WANG Tao,YU Shun-zheng

DOI: https://doi.org/10.3969/j.issn.1000-1220.2012.05.021

2012-01-01

Abstract:ML(machine learning) employs statistical network flow characteristics to assist in the IP traffic classification identification and classification,which is different with traditional methods that depend on well known application port numbers or deeply inspecting the contents of packet payloads.ML-based network traffic classification has been researched widely and developed rapidly.This survey reviews the significant works that cover the dominant period since 2004,and categorize,analyze and compare them according to their choice of ML strategies which include supervised,unsupervised and semi-supervised learning algorithms.We importantly discuss the orientations and challenges for the employment of ML-based traffic classifiers in operational IP networks.More specifically,the key issues such as sample labeling bottleneck,skewed data distribution,real-time and continuous classification and scalability of classification algorithms are discussed.

LIU Qiong,LIU Zhen,HUANG Min

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.12.008

2010-01-01

Computer Science

Abstract:To identify the traffic based on the application in a large network, the major part is traffic classification and it is useful to provide quality of service, lawful interception and intrusion detection. A number of limitations have been exhibited by older methods such as port-based and payload based classification. Hence Machine learning techniques are used by the research community to analyse the flow statistics for detecting network applications. The statistical based approach is used here for traffic identification and classification process. The statistical features are flow size, flow duration, TCP port, packet inter-arrival times statistics, total number of packets, mean packet length, protocol, number of bytes transferred. There are two types of machine learning algorithms such as supervised and unsupervised algorithms. These two machine learning algorithms are analysed with datasets respectively based on the set of algorithms. By evaluating the results of supervised and unsupervised algorithms respectively, best algorithm from each technique is combined together to yield

Muhammad Shafiq,Xiangzhan Yu,Asif Ali Laghari,Lu Yao,Abin Kumar Karn,Oudil Abdessamia

DOI: https://doi.org/10.1109/compcomm.2016.7925139

2016-01-01

Abstract:Network Traffic Classification is a central topic nowadays in the field of computer science. It is a very essential task for Internet service providers (ISPs) to know which types of network applications flow in a network. Network Traffic Classification is the first step to analyze and identify different types of applications flowing in a network. Through this technique, internet service providers or network operators can manage the overall performance of a network. There are many methods traditional technique to classify internet traffic like Port Based, Pay Load Based and Machine Learning Based technique. The most common technique used these days is Machine Learning (ML) technique. Which is used by many researchers and got very effective accuracy results. In this paper, we discuss network traffic classification techniques step by step and real time internet data set is develop using network traffic capture tool, after that feature extraction tool is use to extract features from the capture traffic and then four machine learning classifiers Support Vector Machine, C4.5 decision tree, Naïve Bays and Bayes Net classifiers are applied. Experimental analysis shows that C4.5 classifiers gives very good accuracy result as compare to other classifies.

Yu Wang,Shun-Zheng Yu

DOI: https://doi.org/10.1109/iita.2008.536

2008-01-01

Abstract:Network traffic classification plays an important role in various network activities. Due to the ineffectiveness of traditional port-based and payload-based methods, recent works proposed using machine learning methods to classify flows based on statistical characteristics. In this study, we evaluate the effectiveness of machine learning techniques on the real-time traffic classification problem. We identify the most suitable ML, classifier for network traffic classification by comparing various ML schemes, including both supervised and unsupervised methods. We also apply feature selection to identify significant features. Finally, we simulate real-time classification by using features derived from the first few packets of each flow. The results show that classifiers based on decision tree outperform others on both accuracy and performance; and that classifiers based on early flow properties can achieve high accuracy while reducing the computational complexity.

Yu Wang,Yang Xiang,Shunzheng Yu

DOI: https://doi.org/10.1109/cse.2011.58

2011-01-01

Abstract:Due to the increasing unreliability of traditional port-based methods, Internet traffic classification has attracted a lot of research efforts in recent years. Quite a lot of previous papers have focused on using statistical characteristics as discriminators and applying machine learning techniques to classify the traffic flows. In this paper, we propose a novel machine learning based approach where the features are extracted from packet payload instead of flow statistics. Specifically, every flow is represented by a feature vector, in which each item indicates the occurrence of a particular token, i.e., a common substring, in the payload. We have applied various machine learning algorithms to evaluate the idea and used different feature selection schemes to identify the critical tokens. Experimental result based on a real-world traffic data set shows that the approach can achieve high accuracy with low overhead.

