vTC: Machine Learning Based Traffic Classification as a Virtual Network Function

Network flow classification is fundamental to network management and network security. However, it is challenging to classify network flows at very high line rates while simultaneously preserving user privacy. Machine learning based classification techniques utilize only meta-information of a flow and have been shown to be effective in identifying network flows. We analyze a group of widely used machine learning classifiers, and observe that the effectiveness of different classification models depends highly upon the protocol types as well as the flow features collected from network data.We propose vTC, a design of virtual network functions to flexibly select and apply the best suitable machine learning classifiers at run time. The experimental results show that the proposed NFV for flow classification can improve the accuracy of classification by up to 13%.

[1]  Hui Xiong,et al.  An efficient SVM-based method for multi-class network traffic classification , 2011, 30th IEEE International Performance Computing and Communications Conference.

[2]  Frank Klawonn,et al.  Computational Intelligence: A Methodological Introduction , 2015, Texts in Computer Science.

[3]  Bryan Ng,et al.  Developing a traffic classification platform for enterprise networks with SDN: Experiences & lessons learned , 2015, 2015 IFIP Networking Conference (IFIP Networking).

[4]  Phuoc Tran-Gia,et al.  SDN-Based Application-Aware Networking on the Example of YouTube Video Streaming , 2013, 2013 Second European Workshop on Software Defined Networks.

[5]  QaziZafar Ayyub,et al.  Application-awareness in SDN , 2013 .

[6]  Thomas J. Watson,et al.  An empirical study of the naive Bayes classifier , 2001 .

[7]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[8]  J. Ross Quinlan,et al.  Simplifying decision trees , 1987, Int. J. Hum. Comput. Stud..

[9]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[10]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[11]  Stephen D. Bay,et al.  The UCI KDD archive of large data sets for data mining research and experimentation , 2000, SKDD.

[12]  Tao Jin,et al.  Application-awareness in SDN , 2013, SIGCOMM.

[13]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[14]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[15]  Zhi-Li Zhang,et al.  A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks , 2012, TKDD.