Title :
A multiple-stage classifier for identifying unknown Internet traffic
Author :
Lu, Wei ; Ghorbani, Ali A.
Author_Institution :
Comput. Sci. Dept., USNH, Keene, NH, USA
Abstract :
Accurate and timely classification of network traffic has received a lot of attention recently due to its important roles in many subjects such as QoS provisioning, traffic engineering, network intrusion detection and prevention. In this paper, we present a multiple-stage framework to classify the unknown network traffic in which we first use the well-known port numbers and static payload signatures to identify the most popular network applications and then a deep payload inspection technique is proposed to classify those applications with ephemeral connections. For the rest unknown traffic we applied the traditional k-means algorithm to classify them into existing known application communities. During the experimental evaluation, we verify our algorithm with the network flows collected on a campus-wide WiFi ISP network over one hour and evaluation results show a high detection accuracy approaching to 97%.
Keywords :
Internet; telecommunication traffic; wireless LAN; Internet traffic; campus-wide WiFi ISP network; deep payload inspection technique; ephemeral connection; k-means algorithm; multiple-stage classifier; port number; static payload signature; Classification algorithms; Clustering algorithms; Communities; Internet; Machine learning; Payloads; Protocols;
Conference_Titel :
Communications, Computers and Signal Processing (PacRim), 2011 IEEE Pacific Rim Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4577-0252-5
Electronic_ISBN :
1555-5798
DOI :
10.1109/PACRIM.2011.6032983
