Unknown network protocol classification method based on semi-supervised learning

Network protocol classification plays an important role in modern network security and fine-grained management architectures. The state-of-the-art network protocol classification methods aim to take the advantages of flow statistical features and machine learning techniques. However the classification performance is severely affected by limited supervised information and unknown network protocols. In this paper, a novel semi-supervised learning method is proposed to solve the problem of unknown protocols in the crucial situation of a small labeled training sample set. The proposed method possesses the superior capability of detecting unknown samples generated by unknown protocols with the help of flow correlation information and semi-supervised clustering ensemble learning to boost the classification performance. A theoretical analysis is provided to confirm the effectiveness of the proposed method. Moreover, the comprehensive performance evaluation conducted on real-world network protocols datasets shows that the proposed method is significantly better than the existing methods in the critical network environment.