Browse > Article
http://dx.doi.org/10.3837/tiis.2010.10.009

Real-time Classification of Internet Application Traffic using a Hierarchical Multi-class SVM  

Yu, Jae-Hak (Electronics and Telecommunications Research Institute)
Lee, Han-Sung (Electronics and Telecommunications Research Institute)
Im, Young-Hee (Dept. of Computer and Information Science, Korea University)
Kim, Myung-Sup (Dept. of Computer and Information Science, Korea University)
Park, Dai-Hee (Dept. of Computer and Information Science, Korea University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.4, no.5, 2010 , pp. 859-876 More about this Journal
Abstract
In this paper, we propose a hierarchical application traffic classification system as an alternative means to overcome the limitations of the port number and payload based methodologies, which are traditionally considered traffic classification methods. The proposed system is a new classification model that hierarchically combines a binary classifier SVM and Support Vector Data Descriptions (SVDDs). The proposed system selects an optimal attribute subset from the bi-directional traffic flows generated by our traffic analysis system (KU-MON) that enables real-time collection and analysis of campus traffic. The system is composed of three layers: The first layer is a binary classifier SVM that performs rapid classification between P2P and non-P2P traffic. The second layer classifies P2P traffic into file-sharing, messenger and TV, based on three SVDDs. The third layer performs specialized classification of all individual application traffic types. Since the proposed system enables both coarse- and fine-grained classification, it can guarantee efficient resource management, such as a stable network environment, seamless bandwidth guarantee and appropriate QoS. Moreover, even when a new application emerges, it can be easily adapted for incremental updating and scaling. Only additional training for the new part of the application traffic is needed instead of retraining the entire system. The performance of the proposed system is validated via experiments which confirm that its recall and precision measures are satisfactory.
Keywords
Traffic monitoring and analysis; traffic classification; P2P traffic analysis; support vector machine; attribute subset selection;
Citations & Related Records

Times Cited By Web Of Science : 3  (Related Records In Web of Science)
Times Cited By SCOPUS : 3
연도 인용수 순위
  • Reference
1 S. Han, M, Kim, H, Ju, and J. W. Hong, "The architecture of NG-MON: A passive network monitoring system," LNCS, vol.2506, pp.16-27, 2002.
2 M. Hall, "Correlation-based feature selection for machine learning," PhD Diss. Department of Computer Science, Waikato University, Hamilton, NZ, 1998.
3 I. Seok, J. Lee, and B. Moon, "Hybrid genetic algorithms for feature selection," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol.26, no.11, pp.1424-1437, 2006.
4 T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "BLINC: Multilevel traffic classification in the dark," Proceedings of ACM SIGCOMM, vol.35, no.4, pp.229-240, 2005.
5 A. Yang, S. Jiang, and H. Deng, "A P2P network traffic classification method using SVM," in Proc. of the 9th International Conference for Young Computer Scientists, pp.398-403, 2008.
6 FileGuri, Available from: .
7 H. Schulze and K. Mochalski, "Ipoque Internet Study 2008/2009," Available from: .
8 Y. Sun and J. Li, "Iterative RELIEF for feature weighting," in Proc. of the 23rd International Conference on Machine Learning, pp.913-920, 2006.
9 Y. Sun and J. Li, "Iterative RELIEF for feature weighting," in Proc. of the 23rd International Conference on Machine Learning, pp.913-920, 2006.
10 J. Han and M. Kamber, "Data Mining: Concepts and Techniques," Morgan Kaufman, 2nd Ed., 2007.
11 Machine Learning Lab in The University of Waikato, Available from: .
12 G. Munz, H. Dai, L. Braun, and G. Carle, "TCP traffic classification using Markov models," LNCS, vol.6003, pp.127-140, 2010.
13 F. Fleuret, "Fast binary feature selection with conditional mutual information," Journal of Machine Learning Research, vol.5, pp.1531-1555, 2004.
14 J. Li, S. Zhang, S. Liu, and Y. Xuan Ye, "Active P2P traffic identification technique," in Proc. of the IEEE CIS 2007, pp.37-41, 2007.
15 G. Zhang, G. Xie, J. Yang, Y. Min, Z. Zhou, and X. Duan, "Accurate online traffic classification with multi-phases identification methodology," in Proc. of the IEEE International Conference on Consumer Communications and Networking, pp.141-146, 2008.
16 L. Zhou, X. Wang, W. Tu, G. Mutean, and B. Geller, "Distributed scheduling scheme for video streaming over multi-channel multi-radio multi-hop wireless networks," IEEE Journal on Selected Areas in Communications, vol.28, no.3, pp.409-419, 2010.   DOI
17 X. Zhou, "A P2P traffic classification method based on SVM," in Proc. of the International Symposium Computer Science and Computational Technology, pp.53-57, 2008.
18 N. Cascarano, F. Risso, A. Este, F. Gringoli, L. Salgarelli, A. Finamore, and M. Mellia, "Comparing P2PTV traffic classifiers," in Proc. of the IEEE International Conference on Communications, pp.1-6, 2010.
19 G. Szabo, I. Szabo, and D. Orincsay, "Accurate traffic classification," in Proc. of the IEEE International Symposium on World of Wireless Mobile and Multimedia Networks, pp.1-8, 2007.
20 J. Erman, A. Mahanti, and M. Arlitt, "Internet traffic identification using machine learning," in Proc. of the IEEE Conference on Global Telecommunications, pp.1-6, 2006.
21 M. Tai, S. Ata, and I. Oka, "Fast, accurate, and lightweight real-time traffic identification method based on flow statistics," LNCS, vol.4427, pp.255-259, 2007.
22 P. Phaal, S. Panchen, and N. McKee, "InMon corporation's sFlow: A method for monitoring traffic in switched and routed networks," IETF RFC3176, 2001.
23 Cisco Systems, White Papers, "NetFlow services and applications," Available from: .
24 H. Lee, J. Song, and D. Park, "Intrusion detection system based on multi-class SVM," LNAI, vol.3642, pp.511-519, 2005.
25 F. J. Gonzalez-Castano, P. S. Rodriguez-Hernandez, R. P. Martinez-Alvarez, A. Gomez, I. Lopez-Cabido, and J. Villasuso-Barreiro, "Support vector machine detection of peer-to-peer traffic," in Proc. of the IEEE International Conference on Computational Intelligence for Measurement Systems and Applications, pp.103-108, 2006.
26 T. Auld, A. Moore, and S. Gull, "Bayesian neural networks for Internet traffic classifications," IEEE Transactions on Neural Networks, vol.18, no.1, pp.223-239, 2007.   DOI
27 Y. Liu, R. Wang, H. Huang, Y. Zeng, and H. He, "Applying support vector machine to P2P traffic identification with smooth processing," in Proc. of the IEEE International Conference on Signal Processing, vol.3, pp.16-20, 2006.