Skip to main content
SpringerLink
Log in

An Autonomic Traffic Classification System for Network Operation and Management

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Traffic classification is an important aspect in network operation and management, but challenging from a research perspective. During the last decade, several works have proposed different methods for traffic classification. Although most proposed methods achieve high accuracy, they present several practical limitations that hinder their actual deployment in production networks. For example, existing methods often require a costly training phase or expensive hardware, while their results have relatively low completeness. In this paper, we address these practical limitations by proposing an autonomic traffic classification system for large networks. Our system combines multiple classification techniques to leverage their advantages and minimize the limitations they present when used alone. Our system can operate with Sampled NetFlow data making it easier to deploy in production networks to assist network operation and management tasks. The main novelty of our system is that it can automatically retrain itself in order to sustain a high classification accuracy along time. We evaluate our solution using a 14-day trace from a large production network and show that our system can sustain an accuracy <96 %, even in presence of sampling, during long periods of time. The proposed system has been deployed in production in the Catalan Research and Education network and it is currently being used by network managers of more than 90 institutions connected to this network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Internet Assigned Numbers Authority (IANA): http://www.iana.org/assignments/port-numbers

  2. Moore, A., Papagiannaki, K.: Toward the accurate identification of network applications. In: Proceedings of Passive and Active Measurement Conference (PAM), pp. 41–54 (2005)

  3. Dainotti, A., Gargiulo, F., Kuncheva, L., Pescape, A., Sansone, C.: Identification of traffic flows hiding behind tcp port 80. In: IEEE International Conference on Communications (ICC), pp. 1–6 (2009)

  4. Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: Proceedings of ACM Annual Conference of the Special Interest Group on Data Communication (SIGCOMM), pp. 229–240 (2005)

  5. Jiang, H., Moore, A., Ge, Z., Jin, S., Wang, J.: Lightweight application classification for network management. In: Proceedings of the ACM SIGCOMM Workshop on Internet Network Management (INM), pp. 299–304 (2007)

  6. Nguyen, T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutor. 10(4), 56–76 (2008)

    Article  Google Scholar 

  7. Yoon, S., Park, J., Park, J., Oh, Y., Kim, M.: Internet application traffic classification using fixed IP-port. Manag. Enabling Future Internet Chang. Bus. New Comput. Serv. 5787, 21–30 (2009)

    Article  Google Scholar 

  8. Carela-Espanol, V., Barlet-Ros, P., Sole-Simo, M., Dainotti, A., de Donato, W., Pescape, A.: K-dimensional trees for continuous traffic classification. In: Proceedings of Traffic Monitoring and Analysis (TMA) pp. 141–155 (2010)

  9. Li, J., Zhang, S., Li, C., Yan, J.: Composite lightweight traffic classification system for network management. Int. J. Netw. Manag. 20(2), 85–105 (2010)

    Google Scholar 

  10. Mori, T., Kawahara, R., Hasegawa, H., Shimogawa, S.: Characterizing traffic flows originating from large-scale video sharing services. In: Proceedings of Traffic Monitoring and Analysis (TMA) pp. 17–31 (2010)

  11. Carela-Espanol, V., Barlet-Ros, P., Cabellos-Aparicio, A., Sole-Pareta, J.: Analysis of the impact of sampling on NetFlow traffic classification. Comput. Netw. 55(5), 1083–1099 (2011)

    Article  Google Scholar 

  12. Dainotti, A., Pescapé, A., Sansone, C.: Early classification of network traffic through multi-classification. In: Proceedings of Traffic Monitoring and Analysis (TMA) pp. 122–135 (2011)

  13. Lee, S., Kim, H., Barman, D., Lee, S., Kim, C., Kwon, T., Choi, Y.: NeTraMark: a network traffic classification benchmark. ACM SIGCOMM Comput. Commun. Rev. 41(1), 22–30 (2011)

    Article  Google Scholar 

  14. Williams, N., Zander, S., Armitage, G.: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. ACM SIGCOMM Comput. Commun. Rev. 36(5), 5–16 (2006)

    Article  Google Scholar 

  15. Crotti, M., Gringoli, F.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007)

    Article  Google Scholar 

  16. Li, W., Canini, M., Moore, A., Bolla, R.: Efficient application identification and the temporal and spatial stability of classification schema. Comput. Netw. 53(6), 790–809 (2009)

    Article  MATH  Google Scholar 

  17. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: Proceedings of ACM International World Wide Web Conference (WWW), pp. 512–521 (2004)

