Traffic Classification through Joint Distributions of Packet-Level Statistics

Interest in traffic classification, in both industry and academia, has dramatically grown in the past few years. Research is devoting great efforts to statistical approaches using robust features. In this paper we propose a classification approach based on the joint distribution of Packet Size (PS) and Inter-Packet Time (IPT) and on machine- learning algorithms. Provided results, obtained using different real traffic traces, demonstrate how the proposed approach is able to achieve high (byte) accuracy (till 98%) and how the new features we introduced show properties of robustness, which suggest their use in the design of classification/identification approaches robust to traffic encryption and protocol obfuscation.

[1]  Anirban Mahanti,et al.  Traffic classification using clustering algorithms , 2006, MineNet '06.

[2]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[3]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[4]  Kristin P. Bennett,et al.  Support vector machines: hype or hallelujah? , 2000, SKDD.

[5]  Alberto Dainotti,et al.  An HMM Approach to Internet Traffic Modeling , 2006 .

[6]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[7]  Antonio Pescapè,et al.  Traffic analysis of peer-to-peer IPTV communities , 2009, Comput. Networks.

[8]  J. Erman,et al.  QRP05-4: Internet Traffic Identification using Machine Learning , 2006, IEEE Globecom 2006.

[9]  Antonio Pescapè,et al.  Classification of Network Traffic via Packet-Level Hidden Markov Models , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[10]  George C. Polyzos,et al.  A Parameterizable Methodology for Internet Traffic Flow Profiling , 1995, IEEE J. Sel. Areas Commun..

[11]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[12]  James Won-Ki Hong,et al.  A Hybrid Approach for Accurate Application Traffic Identification , 2006, 2006 4th IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services.

[13]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[14]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[15]  Michalis Faloutsos,et al.  Internet traffic classification demystified: myths, caveats, and the best practices , 2008, CoNEXT '08.

[16]  Grenville J. Armitage,et al.  Training on multiple sub-flows to optimise the use of Machine Learning classifiers in real-world IP networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[17]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[18]  Sebastian Zander,et al.  Self-Learning IP Traffic Classification Based on Statistical Flow Characteristics , 2005, PAM.

[19]  J. Platt Sequential Minimal Optimization : A Fast Algorithm for Training Support Vector Machines , 1998 .

[20]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[21]  Sebastian Zander,et al.  Evaluating machine learning algorithms for automated network application identification , 2006 .

[22]  Xiaohong Guan,et al.  Accurate Classification of the Internet Traffic Based on the SVM Method , 2007, 2007 IEEE International Conference on Communications.

[23]  Luca Salgarelli,et al.  On the stability of the information carried by traffic flow features at the packet level , 2009, CCRV.

[24]  Antonio Pescapè,et al.  A packet-level characterization of network traffic , 2006, 2006 11th International Workshop on Computer-Aided Modeling, Analysis and Design of Communication Links and Networks.

[25]  Antonio Pescapè,et al.  Internet traffic modeling by means of Hidden Markov Models , 2008, Comput. Networks.

[26]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[27]  Andrew W. Moore,et al.  Discriminators for use in flow-based classification , 2013 .

[28]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.