Abstract
A number of key areas in IP network engineering, management and surveillance greatly benefit from the ability to dynamically identify traffic flows according to the applications responsible for their creation. Currently such classifications rely on selected packet header fields (e.g. destination port) or application layer protocol decoding. These methods have a number of shortfalls e.g. many applications can use unpredictable port numbers and protocol decoding requires high resource usage or is simply infeasible in case protocols are unknown or encrypted. We propose a framework for application classification using an unsupervised machine learning (ML) technique. Flows are automatically classified based on their statistical characteristics. We also propose a systematic approach to identify an optimal set of flow attributes to use and evaluate the effectiveness of our approach using captured traffic traces.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sen, S., Spatscheck, O., Wang, D.: Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures. In: WWW 2004, New York, USA (May 2004)
Frank, J.: Machine Learning and Intrusion Detection: Current and Future Directions. In: Proceedings of the National 17th Computer Security Conference (1994)
Roughan, M., Sen, S., Spatscheck, O., Duffield, N.: Class-of-Service Mapping for QoS: A statistical signature-based approach to IP traffic classification. In: ACM SIGCOMM Internet Measurement Workshop 2004, Taormina, Sicily, Italy,
McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow Clustering Using Machine Learning Techniques. In: Passive & Active Measurement Workshop 2004, France (April 2004)
Lan, K., Heidemann, J.: On the correlation of Internet flow characteristics, Technical Report ISI-TR-574, USC/Information Sciences Institute (July 2003)
Claffy, K., Braun, H.-W., Polyzos, G.: Internet Traffic Profiling, CAIDA, San Diego Supercomputer Center outreach/papers/1994/itf/ (1994), http://www.caida.org/
Dunnigan, T., Ostrouchov, G.: Flow Characterization for Intrusion Detection, Oak Ridge National Laboratory, Tech Report (November 2000), http://www.csm.ornl.gov/~ost/id/tm.ps
NetMate as of, (January 2005), http://sourceforge.net/projects/netmate-meter/
Cheeseman, P., Stutz, J.: Bayesian Classification (Autoclass): Theory and Results. In: Advances in Knowledge Discovery and Data Mining, AAAI/MIT Press, USA (1996)
Dempster, A., Laird, N., Rubin, D.: Maximum Likelihood from Incomplete Data via the EM Algorithm. Journal of Royal Statistical Society, Series BÂ 30(1) (1977)
NLANR traces as of, (January 2005), http://pma.nlanr.net/Special/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zander, S., Nguyen, T., Armitage, G. (2005). Self-Learning IP Traffic Classification Based on Statistical Flow Characteristics. In: Dovrolis, C. (eds) Passive and Active Network Measurement. PAM 2005. Lecture Notes in Computer Science, vol 3431. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31966-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-31966-5_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25520-8
Online ISBN: 978-3-540-31966-5
eBook Packages: Computer ScienceComputer Science (R0)