NTCS: A real time flow-based network traffic classification system

Author

Santiago Lopes Pereira, Silas ; De Castro e Silva, Jorge Luiz ; Bessa Maia, Jose Everardo

Author_Institution

Dept. of Stat. & Comput., State Univ. of Ceara, Fortaleza, Brazil

fYear

2014

fDate

17-21 Nov. 2014

Firstpage

368

Lastpage

371

Abstract

This work presents the design and implementation of a real time flow-based network traffic classification system. The classifier monitor acts as a pipeline consisting of three modules: packet capture and preprocessing, flow reassembly, and classification with Machine Learning (ML). The modules are built as concurrent processes with well defined data interfaces between them so that any module can be improved and updated independently. In this pipeline, the flow reassembly function becomes the bottleneck of the performance. In this implementation, was used a efficient method of reassembly which results in a average delivery delay of 0.49 seconds, aproximately. For the classification module, the performances of the K-Nearest Neighbor (KNN), C4.5 Decision Tree, Naive Bayes (NB), Flexible Naive Bayes (FNB) and AdaBoost Ensemble Learning Algorithm are compared in order to validate our approach.

Keywords

Internet; learning (artificial intelligence); pattern classification; AdaBoost ensemble learning algorithm; C4.5 decision tree; KNN; ML; NB algorithm; NTCS system; classification module; data interface; flexible naive Bayes algorithm; flow reassembly module; k-nearest neighbor; machine learning; naive Bayes algorithm; packet capture and preprocessing module; realtime flow-based network traffic classification system; Delays; Internet; Labeling; Monitoring; Protocols; Real-time systems; Throughput;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and Service Management (CNSM), 2014 10th International Conference on

Conference_Location

Rio de Janeiro

Type

conf

DOI

10.1109/CNSM.2014.7014196

Filename

7014196