Optimised Multi-stage TCP Traffic Classifier Based on Packet Size Distributions

Since it is believed that the distribution patterns of different applications are distinct over a period of time, many researchers have proposed that packet size distributions can be used for classifying network traffic flows. However, Nagle's algorithm coalesces TCP packets, transferring as many bytes as possible per packet. This masks the characteristics of application behaviour, making the identification of traffic more difficult. Packet length distributions also deteriorated due to an overwhelming number of maximum transmission unit (MTU) packets. This paper presents an approach for optimising the classification, using multiple classifiers to handle classes separately. Meanwhile, the size of the classifying window is also discussed in order to find the best detection periods in the time domain. The experimental results confirmed that, the proposed system has higher accuracy and enables earlier classification of TCP traffic.

[1]  D. Brillinger,et al.  Handbook of methods of applied statistics , 1967 .

[2]  Andrew W. Moore,et al.  A Machine Learning Approach for Efficient Traffic Classification , 2007, 2007 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems.

[3]  Mo-Yuen Chow,et al.  Implicit traffic classification for service differentiation , 2002 .

[4]  David J. Parish,et al.  Using packet size distributions to identify real-time networked applications , 2003 .

[5]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[6]  Paulo Salvador,et al.  Detecting Internet Applications using Neural Networks , 2006, International conference on Networking and Services (ICNS'06).

[7]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[8]  Shunzheng Yu,et al.  Move Statistics-Based Traffic Classifiers Online , 2008, 2008 International Conference on Computer Science and Software Engineering.

[9]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[10]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[11]  Zhou Xusheng A P2P Traffic Classification Method Based on SVM , 2008, 2008 International Symposium on Computer Science and Computational Technology.

[12]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[13]  Spiros Mancoridis,et al.  A genetic algorithm for solving the binning problem in networked applications detection , 2007, 2007 IEEE Congress on Evolutionary Computation.

[14]  Kymie M. C. Tan,et al.  Detection and classification of TCP/IP network services , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[15]  B. P. Murphy,et al.  Handbook of Methods of Applied Statistics , 1968 .

[16]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[17]  Nick McKeown,et al.  Algorithms for packet classification , 2001, IEEE Netw..