KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Real-time Classification of Internet Application Traffic using a Hierarchical Multi-class SVM

  • Yu, Jae-Hak (Electronics and Telecommunications Research Institute) ;
  • Lee, Han-Sung (Electronics and Telecommunications Research Institute) ;
  • Im, Young-Hee (Dept. of Computer and Information Science, Korea University) ;
  • Kim, Myung-Sup (Dept. of Computer and Information Science, Korea University) ;
  • Park, Dai-Hee (Dept. of Computer and Information Science, Korea University)
  • Received : 2010.06.08
  • Accepted : 2010.07.30
  • Published : 2010.10.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a hierarchical application traffic classification system as an alternative means to overcome the limitations of the port number and payload based methodologies, which are traditionally considered traffic classification methods. The proposed system is a new classification model that hierarchically combines a binary classifier SVM and Support Vector Data Descriptions (SVDDs). The proposed system selects an optimal attribute subset from the bi-directional traffic flows generated by our traffic analysis system (KU-MON) that enables real-time collection and analysis of campus traffic. The system is composed of three layers: The first layer is a binary classifier SVM that performs rapid classification between P2P and non-P2P traffic. The second layer classifies P2P traffic into file-sharing, messenger and TV, based on three SVDDs. The third layer performs specialized classification of all individual application traffic types. Since the proposed system enables both coarse- and fine-grained classification, it can guarantee efficient resource management, such as a stable network environment, seamless bandwidth guarantee and appropriate QoS. Moreover, even when a new application emerges, it can be easily adapted for incremental updating and scaling. Only additional training for the new part of the application traffic is needed instead of retraining the entire system. The performance of the proposed system is validated via experiments which confirm that its recall and precision measures are satisfactory.

