hybrid traffic classifier for Peer-to-Peer systems based on network processors , 2009, Appl. Soft Comput..

[18]  Grenville J. Armitage,et al.  Training on multiple sub-flows to optimise the use of Machine Learning classifiers in real-world IP networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[19]  Francesco Palmieri,et al.  On the detection of card-sharing traffic through wavelet analysis and Support Vector Machines , 2013, Appl. Soft Comput..

[20]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.