Shijun Huang,Kai Chen,Chao Liu,Alei Liang,Haibing Guan

DOI: https://doi.org/10.1109/icumt.2009.5345539

2009-01-01

Abstract:This Internet traffic classification using Machine Learning is an emerging research field since 1990's, and now it is widely used in numerous network activities. The classification technique focuses on modeling attributes and features of data flows to accomplish the identification of applications. In the paper we design and implement the classification model based on header-derived flow statistical features. Compared with the traditional methods, the model designed here, which is totally insensitive to port numbers and contents of payload on application level, overcomes difficulty in operation caused by unreliable port numbers and complexity of payload interpretation. Rather than relatively complex ML algorithms or even in mixture, supervised k-Nearest Neighbor estimator is adopted for the sake of computational efficiency, along with the effective and easy-to-calculate statistical features selected according to the operational background. Our results indicate that about 90% accuracy on per-flow classification can be achieved, which is a vast improvement over traditional techniques that achieve 50-70%.

Baihe Ma,Hui Zhang,Yao Guo,Zhihong Liu,Yong Zeng

DOI: https://doi.org/10.1109/SNSP.2018.00094

2018-01-01

Abstract:Traffic classification is an invaluable tool which can category network traffics into a number of traffic classes according to various parameter settings. It can not only provide better QoS, but also protect the security of networks. In this paper, the methods of traffic classification are analyzed and summarized based on machine learning through three aspects: supervised machine learning, unsupervised machine learning, and semi-supervised machine learning. Finally, we suggest several strategies to improve the accuracy and scalability of traffic classification.

刘颖秋,李巍,李云春

DOI: https://doi.org/10.3969/j.issn.1001-3695.2008.05.063

2008-01-01

Abstract:This paper introduced the different levels of traffic analysis and relevant knowledge of machine learning,and analyzed some problems in traffic classification technologies,including port number analysis and payload-based analysis.Considering that different applications generate different traffic characters,how to apply clustering and classify method of machine learning to implement traffic classification and discussed application identification.Finally,based on the efficiency of machine learning-based method,pointed out the possible research directions.

GU Yue,LI Dan,GAO Kaihui

DOI: https://doi.org/10.11959/j.issn.1000-0801.2021052

2021-01-01

Abstract:With the continuous development of Internet technology and the continuous expansion of network scale, there are many different types of applications , and various new applications have endlessly emerged.In order to ensure the quality of service (QoS) and ensure network security, accurate and fast traffic classification is an urgent problem for both operators and network managers.Firstly, the problem definition and performance metrics of network traffic classification were given.Then, the traffic classification methods based on machine learning and deep learning were introduced respectively, the advantages and disadvantages of these methods were analyzed, and the existing problems were expounded.Next, the related work by focusing on the three problems encountered elaborated and analyzed in traffic classification when considering online deployment: dataset, zero-day application identification and the cost of online deployment, and further discusses the challenges faced by the current network traffic classification researches.Finally, the next research direction of network traffic classification was prospected.

Jingjing Zhao,Xuyang Jing,Zheng Yan,Witold Pedrycz

DOI: https://doi.org/10.1016/j.inffus.2021.02.009

IF: 18.6

2021-01-01

Information Fusion

Abstract:Traffic classification groups similar or related traffic data, which is one main stream technique of data fusion in the field of network management and security. With the rapid growth of network users and the emergence of new networking services, network traffic classification has attracted increasing attention. Many new traffic classification techniques have been developed and widely applied. However, the existing literature lacks a thorough survey to summarize, compare and analyze the recent advances of network traffic classification in order to deliver a holistic perspective. This paper carefully reviews existing network traffic classification methods from a new and comprehensive perspective by classifying them into five categories based on representative classification features, i.e., statistics-based classification, correlation-based classification, behavior-based classification, payload-based classification, and port-based classification. A series of criteria are proposed for the purpose of evaluating the performance of existing traffic classification methods. For each specified category, we analyze and discuss the details, advantages and disadvantages of its existing methods, and also present the traffic features commonly used. Summaries of investigation are offered for providing a holistic and specialized view on the state-of-art. For convenience, we also cover a discussion on the mostly used datasets and the traffic features adopted for traffic classification in the review. At the end, we identify a list of open issues and future directions in this research field.