  18. Karagiannis, T., Broido, A., Faloutsos, M.: Transport layer identification of P2P traffic. In: Proceedings of ACM Internet Measurement Conference (IMC), pp. 121–134 (2004)

  19. Xu, K., Zhang, Z., Bhattacharyya, S.: Profiling internet backbone traffic: behavior models and applications. In: Proceedings of ACM Annual Conference of the Special Interest Group on Data Communication (SIGCOMM), pp. 169–180 (2005)

  20. Karagiannis, T., Papagiannaki, K., Taft, N., Faloutsos, M.: Profiling the end host. In: Proceedings of Passive and Active Measurement Conference (PAM), pp. 186–196. Springer (2007)

  21. Kim, H., Claffy, K., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of ACM International Conference on Emerging Networking EXperiments and Technologies (CoNEXT), p. 11 (2008)

  22. L7-filter, Application Layer Packet Classifier for Linux: http://l7-filter.clearfoundation.com/

  23. OpenDPI, The Open Source Deep Packet Inspection Engine: http://www.opendpi.org/

  24. PACE, ipoque’s Protocol and Application Classification Engine: http://www.ipoque.com/en/products/pace

  25. CoralReef Software Suite: http://www.caida.org/tools/measurement/coralreef/

  26. Iannaccone, G.: Fast prototyping of network data mining applications. In: Proceedings of Passive and Active Measurement Conference (PAM), pp. 41–50 (2006)

  27. Cisco Systems Sampled NetFlow: http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_sanf.html

  28. Barlet-Ros, P., Sole-Pareta, J., Barrantes, J., Codina, E., Domingo-Pascual, J.: SMARTxAC: a passive monitoring and analysis system for high-speed networks. Campus-Wide Inf. Syst. 23(4), 283–296 (2006)

    Article  Google Scholar 

  29. Quinlan, J.R.: C4.5: Programs for Machine Learning. The Morgan Kaufmann Series in Machine Learning. Morgan Kaufmann, San Mateo, CA (1993)

    Google Scholar 

  30. Lim, Y., Kim, H., Jeong, J., Kim, C., Kwon, T., Choi, Y.: Internet traffic classification demystified: on the sources of the discriminative power. In: Proceedings of ACM International Conference on Emerging Networking Experiments and Technologies (CoNEXT), p. 9 (2010)

  31. Is See5/C5.0 Better Than C4.5?: http://rulequest.com/see5-comparison.html

  32. Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Meas. 20(1), 37–46 (1960)

    Article  Google Scholar 

  33. Alcock, S., Nelson, R.: Libprotoident: Traffic Classification Using Lightweight Packet Inspection. Technical Report. University of Waikato (2012). http://www.wand.net.nz/publications/lpireport

  34. nDPI, Open and Extensible GPLv3 Deep Packet Inspection Library: http://www.ntop.org/products/ndpi/

  35. Zhang, J., Chen, C., Xiang, Y., Zhou, W., Vasilakos, A.: An effective network traffic classification method with unknown flow detection. IEEE Trans. Netw. Serv. Manag. 10(2), 133–147 (2013)

    Article  Google Scholar 

Download references

Acknowledgments

The authors want to thank ipoque for kindly providing access to their PACE software and Tatsuya Mori for sharing with us the list of IPs presented in [10]. We would also like to thank UPCnet and CESCA for the traffic traces provided for this study. This research was funded by the Spanish Ministry of Economy and Competitiveness under contract TEC2011-27474 (NOMADS project) and by the Comissionat per a Universitats i Recerca del DIUE de la Generalitat de Catalunya (Ref. 2009SGR-1140).

Author information

Authors and Affiliations

  1. Dept. Arquitectura de Computadors, UPC BarcelonaTech, Campus Nord, Edif. D6, Jordi Girona, 1-3, 08034, Barcelona, Spain

    Valentín Carela-Español, Pere Barlet-Ros, Oriol Mula-Valls & Josep Solé-Pareta

Authors
  1. Valentín Carela-Español
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pere Barlet-Ros
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Oriol Mula-Valls
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Josep Solé-Pareta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Valentín Carela-Español.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Carela-Español, V., Barlet-Ros, P., Mula-Valls, O. et al. An Autonomic Traffic Classification System for Network Operation and Management. J Netw Syst Manage 23, 401–419 (2015). https://doi.org/10.1007/s10922-013-9293-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-013-9293-1

Keywords

Search

Navigation