[1] Wu Tong, Han Zhen, Wang Wei, Peng Lizhi, et al. Early-stage Internet traffic identificationbased on packet payload size [J]. Journal of Southeast University (English Edition), 2014, 30 (3): 289-295. [doi:10.3969/j.issn.1003-7985.2014.03.006]
Copy
Early-stage Internet traffic identificationbased on packet payload size(
)
基于有效载荷大小的早期网络流量识别
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 30
- Issue:
- 2014 3
- Page:
- 289-295
- Research Field:
- Computer Science and Engineering
- Publishing date:
- 2014-09-30
Info
- Title:
- Early-stage Internet traffic identificationbased on packet payload size
- 基于有效载荷大小的早期网络流量识别
- Author(s):
- Wu Tong1, Han Zhen1, Wang Wei1, Peng Lizhi2
-
1School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
2Provincial Key Laboratory for Network Based Intelligent Computing, University of Jinan, Jinan 250022, China
- PACS:
- TP393
- DOI:
- 10.3969/j.issn.1003-7985.2014.03.006
- Abstract:
- In order to classify the Internet traffic of different Internet applications more quickly, two open Internet traffic traces, Auckland Ⅱ and UNIBS traffic traces, are employed as study objects. Eight earliest packets with non-zero flow payload sizes are selected and their payload sizes are used as the early-stage flow features. Such features can be easily and rapidly extracted at the early flow stage, which makes them outstanding. The behavior patterns of different Internet applications are analyzed by visualizing the early-stage packet size values. Analysis results show that most Internet applications can reflect their own early packet size behavior patterns. Early packet sizes are assumed to carry enough information for effective traffic identification. Three classical machine learning classifiers, i.e., the naive Bayesian classifier, naive Bayesian trees, and the radial basis function neural networks, are used to validate the effectiveness of the proposed assumption. The experimental results show that the early stage packet sizes can be used as features for traffic identification.
- 为快速将网络应用的流量进行分类, 以Auckland Ⅱ和UNIBS两个数据集的网络流量包为研究对象, 选取网络应用程序流量中最初的8个有效载荷大小作为识别特征进行研究.由于这类特征可在早期流量阶段快速提取, 因此效果显著.通过将早期载荷大小可视化的方式, 分析了不同网络应用的行为模式.分析结果表明, 多数网络应用程序可通过早期有效载荷大小显示出它们特有的行为模式, 根据早期有效载荷大小的信息可对流量进行有效识别.在此基础上, 选用3种典型的机器学习分类器, 即朴素的贝叶斯分类器、朴素的贝叶斯树和径向基函数神经网络进行验证分析.实验结果显示, 早期有效载荷大小可作为特征对流量进行有效识别.
References:
[1] Callado A, Kamienski C, Szabó G, et al. A survey on internet traffic identification[J].IEEE Communications Surveys & Tutorials, 2009, 11(3): 37-52.
[2] Hu Bin, Shen Yi. Machine learning based network traffic classification: a survey[J]. Journal of Information & Computational Science, 2012, 9(11): 3161-4170.
[3] Nguyen T T T, Armitage G. A survey of techniques for Internet traffic classification using machine learning[J]. IEEE Communications Surveys & Tutorials, 2008, 10(4): 56-76.
[4] Valenti S, Rossi D, Dainotti A, et al. Reviewing traffic classification[C]//Data Traffic Monitoring and Analysis. Berlin: Springer, 2013: 123-147.
[5] Moore A, Zuev D, Crogan M. Discriminators for use in flow-based classification[EB/OL].(2005-08-17)[2013-11-16].http://www.cl.cam.ac.uk/~awm22/publications/RR-05-13.pdf.
[6] Moore A, Zuev D. Internet traffic classification using Bayesian analysis techniques[C]//Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. New York: ACM, 2005: 50-60.
[7] Auld T, Moore A, Gull S. Bayesian neural networks for Internet traffic classification[J]. IEEE Transactions on Neural Network, 2007, 18(1):223-239.
[8] Este A, Gringoli F, Salgarelli L. On the stability of the information carried by traffic flow features at the packet level[J]. ACM SIGCOMM Computer Communication Review, 2009, 39(3): 13-18.
[9] Este A, Gringoli F, Salgarelli L. Support vector machines for TCP traffic classification[J]. Computer Networks, 2009, 53(14): 2476-2490.
[10] Li Z, Yuan R, Guan X. Accurate classification of the Internet traffic based on the SVM method[C]//IEEE International Conference on Communications. Glasgow, USA, 2007:1373-1378.
