Skype traffic identification based SVM using optimized feature set

Skype traffic recognition is a challenging problem due to the encryption and dynamic port number. Accuracy and timely traffic classification is critical in network security monitoring and traffic engineering. In this paper, we propose an online recognition method based on SVM (support vector machine) machine learning method. As the feature set is optimized instead of redundant, our method is able to compute faster and more accuracy. Experimental results on Collage campus data sets show that our method performs better on both speed and efficiency. Moreover, the robustness of our method is demonstrated on the other non-Skype traffic such as MSN (Microsoft Service Network), PPLive (Peer to Peer LIVE) application.

[1]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[2]  Sven Ehlert,et al.  Analysis and Signature of Skype VoIP Session Traffic , 2006 .

[3]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[4]  Henning Schulzrinne,et al.  An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[5]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[6]  Renata Teixeira,et al.  Early Recognition of Encrypted Applications , 2007, PAM.

[7]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[8]  Charles V. Wright,et al.  HMM profiles for network traffic classification , 2004, VizSEC/DMSEC '04.

[9]  Dustin Boswell,et al.  Introduction to Support Vector Machines , 2002 .

[10]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[11]  Anja Feldmann,et al.  Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection , 2006, USENIX Security Symposium.

[12]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[13]  Nello Cristianini,et al.  An introduction to Support Vector Machines , 2000 .

[14]  Charles V. Wright,et al.  On Inferring Application Protocol Behaviors in Encrypted Network Traffic , 2006, J. Mach. Learn. Res..

[15]  Dario Rossi,et al.  Detailed Analysis of Skype Traffic , 2009, IEEE Transactions on Multimedia.

[16]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[17]  Sándor Molnár,et al.  Skype Traffic Identification , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[18]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.