Hu Ting,Wang Yong,Tao Xiaoling

DOI: https://doi.org/10.3969/j.issn.1673-808X.2010.03.006

2010-01-01

Abstract:Network traffic classification in terms of application type is the first step in order to realize effective network management.There is the current situation that the traditional classification methods could not meet the pragmatic demands of network manager,which the methods are based on default matched port numbers and signatures analysis.Aiming at the existing problems of the traditional methods in its application,the merits and demerits of two methods are analyzed and compared with the approach based on traffic characteristics applying machine learning that has been developed at present.Studies show that this method is consisted of three critical steps that separately are grouping flow samples,feature selection process and classification process using machine learning,and that machine learning algorithms are applied to precise classification in accordance with statistic features of network traffic.

Zhu Li,Ruixi Yuan,Xiaohong Guan

DOI: https://doi.org/10.1007/978-3-540-73111-5_8

2007-01-01

Abstract:Timely traffic identification is critical in network security monitoring and traffic engineering. Traditional methods using well-known ports, protocols and precise signature matching are no longer accurate with the proliferation of new applications. Recently, applying pattern recognition methods to classify network application traffic based on the flow parameters (e.g. port, flow duration, etc.) has become increasing popular. However, many methods developed in the previous works are either too complex to be applied in real-time, or suffer from lower accuracy due to the insufficient knowledge of the application. In this paper, we first give an overview on the developments of pattern recognition methods as traffic classification tools. We then develop two separate pattern recognition methods: one with supervised learning, and one with un-supervised learning, and apply them to classify traffic captured from a campus backbone network. The supervised learning method (an optimized SVM method) yields approximately 99.41 % accuracy for the collected traffic. The un-supervised learning method (an entropy based clustering method) gets the average accuracy of 92.41% for the top 20 traffic generating hosts during the same time period. Performance test on a single PC with 3GHz Pentium 4 processors and 1 GB of memory show that both methods can handle more than 10000 network flows per second, close to real time requirements for many situations.

jiang yu,hua jun,hu jing,song tiecheng,liu shidong,guo jinghong

2015-01-01

Abstract:This paper summarizes the basic principle and development status of network flow classification techniques.By analyzing and comparing four types of network traffic classification methods which are method based on port mapping,method based on payload,method based on the behavioral characteristics and method based on machine learning,it draws the conclusion that flow classification method based on machine learning is more applicable to electric power information communication network.In the end,this paper emphatically analyzes the two kinds of traffic classification method based on machine learning:C4.5decision tree algorithm and neural network algorithm.

Wei XIONG,Shui-Geng ZHOU,Ji-Hong GUAN

DOI: https://doi.org/10.3969/j.issn.1003-6059.2011.04.011

2011-01-01

Pattern Recognition and Artificial Intelligence

Abstract:The rapid increase of network applications generates a lot of networked data. Classification in networked data is recently an important research issue of data mining field. The state of the art techniques of classification in networked data is surveyed. Firstly, the basic concepts of classification in networked data are introduced. Then, major classification algorithms of networked data are reviewed in detail. Next, one challenging issue, classification in sparsely labeled networks, is reviewed extensively, and various solutions to this issue are discussed. Finally, the future development and expectation of networked data classification techniques are summarized.

Donghong Qin,Jiahai Yang,Jiamian Wang,Bin Zhang

DOI: https://doi.org/10.1109/icct.2011.6158005

2011-01-01

Abstract:With the rapid development of Internet, many network applications (e.g., P2P) use dynamic ports and encryption technology, which makes the traditional port and payload-based classification methods ineffective. Hence, it is important and necessary to find the more effective ones. Currently the machine learning (ML) techniques provide a promising alternative one for IP traffic classification. In this work, we use the ML-based classification method to identify the classes of the unknown flows using the payload-independent statistical features such as packet-length and arrival-interval. In order to improve the efficiency of the classification methods, the feature reduction techniques are further adopted to refine the selected features for attaining a best group of features. Finally we compare and evaluate the ML classification algorithms based on the BRASIL data source in terms of the three metrics such as overall accuracy, average precision and average recall. Our experiments show that the decision-tree algorithm is the best ML one for IP traffic classification and is able to construct the real-time classification system.

Qiuhong Wang,Lei Wang,Ji Xiang

DOI: https://doi.org/10.4028/www.scientific.net/AMR.756-759.3506

2013-09-01

Abstract:Traffic classification is a critical technology in the areas of network management and security monitoring. Traditional port-based and payload-based classification are no longer effective due to the fact that many applications utilize unpredictable port numbers and packet encryption. Researchers tend to apply machine learning (ML) techniques to identify the traffic flows by recognizing statistical features. Unfortunately, looking back upon the related work, most of the ML-based classification algorithms have similar performance, and what really matters now is how to optimize these techniques. In this paper, we analyzed two critical issues (Feature Selection, Configuration of Parameters) of ML classification, and presented the corresponding viable methods to optimize the classification model. This paper also reported the experimental evaluation to assess the performance improvements introduced by our optimized methods; experimental results on real-life datasets and network traffic show that the classification model successfully achieves significant accuracy improvement.