[11] Lu Gang, Zhang Hongli, Sha Xuefu, et al. Tcfom: a robust traffic classification framework based on oc-svm combined with mc-svm[C]//2010 International Conference on Communications and Intelligence Information Security. Nanning, China, 2010: 180-186.
[12] Crotti M, Dusi M, Gringoli F, et al. Traffic classification through simple statistical fingerprinting[J].ACM SIGCOMM Computer Communication Review, 2007, 37(1): 5-16.
[13] Du Min, Chen Xingshu, Tan Jun. Online Internet traffic identification algorithm based on multistage classifier[J]. China Communications, 2013, 10(2): 89-97.
[14] Du Min, Chen Xingshu, Tan Jun. A novel P2P traffic identification algorithm based on BPSO and weighted k-nearest-neighbor[J]. China Communications, 2011, 8(2): 52-58.
[15] Bernaille L, Teixeira R, Akodkenou I, et al. Traffic classification on the fly[J]. ACM SIGCOMM Computer Communication Review, 2006, 36(2): 23-26.
[16] Erman J, Arlitt M, Mahanti A. Traffic classification using clustering algorithms[C]//Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data. New York: ACM, 2006: 281-286.
[17] Erman J, Arlitt M, Mahanti A, et al. Offline/realtime traffic classification using semi-supervised learning[J]. Performance Evaluation, 2007, 64(9): 1194-1213.
[18] Qian F, Hu G, Yao X. Semi-supervised Internet network traffic classification using a Gaussian mixture model[J]. Int J Electron Commun, 2008, 62(7):557-564.
[19] Peng Lizhi, Zhang Hongli, Yang Bo, et al. Traffic identification using flexible neural trees[C]//2010 18th International Workshop on Quality of Service. Beijing, China, 2010: 5542729-1-5542729-5.
[20] Dainotti A, Pescape A, Claffy K C. Issues and future directions in traffic classification[J]. IEEE Network, 2012, 26(1):35-40.
[21] Huang N, Jai G, Chao H. Early identifying application traffic with application characteristics[C]//IEEE International Conference on Communications. Beijing, China, 2008: 5788-5792.
[22] Huang N, Jai G, Chao H, et al. Application traffic classification at the early stage by characterizing application rounds[J]. Information Sciences, 2013, 232:130-142.
[23] Hullár B, Laki S, Gyorgy A. Early identification of peer-to-peer traffic[C]//IEEE International Conference on Communications. Kyoto, Japan, 2011:5963023-1-5963023-6.
[24] Dainotti A, Pescape A, Sansone C. Early classification of network traffic through multi-classification[C]//Lecture Notes in Computer Science. Berlin: Springer, 2011, 6613:122-135.
[25] Nguyen T T T, Armitage G, B ranch P, et al. Timely and continuous machine-learning-based classification for interactive IP traffic[J]. IEEE/ACM Transactions on Networking, 2012, 20(6):1880-1894.
[26] Waikato Internet Traffic Storage(WITS)[EB/OL].(2006-06-17)[2012-10-13].http://www.wand.net.nz/wits.
[27] UNIBS: Data sharing[EB/OL].(2011-07-21)[2013-09-14].http://www.ing.unibs.it/ntw/tools/traces/.
[28] Gringoli F, Salgarelli L, Dusi M, et al. GT: picking up the truth from the ground for internet traffic[J]. ACM SIGCOMM Computer Communication Review, 2009, 39(5): 12-18.
[29] Tcpdump/Libpcap[EB/OL].(2013-11-20)[2013-12-16].http://www.tcpdump.org.
Memo
- Memo:
-
Biography: Wu Tong(1979—), male, doctor, lecturer, wutong@bjtu.edu.cn.
Foundation items: The Program for New Century Excellent Talents in University(No.NCET-11-0565), the Fundamental Research Funds for the Central Universities(No.K13JB00160, 2012JBZ010, 2011JBM217), the Ph.D. Programs Foundation of Ministry of Education of China(No. 20120009120010), the Program for Innovative Research Team in University of Ministry of Education of China(No.IRT201206), the Natural Science Foundation of Shandong Province(No.ZR2012FM010, ZR2011FZ001).
Citation: Wu Tong, Han Zhen, Wang Wei, et al.Early-stage Internet traffic identification based on packet payload size[J].Journal of Southeast University(English Edition), 2014, 30(3):289-295.[doi:10.3969/j.issn.1003-7985.2014.03.006]