Abstract
Recent research on Internet traffic classification has achieved certain success in the application of machine learning techniques into flow statistics based method. However, existing methods fail to deal with zero-day traffic which are generated by previously unknown applications in a traffic classification system. To tackle this critical problem, we propose a novel traffic classification scheme which has the capability of identifying zero-day traffic as well as accurately classifying the traffic generated by pre-defined application classes. In addition, the proposed scheme provides a new mechanism to achieve fine-grained classification of zero-day traffic through manually labeling very few traffic flows. The preliminary empirical study on a big traffic data show that the proposed scheme can address the problem of zero-day traffic effectively. When zero-day traffic present, the classification performance of the proposed scheme is significantly better than three state-of-the-art methods, random forest classifier, classification with flow correlation, and semi-supervised traffic classification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cisco, WAN and application optimization solution guide, Cisco Systems, Inc., Tech. Rep. (2008), http://www.cisco.com/en/US/docs/nsite/enterprise/wan/wan_optimization/wan_opt_sg.html
Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surveys Tuts. 10(4), 56–76 (2008)
Auld, T., Moore, A.W., Gull, S.F.: Bayesian neural networks for internet traffic classification. IEEE Trans. Neural Netw. 18(1), 223–239 (2007)
Bernaille, L., Teixeira, R.: Early recognition of encrypted applications. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 165–175. Springer, Heidelberg (2007)
Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., Tofanelli, P.: Revealing skype traffic: when randomness plays with you. In: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, New York, NY, USA, pp. 37–48 (2007)
Kim, H., Claffy, K., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of the ACM CoNEXT Conference, New York, NY, USA, pp. 1–12 (2008)
Este, A., Gringoli, F., Salgarelli, L.: Support vector machines for tcp traffic classification. Computer Networks 53(14), 2476–2490 (2009)
Zhang, J., Xiang, Y., Wang, Y., Zhou, W., Xiang, Y., Guan, Y.: Network traffic classification using correlation information. IEEE Trans. Parallel Distrib. Syst., 1–15 (2012), doi:10.1109/TPDS.2012.98
Zander, S., Nguyen, T., Armitage, G.: Automated traffic classification and application identification using machine learning. In: Annual IEEE Conference on Local Computer Networks, Los Alamitos, CA, USA, pp. 250–257 (2005)
Erman, J., Arlitt, M., Mahanti, A.: Traffic classification using clustering algorithms. In: Proceedings of the SIGCOMM Workshop on Mining Network Data, New York, NY, USA, pp. 281–286 (2006)
Bernaille, L., Teixeira, R., Akodkenou, I., Soule, A., Salamatian, K.: Traffic classification on the fly. SIGCOMM Comput. Commun. Rev. 36, 23–26 (2006)
Glatz, E., Dimitropoulos, X.: Classifying internet one-way traffic. SIGMETRICS Perform. Eval. Rev. 40(1), 417–418 (2012)
Jin, Y., Duffield, N., Erman, J., Haffner, P., Sen, S., Zhang, Z.-L.: A modular machine learning system for flow-level traffic classification in large networks. ACM Trans. Knowl. Discov. Data 6(1), 4:1–4:34 (2012)
Nguyen, T., Armitage, G., Branch, P., Zander, S.: Timely and continuous machine-learning-based classification for interactive ip traffic. IEEE/ACM Trans. Netw., 1–15 (2012), doi:10.1109/TNET.2012.2187305
Erman, J., Mahanti, A., Arlitt, M., Cohen, I., Williamson, C.: Offline/realtime traffic classification using semi-supervised learning. Performance Evaluation 64(9-12), 1194–1213 (2007)
Casas, P., Mazel, J., Owezarski, P.: MINETRAC: Mining flows for unsupervised analysis & semi-supervised classification. In: Proceedings of the 23rd International Teletraffic Congress, pp. 87–94 (2011)
Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. SIGCOMM Comput. Commun. Rev. 37, 5–16 (2007)
MacKay, D.J.C.: Information Theory, Inference and Learning Algorithms. Cambridge University Press, Cambridge (2003)
Wang, Y., Xiang, Y., Zhang, J., Yu, S.-Z.: A novel semi-supervised approach for network traffic clustering. In: International Conference on Network and System Security, Milan, Italy (September 2011)
Ma, J., Levchenko, K., Kreibich, C., Savage, S., Voelker, G.M.: Unexpected means of protocol inference. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, New York, NY, USA, pp. 313–326 (2006)
Bishop, C.M.: Pattern Recognition and Machine Learning. In: Jordan, M., Kleinberg, J., Scholkopf, B. (eds.). Springer (2006)
Guyon, I., Elisseeff, A.: An introduction to variable and feature selection. J. Mach. Learn. Res. 3, 1157–1182 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, J., Chen, X., Xiang, Y., Zhou, W. (2013). Zero-Day Traffic Identification. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-03584-0_16
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03583-3
Online ISBN: 978-3-319-03584-0
eBook Packages: Computer ScienceComputer Science (R0)