Browse > Article
http://dx.doi.org/10.5391/JKIIS.2010.20.1.007

Hierarchical Internet Application Traffic Classification using a Multi-class SVM  

Yu, Jae-Hak (고려대학교 컴퓨터정보학과)
Lee, Han-Sung (한국전자통신연구원)
Im, Young-Hee (고려대학교 컴퓨터정보학과)
Kim, Myung-Sup (고려대학교 컴퓨터정보학과)
Park, Dai-Hee (고려대학교 컴퓨터정보학과)
Publication Information
Journal of the Korean Institute of Intelligent Systems / v.20, no.1, 2010 , pp. 7-14 More about this Journal
Abstract
In this paper, we introduce a hierarchical internet application traffic classification system based on SVM as an alternative overcoming the uppermost limit of the conventional methodology which is using the port number or payload information. After selecting an optimal attribute subset of the bidirectional traffic flow data collected from the campus, the proposed system classifies the internet application traffic hierarchically. The system is composed of three layers: the first layer quickly determines P2P traffic and non-P2P traffic using a SVM, the second layer classifies P2P traffics into file-sharing, messenger, and TV, based on three SVDDs. The third layer makes specific classification of the entire 16 application traffics. By classifying the internet application traffic finely or coarsely, the proposed system can guarantee an efficient system resource management, a stable network environment, a seamless bandwidth, and an appropriate QoS. Also, even a new application traffic is added, it is possible to have a system incremental updating and scalability by training only a new SVDD without retraining the whole system. We validate the performance of our approach with computer experiments.
Keywords
Internet application classification; Support vector machine; Attribute subset selection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Han, M, Kim, H, Ju, and J. W. Hong, "The Architecture of NG-MON: A Passive Network Monitoring System," LNCS, 2506, pp. 16-27, 2002.
2 M. Hall, Correlation-based Feature Selection for Machine Learning, PhD Diss. Department of Computer Science, Waikato University, Hamilton, NZ, 1998.
3 I. Seok, J. Lee, and B. Moon, "Hybrid Genetic Algorithms for Feature Selection," IEEE Trans. on Pattern Analysis and Machine Intelligence, Vol. 26, No. 11, pp. 1424-1437, 2006.   DOI
4 F. Fleuret, "Fast Binary Feature Selection with Conditional Mutual Information," Journal of Machine Learning Research, Vol. 5, pp. 1531-1555, 2004.
5 Y. Sun and J. Li, "Iterative RELIEF for Feature Weighting," In Proc. of the 23rd Int. Conf. on Machine Learning, pp. 913-920, 2006.
6 T. Ambwani, "Multi Class Support Vector Machine Implementation to Intrusion Detection," In Proc. of the Int. Conf. on Neural Networks, Vol. 3, pp.2300-2305, 2003.   DOI
7 B. Park, Y. Won, M. Kim, and Hong, J. W. Hong, "Towards Automated Application Signature Generation for Traffic Identification," Network Operations and Management Symposium, pp. 160-167, 2008.
8 Machine Learning Lab in The University of Waikato, http://www.cs.waikato.ac.nz/ml..
9 Y. Liu, R. Wang, H. Huang, Y. Zeng, and H. He, "Applying Support Vector Machine to P2P Traffic Identification with Smooth Processing," IEEE Int. Conf. on Signal Processing, Vol. 3, pp.16-20, 2006.
10 F. J. Gonzalez-Castano, P. S.Rodriguez-Hernandez R. P. Martinez-Alvarez, A. Gomez, I. Lopez- Cabido, and J. Villasuso-Barreiro, "Support Vector Machine Detection of Peer-to-Peer Traffic," IEEE Int. Conf. on Computational Intelligence for Measurement Systems and Applications, pp. 103-108, 2006.
11 A. Yang, S. Jiang, and H. Deng, "A P2P Network Traffic Classification Method using SVM," The 9th Int. Conf. for Young Computer Scientists, pp. 398-403, 2008.
12 X. Zhou, "A P2P Traffic Classification Method Based on SVM," Int. Symposium Computer Science and Computational Technology, pp. 53-57, 2008.
13 H. Lee, J. Song, and D. Park, "Intrusion Detection System Based on Multi-class SVM," LNAI, 3642, pp. 511-519, 2005.
14 M. Tai, S. Ata, and I. Oka, "Fast, Accurate, and Lightweight Real-Time Traffic Identification Method Based on Flow Statistics," LNCS, 4427, pp. 255-259, 2007.
15 T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "BLINC: Multilevel Traffic Classification in the Dark," In Proc. of ACM SIGCOMM, Vol. 35, No.4, pp. 229-240, 2005.   DOI
16 J. Li, S. Zhang, S. Liu, and Y. Xuan, "Active P2P Traffic Identification Technique," IEEE Int. Conf. on Computational Intelligence and .Security, pp. 37-41, 2007.
17 G. Zhang, G. Xie, J. Yang, Y. Min, Z. Zhou, and X. Duan, "Accurate Online Traffic Classification with Multi-phases Identification Methodology," IEEE Int. Conf. on Consumer Communications and Networking, pp. 141-146, 2008.
18 P. Phaal, S. Panchen, and N. McKee, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks, IETF RFC 3176, 2001.
19 H. Schulze and K. Mochalski, Ipoque Internet Study 2008/2009, http://www.ipoque.com/.
20 Cisco Systems, White Papers, NetFlow Services and Applications, http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm.
21 G. Szabo, I. Szabo, and D. Orincsay, "Accurate Traffic Classification," IEEE Int. Symposium on World of Wireless Mobile and Multimedia Networks, pp. 1-8, 2007.   DOI
22 T. Auld, A. Moore, and S. Gull, "Bayesian Neural Networks for Internet Traffic Classifications," IEEE Trans. on Neural Networks, Vol. 18, No. 1. pp. 223-239, 2007.   DOI
23 J. Erman, A. Mahanti, and M. Arlitt, "Internet Traffic Identification using Machine Learning," IEEE Conf. on Global Telecommunications, pp. 1-6, 2006.