Using a Behaviour Knowledge Space Approach for Detecting Unknown IP Traffic Flows

  • Alberto Dainotti
  • Antonio Pescapé
  • Carlo Sansone
  • Antonio Quintavalle
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6713)


The assignment of an IP flow to a class, according to the application that generated it, is at the basis of any modern network management platform. In several network scenarios, however, it is quite unrealistic to assume that all the classes an IP flow can belong to are a priori known. In these cases, in fact, some network protocols may be known, but novel protocols can appear so giving rise to unknown classes. In this paper, we propose to face the problem of classifying IP flows by means of a multiple classifier approach based on the Behaviour Knowledge Space (BKS) combiner. It has been explicitly devised in order to effectively address the problem of the unknown traffic too. To demonstrate the effectiveness of the proposed approach we present an experimental evaluation on a real traffic trace.


Bayesian Neural Network Deep Packet Inspection Edge Space Handwritten Numeral Focal Unit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    L7-filter, Application Layer Packet Classifier for Linux,
  2. 2.
    Aceto, G., Dainotti, A., de Donato, W., Pescapé, A.: PortLoad: taking the best of two worlds in traffic classification. In: IEEE INFOCOM 2010 - WiP Track (March 2010)Google Scholar
  3. 3.
    Alshammari, R., Zincir-Heywood, A.N.: Machine learning based encrypted traffic classification: identifying ssh and skype. In: CISDA 2009: Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications, USA, pp. 289–296. IEEE Press, Piscataway (2009)Google Scholar
  4. 4.
    Auld, T., Moore, A.W., Gull, S.F.: Bayesian neural networks for internet traffic classification. IEEE Transactions on Neural Networks 18(1), 223–239 (2007)CrossRefGoogle Scholar
  5. 5.
    Bernaille, L., Teixeira, R.: Early recognition of encrypted applications. In: PAM, pp. 165–175 (2007)Google Scholar
  6. 6.
    Callado, A., Kelner, J., Sadok, D., Kamienski, C.A., Fernandes, S.: Better network traffic identification through the independent combination of techniques. Journal of Network and Computer Applications 33(4), 433–446 (2010)CrossRefGoogle Scholar
  7. 7.
    Callado, A., Szabó, C.K.G., Gero, B.P., Kelner, J., Fernandes, S., Sadok, D.: A Survey on Internet Traffic Identification. IEEE Communications Surveys & Tutorials  11(3) ( July 2009)Google Scholar
  8. 8.
    Corona, I., Giacinto, G., Mazzariello, C., Roli, F., Sansone, C.: Information fusion for computer security: State of the art and open issues. Information Fusion 10(4), 274–284 (2009)CrossRefGoogle Scholar
  9. 9.
    Dainotti, A., de Donato, W., Pescapè, A.: Tie: A community-oriented traffic classification platform. In: TMA pp. 64–74 (2009)Google Scholar
  10. 10.
    Dainotti, A., de Donato, W., Pescapè, A., Ventre, G.: Tie: A community-oriented traffic classification platform. Technical Report TR-DIS-102008-TIE, Dipartimento di Informatica e Sistemistica, Universitá degli Studi di Napoli Federico II (October 2008)Google Scholar
  11. 11.
    Dainotti, A., Pescapè, A., Sansone, C.: Early classification of network traffic through multi-classification. In: TMA - Traffic Monitoring and Analysis Workshop ( in Press 2011)Google Scholar
  12. 12.
    Dainotti, A., Pescapè, A., Ventre, G.: A packet-level characterization of network traffic. In: CAMAD, pp. 38–45. IEEE, Los Alamitos (2006)Google Scholar
  13. 13.
    He, H., Che, C., Ma, F., Zhang, J., Luo, X.: Traffic classification using en-semble learning and co-training. In: AIC 2008: Proceedings of the 8th conference on Applied informatics and communications, pp. 458–463. World Scientific and Engineering Academy and Society (WSEAS), Wisconsin (2008)Google Scholar
  14. 14.
    Huang, Y.S., Suen, C.Y.: A method of combining multiple experts for the recognition of unconstrained handwritten numerals. IEEE Trans. Pattern Analysis and Machine Intelligence 17(1), 90–94 (1995)CrossRefGoogle Scholar
  15. 15.
    Kim, H., Claffy, K., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: CoNEXT 2008: Proceedings of the 2008 ACM CoNEXT Conference, pp. 1–12. ACM Press, New York (2008)Google Scholar
  16. 16.
    Kuncheva, L.I.: Combining Pattern Classifiers: Methods and Algorithms. Wiley Interscience, Hoboken (2004)CrossRefzbMATHGoogle Scholar
  17. 17.
    Kuncheva, L.I., Bezdek, J.C., Duin, R.P.W.: Decision templates for multiple classifier fusion: an experimental comparison. Pattern Recognition 34(2), 299–314 (2001)CrossRefzbMATHGoogle Scholar
  18. 18.
    Nguyen, T.T., Armitage, G.: A Survey of Techniques for Internet Traffic Classification using Machine Learning. IEEE Communications Surveys and Tutorials (2008)Google Scholar
  19. 19.
    Park, J., Tyan, H.R., Kuo, C.C.J.: Ga-based internet traffic classification technique for qos provisioning. Intelligent Information Hiding and Multimedia Signal Processing, International Conference on 0, 251–254 (2006)Google Scholar
  20. 20.
    Szabo, G., Szabo, I., Orincsay, D.: Accurate traffic classification, jun. 2007, pp. 1–8 (2007)Google Scholar
  21. 21.
    Williams, N., Zander, S., Armitage, G.: Evaluating machine learning algorithms for automated network application identification. In: Tech. Rep. 060401B, CAIA, April 2006, Swinburne Univ. (2006)Google Scholar
  22. 22.
    Williams, N., Zander, S., Armitage, G.: A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. ACM SIGCOMM CCR 36(5), 7–15 (2006)CrossRefGoogle Scholar
  23. 23.
    Wright, C.V., Monrose, F., Masson, G.M.: On inferring application protocol behaviors in encrypted network traffic. Journal of Machine Learning Research 7, 2745–2769 (December 2006)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Alberto Dainotti
    • 1
  • Antonio Pescapé
    • 1
  • Carlo Sansone
    • 1
  • Antonio Quintavalle
    • 1
  1. 1.Department of Computer Engineering and SystemsUniversitá di Napoli Federico IIItaly

Personalised recommendations