[1] Wu Tong, Han Zhen, Wang Wei, Peng Lizhi, et al. Early-stage Internet traffic identificationbased on packet payload size [J]. Journal of Southeast University (English Edition), 2014, 30 (3): 289-295. [doi:10.3969/j.issn.1003-7985.2014.03.006]

Copy

Early-stage Internet traffic identificationbased on packet payload size()

Share：

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

30

Issue:

2014 3

Page:

289-295

Research Field:

Computer Science and Engineering

Publishing date:

2014-09-30

Info

Title:

Early-stage Internet traffic identificationbased on packet payload size

Author(s):

Wu Tong¹;  Han Zhen¹;  Wang Wei¹;  Peng Lizhi²

¹School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
²Provincial Key Laboratory for Network Based Intelligent Computing, University of Jinan, Jinan 250022, China

Keywords:

pattern recognition;  network measurement;  traffic classification;  traffic feature

PACS:

TP393

DOI:

10.3969/j.issn.1003-7985.2014.03.006

Abstract:

In order to classify the Internet traffic of different Internet applications more quickly, two open Internet traffic traces, Auckland Ⅱ and UNIBS traffic traces, are employed as study objects. Eight earliest packets with non-zero flow payload sizes are selected and their payload sizes are used as the early-stage flow features. Such features can be easily and rapidly extracted at the early flow stage, which makes them outstanding. The behavior patterns of different Internet applications are analyzed by visualizing the early-stage packet size values. Analysis results show that most Internet applications can reflect their own early packet size behavior patterns. Early packet sizes are assumed to carry enough information for effective traffic identification. Three classical machine learning classifiers, i.e., the naive Bayesian classifier, naive Bayesian trees, and the radial basis function neural networks, are used to validate the effectiveness of the proposed assumption. The experimental results show that the early stage packet sizes can be used as features for traffic identification.

References:

