Optimised TCP Traf“c Classi“cation with multiple statistical algorithms

Network traffic classification can be employed for providing enhanced Quality of Service (QoS), network security, traffic management, etc. Classifying network traffic with statistical characteristics of traffic flows has the advantages of fast processing speed, fairly high accuracy, ability of handling encrypted traffic, etc. However, Nagle´s algorithm coalesces small TCP packets, and sometimes there are overwhelming number of Maximum Transmission Unit (MTU) packets in TCP flows. These mask the statistical characteristics of traffic flows. Different algorithms and statistical features also affect the classification performance. In this paper, an approach for optimising the classifier has been presented, which uses independent binary detectors to handle different traffic types separately. Meanwhile, the algorithms and statistical features for detectors are optimised and the size of detection windows are also optimised in order to find the best detection periods for avoiding the statistical characteristics deteriorated by the overwhelming number of MTU packets. Machine learning algorithms including k-Nearest Neighbour (k-NN), decision trees and neural networks are considered, and Kolmogorov-Smirnov (K-S) test is also considered for using as a non-parametric algorithm. The experimental results and performance comparison confirmed that, the proposed system has higher accuracy, and can classify traffic earlier.