Please use this identifier to cite or link to this item: http://hdl.handle.net/1959.3/2536

Download PDF (Accepted manuscript) (Adobe Acrobat PDF, -1 bytes)

Title

Self-learning IP traffic classification based on statistical flow characteristics

Author(s)

Zander, Sebastian;  Nguyen, Thuy;  Armitage, Grenville

Abstract

A number of key areas in IP network engineering, management and surveillance greatly benefit from the ability to dynamically identify traffic flows according to the applications responsible for their creation. Currently such classifications rely on selected packet header fields (e.g. destination port) or application layer protocol decoding. These methods have a number of shortfalls e.g. many applications can use unpredictable port numbers and protocol decoding requires high resource usage or is simply infeasible in case protocols are unknown or encrypted. We propose a framework for application classification using an unsupervised machine learning (ML) technique. Flows are automatically classified based on their statistical characteristics. We also propose a systematic approach to identify an optimal set of flow attributes to use and evaluate the effectiveness of our approach using captured traffic traces.

Publication type

Conference paper

Research centre

Swinburne University of Technology. Faculty of Information and Communication Technologies. Centre for Advanced Internet Architectures

Source

Lecture notes in computer science: Proceedings of the 6th International Workshop on Passive and Active Network Measurement (PAM 2005), Boston, Massachusetts, United States, 31 March-01 April 2005 / Constantinos Dovrolis (ed.), Vol. 3431, pp. 325-328

Publication year

2005

Keyword(s)

Flow classification

Publisher

Springer

ISSN

0302-9743 (series ISSN)

ISBN

9783540319665, 3540255206

Publisher URL

http://dx.doi.org/10.1007/978-3-540-31966-5_26

Copyright

Copyright © Springer-Verlag Berlin Heidelberg 2005. The accepted manuscript of the paper is reproduced here in accordance with the copyright policy of the publisher. The definitive version of the publication is available at www.springer.com.

Additional information

This research was supported by Cisco Systems, Inc, under the university research system.

Full text

Peer reviewed