POSTER: Mining Elephant Applications in Unknown Traffic by Service Clustering

Network traffic classification is of great importance for fine-grained network management and network security. However, with the rapid development of new network applications in recent years, traffic that cannot be identified by classifiers accounts for an increasing ratio, which brings a great challenge for network operators. Most of the unknown traffic is usually generated by only a few or some certain kinds of applications. We call this kind of traffic as the elephant traffic. It is generally recognized that traffic sharing the same server IP and server port is generated by the same application. In this paper, we say that they are belonging to the same service. Therefore, we propose a novel method, in which service-based statistical features are used for cluster analysis, to classify these elephant traffic. Preliminary results on a real network traffic dataset show that our method is able to automatically identify similar unknown applications. We believe that classifying unknown traffic in service perspective is a promising direction.

[1]  Antonio Pescapè,et al.  Issues and future directions in traffic classification , 2012, IEEE Network.

[2]  Jie Wu,et al.  Robust Network Traffic Classification , 2015, IEEE/ACM Transactions on Networking.

[3]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[4]  K. Vijayakumar,et al.  Network Traffic Classification Using Correlation Information , 2022 .

[5]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[6]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[7]  Li Wei,et al.  Network Traffic Classification Using K-means Clustering , 2007 .

[8]  Jun Zhang,et al.  Network Traffic Classification Using Correlation Information , 2013, IEEE Transactions on Parallel and Distributed Systems.

[9]  M. Baldi,et al.  Service-based traffic classification: Principles and validation , 2009, 2009 IEEE Sarnoff Symposium.

[10]  Jun Zhang,et al.  A novel semi-supervised approach for network traffic clustering , 2011, 2011 5th International Conference on Network and System Security.

[11]  Sergei Vassilvitskii,et al.  k-means++: the advantages of careful seeding , 2007, SODA '07.

[12]  Jun Zhang,et al.  An Effective Network Traffic Classification Method with Unknown Flow Detection , 2013, IEEE Transactions on Network and Service Management.