Pattern Recognition Approaches for Classifying IP Flows
The assignment of an IP flow to a class, according to the application that generated it, is at the basis of any modern network management platform. However, classification techniques such as the ones based on the analysis of transport layer or application layer information are rapidly becoming ineffective. Moreover, in several network scenarios it is quite unrealistic to assume that all the classes an IP flow can belong to are a priori known. In these cases, in fact, some network protocols may be known, but novel protocols can appear so giving rise to unknown classes.
In this paper we propose to face the problem of classifying IP flows by means of different pattern recognition approaches. They have been explicitly devised in order to effectively address the problem of the unknown classes, too. An experimental evaluation of the various proposal on real traffic traces is also provided, by considering different network scenarios.
KeywordsSupport Vector Machine Gaussian Mixture Model Network Scenario Cost Matrix Application Protocol
- 1.Skype, http://www.skype.com
- 2.Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM 2005), Philadelphia, PA, USA, pp. 229–240 (August 2005)Google Scholar
- 3.Roughan, M., Sen, S., Spatscheck, O., Duffield, N.: Class–of–service mapping for QoS: a statistical signature–based approach to IP traffic classification. In: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement (IMC 2004), Taormina, Sicily, Italy, pp. 135–148 (October 2004)Google Scholar
- 6.Bernaille, L., Teixeira, R., Salamatian, K.: Early Application Identification. In: Proceedings of the 2006 ACM CoNEXT conference (CoNEXT 2006), Lisboa, Portugal, pp. 1–12 (December 2006)Google Scholar
- 7.Li, R.Y.Z., Guan, X.: Accurate Classification of the Internet Traffic Based on the SVM Method. In: Proceedings of the 42th IEEE International Conference on Communications (ICC 2007), Glasgow, Scotland, pp. 1373–1378 (June 2007)Google Scholar
- 16.L7 Filter, http://l7–filter.sourceforge.net