Computer Science

HU Ting,WANG Yong,TAO Xiao-ling

DOI: https://doi.org/10.3724/sp.j.1087.2010.02653

2010-01-01

Journal of Computer Applications

Abstract:In order to satisfy the requirements of users for more and more precise Internet service quality,the traffic classification is an important link in the network management process.Through analyzing and comparing the application situation and the advantages and disadvantages of each classification method by machine learning,which were separately based on port number matching,feature analysis and traffic characteristics,a hybrid model of network traffic classification method was proposed to solve the problems that rely on a single classification method,such as low accuracy,long classification time.This model combined the port number matching with machine learning,and applied Self-Organizing Map (SOM) of which the output result is visual.The experimental result shows that this method can effectively achieve the application type classification of network traffic,and obtain a good visual effect of classification result.

Yu Wang,Shun-Zheng Yu

DOI: https://doi.org/10.4304/jnw.4.7.622-629

2009-01-01

Journal of Networks

Abstract:Network traffic classification plays an important role in various network activities. Due to the ineffectiveness of traditional port-based and payload-based methods, recent works proposed using machine learning methods to classify flows based on statistical characteristics. In this study, we present a comprehensive evaluation of the effectiveness of these statistical methods for real-time traffic classification problem. We evaluate three different flow feature sets that are used to capture distinct properties of each application, two of them consist of features generated from full flows and the third is made up of early sub-flow statistics derived from the first few packets of each flow. We compare various supervised machine learning schemes to identify the one most suitable for traffic classification. We also apply feature selection to identify the most significant features. The results indicate that statistical characteristics of traffic flows are capable to distinguish applications; in particular it’s feasible to use the features derived from early sub-flows for realtime traffic classification. The results also indicate that classifiers based on decision tree outperform others, as they obtain highest accuracy and fastest classifying speed.

Meng Shen,Ke Ye,Xingtong Liu,Liehuang Zhu,Jiawen Kang,Shui Yu,Qi Li,Ke Xu

DOI: https://doi.org/10.1109/comst.2022.3208196

IF: 35.6

2023-01-01

IEEE Communications Surveys & Tutorials

Abstract:Traffic analysis is the process of monitoring network activities, discovering specific patterns, and gleaning valuable information from network traffic. It can be applied in various fields such as network assert probing and anomaly detection. With the advent of network traffic encryption, however, traffic analysis becomes an arduous task. Due to the invisibility of packet payload, traditional traffic analysis methods relying on capturing valuable information from plaintext payload are likely to lose efficacy. Machine learning has been emerging as a powerful tool to extract informative features without getting access to payload, and thus is widely employed in encrypted traffic analysis. In this paper, we present a comprehensive survey on recent achievements in machine learning-powered encrypted traffic analysis. To begin with, we review the literature in this area and summarize the analysis goals that serve as the basis for literature classification. Then, we abstract the workflow of encrypted traffic analysis with machine learning tools, including traffic collection, traffic representation, traffic analysis method, and performance evaluation. For the surveyed studies, the requirements of classification granularity and information timeliness may vary a lot for different analysis goals. Hence, in terms of the goal of traffic analysis, we present a comprehensive review on existing studies according to four categories: network asset identification, network characterization, privacy leakage detection, and anomaly detection. Finally, we discuss the challenges and directions for future research on encrypted traffic analysis.

Zhongkai Zhang,Lei Liu,Xudong Lu,Zhongmin Yan,Hui Li

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom51426.2020.00114

2020-01-01

Abstract:With the growing number of the network based applications, the quality and usability of various applications require distinguished requirements in light of network performance. The Internet is a vast network of independently-managed networks. The traffic is heterogeneous and consists of flows from multiple applications. For the sake of Internet governance, identifying who is who has become an impressing demand. The purpose of Internet governance is to properly distinguish the demands across the limited recourse. Traffic classification is the very beginning that helps identify who and how much the application requires. Hence, the classification and identification of encrypted traffic has drawn much research attention. Compare to the traditional methods such as port-based methods and payload-based methods, this study establishes a two-stage traffic classification framework based on convolutional neural network. Experimental results suggest that the developed method has a good degree of traffic classification subject to fewer bytes in the packet.