Automatic Discovery of Network Applications: A Hybrid Approach

  • Mahbod Tavallaee
  • Wei Lu
  • Ebrahim Bagheri
  • Ali A. Ghorbani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6085)


Automatic discovery of network applications is a very challenging task which has received a lot of attentions due to its importance in many areas such as network security, QoS provisioning, and network management. In this paper, we propose an online hybrid mechanism for the classification of network flows, in which we employ a signature-based classifier in the first level, and then using the weighted unigram model we improve the performance of the system by labeling the unknown portion. Our evaluation on two real networks shows between 5% and 9% performance improvement applying the genetic algorithm based scheme to find the appropriate weights for the unigram model.


Genetic Algorithm Network Application Port Number Automatic Discovery ASCII Character 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Quinlan, J.: C4.5: Programs for Machine Learning. Morgan Kaufmann, San Francisco (1993)Google Scholar
  2. 2.
    Moore, D., Keys, K., Koga, R., Lagache, E., Claffy, K.: The CoralReef Software Suite as a Tool for System and Network Administrators. In: Proceedings of the 15th USENIX conference on System administration, pp. 133–144 (2001)Google Scholar
  3. 3.
    Gummadi, K., Dunn, R., Saroiu, S., Gribble, S., Levy, H., Zahorjan, J.: Measurement, modeling, and analysis of a peer-to-peer file-sharing workload. ACM SIGOPS Operating Systems Review 37(5), 314–329 (2003)CrossRefGoogle Scholar
  4. 4.
    Sen, S., Wang, J.: Analyzing peer-to-peer traffic across large networks. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pp. 137–150 (2002)Google Scholar
  5. 5.
    Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: Proceedings of the 13th international conference on World Wide Web, pp. 512–521 (2004)Google Scholar
  6. 6.
    Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.: The WEKA Data Mining Software: An Update. SIGKDD Explorations 11(1) (2009)Google Scholar
  7. 7.
    Meffert, K., Rotstan, N., Knowles, C., Sangiorgi, U.: JGAP–Java Genetic Algorithms and Genetic Programming Package,

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mahbod Tavallaee
    • 1
  • Wei Lu
    • 2
  • Ebrahim Bagheri
    • 3
  • Ali A. Ghorbani
    • 1
  1. 1.Information Security Centre of ExcellenceUniversity of New Brunswick 
  2. 2.Q1 Labs Inc.FrederictonCanada
  3. 3.National Research Council CanadaIIT and Athabasca University - SCIS 

Personalised recommendations