[1] Callado A, Kamienski C, Szabó G, et al. A survey on internet traffic identification[J].IEEE Communications Surveys & Tutorials, 2009, 11(3): 37-52.
[2] Hu Bin, Shen Yi. Machine learning based network traffic classification: a survey[J]. Journal of Information & Computational Science, 2012, 9(11): 3161-4170.
[3] Nguyen T T T, Armitage G. A survey of techniques for Internet traffic classification using machine learning[J]. IEEE Communications Surveys & Tutorials, 2008, 10(4): 56-76.
[4] Valenti S, Rossi D, Dainotti A, et al. Reviewing traffic classification[C]//Data Traffic Monitoring and Analysis. Berlin: Springer, 2013: 123-147.
[5] Moore A, Zuev D, Crogan M. Discriminators for use in flow-based classification[EB/OL].(2005-08-17)[2013-11-16].http://www.cl.cam.ac.uk/~awm22/publications/RR-05-13.pdf.
[6] Moore A, Zuev D. Internet traffic classification using Bayesian analysis techniques[C]//Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. New York: ACM, 2005: 50-60.
[7] Auld T, Moore A, Gull S. Bayesian neural networks for Internet traffic classification[J]. IEEE Transactions on Neural Network, 2007, 18(1):223-239.
[8] Este A, Gringoli F, Salgarelli L. On the stability of the information carried by traffic flow features at the packet level[J]. ACM SIGCOMM Computer Communication Review, 2009, 39(3): 13-18.
[9] Este A, Gringoli F, Salgarelli L. Support vector machines for TCP traffic classification[J]. Computer Networks, 2009, 53(14): 2476-2490.
[10] Li Z, Yuan R, Guan X. Accurate classification of the Internet traffic based on the SVM method[C]//IEEE International Conference on Communications. Glasgow, USA, 2007:1373-1378.
[11] Lu Gang, Zhang Hongli, Sha Xuefu, et al. Tcfom: a robust traffic classification framework based on oc-svm combined with mc-svm[C]//2010 International Conference on Communications and Intelligence Information Security. Nanning, China, 2010: 180-186.
[12] Crotti M, Dusi M, Gringoli F, et al. Traffic classification through simple statistical fingerprinting[J].ACM SIGCOMM Computer Communication Review, 2007, 37(1): 5-16.
[13] Du Min, Chen Xingshu, Tan Jun. Online Internet traffic identification algorithm based on multistage classifier[J]. China Communications, 2013, 10(2): 89-97.
[14] Du Min, Chen Xingshu, Tan Jun. A novel P2P traffic identification algorithm based on BPSO and weighted k-nearest-neighbor[J]. China Communications, 2011, 8(2): 52-58.
[15] Bernaille L, Teixeira R, Akodkenou I, et al. Traffic classification on the fly[J]. ACM SIGCOMM Computer Communication Review, 2006, 36(2): 23-26.
[16] Erman J, Arlitt M, Mahanti A. Traffic classification using clustering algorithms[C]//Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data. New York: ACM, 2006: 281-286.
[17] Erman J, Arlitt M, Mahanti A, et al. Offline/realtime traffic classification using semi-supervised learning[J]. Performance Evaluation, 2007, 64(9): 1194-1213.
[18] Qian F, Hu G, Yao X. Semi-supervised Internet network traffic classification using a Gaussian mixture model[J]. Int J Electron Commun, 2008, 62(7):557-564.
[19] Peng Lizhi, Zhang Hongli, Yang Bo, et al. Traffic identification using flexible neural trees[C]//2010 18th International Workshop on Quality of Service. Beijing, China, 2010: 5542729-1-5542729-5.
[20] Dainotti A, Pescape A, Claffy K C. Issues and future directions in traffic classification[J]. IEEE Network, 2012, 26(1):35-40.
[21] Huang N, Jai G, Chao H. Early identifying application traffic with application characteristics[C]//IEEE International Conference on Communications. Beijing, China, 2008: 5788-5792.
[22] Huang N, Jai G, Chao H, et al. Application traffic classification at the early stage by characterizing application rounds[J]. Information Sciences, 2013, 232:130-142.
[23] Hullár B, Laki S, Gyorgy A. Early identification of peer-to-peer traffic[C]//IEEE International Conference on Communications. Kyoto, Japan, 2011:5963023-1-5963023-6.
[24] Dainotti A, Pescape A, Sansone C. Early classification of network traffic through multi-classification[C]//Lecture Notes in Computer Science. Berlin: Springer, 2011, 6613:122-135.
[25] Nguyen T T T, Armitage G, B ranch P, et al. Timely and continuous machine-learning-based classification for interactive IP traffic[J]. IEEE/ACM Transactions on Networking, 2012, 20(6):1880-1894.
[26] Waikato Internet Traffic Storage(WITS)[EB/OL].(2006-06-17)[2012-10-13].http://www.wand.net.nz/wits.
[27] UNIBS: Data sharing[EB/OL].(2011-07-21)[2013-09-14].http://www.ing.unibs.it/ntw/tools/traces/.
[28] Gringoli F, Salgarelli L, Dusi M, et al. GT: picking up the truth from the ground for internet traffic[J]. ACM SIGCOMM Computer Communication Review, 2009, 39(5): 12-18.
[29] Tcpdump/Libpcap[EB/OL].(2013-11-20)[2013-12-16].http://www.tcpdump.org.

Memo

Memo:

Biography: Wu Tong(1979—), male, doctor, lecturer, wutong@bjtu.edu.cn.
Foundation items: The Program for New Century Excellent Talents in University(No.NCET-11-0565), the Fundamental Research Funds for the Central Universities(No.K13JB00160, 2012JBZ010, 2011JBM217), the Ph.D. Programs Foundation of Ministry of Education of China(No. 20120009120010), the Program for Innovative Research Team in University of Ministry of Education of China(No.IRT201206), the Natural Science Foundation of Shandong Province(No.ZR2012FM010, ZR2011FZ001).
Citation: Wu Tong, Han Zhen, Wang Wei, et al.Early-stage Internet traffic identification based on packet payload size[J].Journal of Southeast University(English Edition), 2014, 30(3):289-295.[doi:10.3969/j.issn.1003-7985.2014.03.006]

Common functions