Keywords

References

  1. H. Schulze and K. Mochalski, "Ipoque Internet Study 2008/2009," Available from: .
  2. G. Szabo, I. Szabo, and D. Orincsay, "Accurate traffic classification," in Proc. of the IEEE International Symposium on World of Wireless Mobile and Multimedia Networks, pp.1-8, 2007.
  3. L. Zhou, X. Wang, W. Tu, G. Mutean, and B. Geller, "Distributed scheduling scheme for video streaming over multi-channel multi-radio multi-hop wireless networks," IEEE Journal on Selected Areas in Communications, vol.28, no.3, pp.409-419, 2010. https://doi.org/10.1109/JSAC.2010.100412
  4. J. Erman, A. Mahanti, and M. Arlitt, "Internet traffic identification using machine learning," in Proc. of the IEEE Conference on Global Telecommunications, pp.1-6, 2006.
  5. T. Auld, A. Moore, and S. Gull, "Bayesian neural networks for Internet traffic classifications," IEEE Transactions on Neural Networks, vol.18, no.1, pp.223-239, 2007. https://doi.org/10.1109/TNN.2006.883010
  6. Y. Liu, R. Wang, H. Huang, Y. Zeng, and H. He, "Applying support vector machine to P2P traffic identification with smooth processing," in Proc. of the IEEE International Conference on Signal Processing, vol.3, pp.16-20, 2006.
  7. F. J. Gonzalez-Castano, P. S. Rodriguez-Hernandez, R. P. Martinez-Alvarez, A. Gomez, I. Lopez-Cabido, and J. Villasuso-Barreiro, "Support vector machine detection of peer-to-peer traffic," in Proc. of the IEEE International Conference on Computational Intelligence for Measurement Systems and Applications, pp.103-108, 2006.
  8. A. Yang, S. Jiang, and H. Deng, "A P2P network traffic classification method using SVM," in Proc. of the 9th International Conference for Young Computer Scientists, pp.398-403, 2008.
  9. X. Zhou, "A P2P traffic classification method based on SVM," in Proc. of the International Symposium Computer Science and Computational Technology, pp.53-57, 2008.
  10. N. Cascarano, F. Risso, A. Este, F. Gringoli, L. Salgarelli, A. Finamore, and M. Mellia, "Comparing P2PTV traffic classifiers," in Proc. of the IEEE International Conference on Communications, pp.1-6, 2010.
  11. H. Lee, J. Song, and D. Park, "Intrusion detection system based on multi-class SVM," LNAI, vol.3642, pp.511-519, 2005.
  12. M. Tai, S. Ata, and I. Oka, "Fast, accurate, and lightweight real-time traffic identification method based on flow statistics," LNCS, vol.4427, pp.255-259, 2007.
  13. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "BLINC: Multilevel traffic classification in the dark," Proceedings of ACM SIGCOMM, vol.35, no.4, pp.229-240, 2005.
  14. J. Li, S. Zhang, S. Liu, and Y. Xuan Ye, "Active P2P traffic identification technique," in Proc. of the IEEE CIS 2007, pp.37-41, 2007.
  15. G. Zhang, G. Xie, J. Yang, Y. Min, Z. Zhou, and X. Duan, "Accurate online traffic classification with multi-phases identification methodology," in Proc. of the IEEE International Conference on Consumer Communications and Networking, pp.141-146, 2008.
  16. G. Munz, H. Dai, L. Braun, and G. Carle, "TCP traffic classification using Markov models," LNCS, vol.6003, pp.127-140, 2010.
  17. P. Phaal, S. Panchen, and N. McKee, "InMon corporation's sFlow: A method for monitoring traffic in switched and routed networks," IETF RFC3176, 2001.
  18. Cisco Systems, White Papers, "NetFlow services and applications," Available from: .
  19. S. Han, M, Kim, H, Ju, and J. W. Hong, "The architecture of NG-MON: A passive network monitoring system," LNCS, vol.2506, pp.16-27, 2002.
  20. M. Hall, "Correlation-based feature selection for machine learning," PhD Diss. Department of Computer Science, Waikato University, Hamilton, NZ, 1998.
  21. I. Seok, J. Lee, and B. Moon, "Hybrid genetic algorithms for feature selection," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol.26, no.11, pp.1424-1437, 2006.
  22. F. Fleuret, "Fast binary feature selection with conditional mutual information," Journal of Machine Learning Research, vol.5, pp.1531-1555, 2004.
  23. Y. Sun and J. Li, "Iterative RELIEF for feature weighting," in Proc. of the 23rd International Conference on Machine Learning, pp.913-920, 2006.
  24. Y. Sun and J. Li, "Iterative RELIEF for feature weighting," in Proc. of the 23rd International Conference on Machine Learning, pp.913-920, 2006.
  25. J. Han and M. Kamber, "Data Mining: Concepts and Techniques," Morgan Kaufman, 2nd Ed., 2007.
  26. FileGuri, Available from: .
  27. Machine Learning Lab in The University of Waikato, Available from: .

Cited by

  1. MediaCloud: A New Paradigm of Multimedia Computing vol.6, pp.4, 2012, https://doi.org/10.3837/tiis.2012.04.012
  2. NetCube: a comprehensive network traffic analysis model based on multidimensional OLAP data cube vol.23, pp.2, 2010, https://doi.org/10.1002/nem.1818
  3. Application Traffic Classification using PSS Signature vol.8, pp.7, 2010, https://doi.org/10.3837/tiis.2014.07.004
  4. Stress Detection and Classification of Laying Hens by Sound Analysis vol.28, pp.4, 2010, https://doi.org/10.5713/ajas.14.0654
  5. Forecasting heating and cooling loads of buildings: a comparative performance analysis vol.11, pp.3, 2020, https://doi.org/10.1007/s12652-019-01317-y
  6. Dilated Deep Neural Network for Segmentation of Retinal Blood Vessels in Fundus Images vol.44, pp.1, 2010, https://doi.org/10.1007/s40998-019-00213-7
  7. An Elderly Health Monitoring System Using Machine Learning and In-Depth Analysis Techniques on the NIH Stroke Scale vol.8, pp.7, 2010, https://doi.org/10.3390/math8071115