Traffic classification using clustering algorithms

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Traffic classification using clustering algorithms

Full text

Pdf (149 KB)

Source

Joint International Conference on Measurement and Modeling of Computer Systems archive
Proceedings of the 2006 SIGCOMM workshop on Mining network data table of contents

Pisa, Italy

Pages: 281 - 286

Year of Publication: 2006

ISBN:1-59593-569-X

Authors

Jeffrey Erman	University of Calgary, Calgary, AB, Canada
Martin Arlitt	University of Calgary, Calgary, AB, Canada
Anirban Mahanti	University of Calgary, Calgary, AB, Canada

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 39, Downloads (12 Months): 236, Citation Count: 15

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1162678.1162679 What is a DOI?

ABSTRACT

Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult with many peer-to-peer (P2P) applications using dynamic port numbers, masquerading techniques, and encryption to avoid detection. An alternative approach is to classify traffic by exploiting the distinctive characteristics of applications when they communicate on a network. We pursue this latter approach and demonstrate how cluster analysis can be used to effectively identify groups of traffic that are similar using only transport layer statistics. Our work considers two unsupervised clustering algorithms, namely K-Means and DBSCAN, that have previously not been used for network traffic classification. We evaluate these two algorithms and compare them to the previously used AutoClass algorithm, using empirical Internet traces. The experimental results show that both K-Means and DBSCAN work very well and much more quickly then AutoClass. Our results indicate that although DBSCAN has lower accuracy compared to K-Means and AutoClass, DBSCAN produces better clusters.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Peter Cheeseman , John Stutz, Bayesian classification (AutoClass): theory and results, Advances in knowledge discovery and data mining, American Association for Artificial Intelligence, Menlo Park, CA, 1996
	2	A. P. Dempster, N. M. Paird, and D. B. Rubin. Maximum likelihood from incomeplete data via the EM algorithm. Journal of the Royal Statistical Society, 39(1): 1--38, 1977.
	3	Christian Dewes , Arne Wichmann , Anja Feldmann, An analysis of Internet chat systems, Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, October 27-29, 2003, Miami Beach, FL, USA [doi>10.1145/948205.948214]
	4	M. B. Eisen, P. T. Spellman, P. O. Brown, and D. Botstein. Cluster Analysis and Display of Genome-wide Expression Patterns. Genetics, 95(1): 14863--15868, 1998.
	5	M. Ester, H. Kriegel, J. Sander, and X. Xu. A Density-based Algorithm for Discovering Clusters in Large Spatial Databases with Noise. In 2nd Int. Conf. on Knowledge Discovery and Data Mining (KDD 96), Portland, USA, 1996.
	6	Patrick Haffner , Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, ACAS: automated construction of application signatures, Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data, August 26-26, 2005, Philadelphia, Pennsylvania, USA [doi>10.1145/1080173.1080183]
	7	Anil K. Jain , Richard C. Dubes, Algorithms for clustering data, Prentice-Hall, Inc., Upper Saddle River, NJ, 1988
	8	Thomas Karagiannis , Andre Broido , Michalis Faloutsos , Kc claffy, Transport layer identification of P2P traffic, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy [doi>10.1145/1028788.1028804]
	9	Thomas Karagiannis , Konstantina Papagiannaki , Michalis Faloutsos, BLINC: multilevel traffic classification in the dark, Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, August 22-26, 2005, Philadelphia, Pennsylvania, USA
	10	A. McGregor, M. Hall, P. Lorier, and J. Brunskill. Flow Clustering Using Machine Learning Techniques. In PAM 2004, Antibes Juan-les-Pins, France, April 19--20, 2004.
	11	A. W. Moore and K. Papagiannaki. Toward the Accurate Identification of Network Applications. In PAM 2005, Boston, USA, March 31-April 1, 2005.
	12	Andrew W. Moore , Denis Zuev, Internet traffic classification using bayesian analysis techniques, Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 06-10, 2005, Banff, Alberta, Canada
	13	Vern Paxson, Empirically derived analytic models of wide-area TCP connections, IEEE/ACM Transactions on Networking (TON), v.2 n.4, p.316-336, Aug. 1994 [doi>10.1109/90.330413]
	14	Matthew Roughan , Subhabrata Sen , Oliver Spatscheck , Nick Duffield, Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy [doi>10.1145/1028788.1028805]
	15	Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA [doi>10.1145/988672.988742]
	16	Ian H. Witten , Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems), Morgan Kaufmann Publishers Inc., San Francisco, CA, 2005
	17	Sebastian Zander , Thuy Nguyen , Grenville Armitage, Automated Traffic Classification and Application Identification using Machine Learning, Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary, p.250-257, November 15-17, 2005 [doi>10.1109/LCN.2005.35]

CITED BY 15

	John Mark Agosta , Carlos Diuk-Wasser , Jaideep Chandrashekar , Carl Livadas, An adaptive anomaly detector for worm detection, Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques, p.1-6, April 10, 2007, Cambridge, MA
	Jeffrey Erman , Anirban Mahanti , Martin Arlitt , Ira Cohen , Carey Williamson, Semi-supervised network traffic classification, ACM SIGMETRICS Performance Evaluation Review, v.35 n.1, June 2007
	Jeffrey Erman , Anirban Mahanti , Martin Arlitt , Carey Williamson, Identifying and discriminating between web and peer-to-peer traffic in the network core, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada
	Laurent Bernaille , Renata Teixeira , Kave Salamatian, Early application identification, Proceedings of the 2006 ACM CoNEXT conference, December 04-07, 2006, Lisboa, Portugal
	Jeffrey Erman , Anirban Mahanti , Martin Arlitt , Ira Cohen , Carey Williamson, Offline/realtime traffic classification using semi-supervised learning, Performance Evaluation, v.64 n.9-12, p.1194-1213, October, 2007
	Hajime Inoue , Dana Jansens , Abdulrahman Hijazi , Anil Somayaji, NetADHICT: a tool for understanding network traffic, Proceedings of the 21st conference on 21st Large Installation System Administration Conference, p.1-9, November 11-16, 2007, Dallas
	Ioan Pop, WMHAS model for improvement document classification, Proceedings of the 11th WSEAS International Conference on Computers, p.184-189, July 26-28, 2007, Agios Nikolaos, Crete Island, Greece
	Urko Zurutuza , Roberto Uribeetxeberria , Diego Zamboni, A data mining approach for analysis of worm activity through automatic signature generation, Proceedings of the 1st ACM workshop on Workshop on AISec, October 27-27, 2008, Alexandria, Virginia, USA
	David Plonka , Paul Barford, Context-aware clustering of DNS query traffic, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, October 20-22, 2008, Vouliagmeni, Greece
	Ionut Trestian , Supranamaya Ranjan , Aleksandar Kuzmanovi , Antonio Nucci, Unconstrained endpoint profiling (googling the internet), ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
	Wei Li , Marco Canini , Andrew W. Moore , Raffaele Bolla, Efficient application identification and the temporal and spatial stability of classification schema, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.790-809, April, 2009
	Riyad Alshammari , Peter I. Lichodzijewski , Malcolm Heywood , A. Nur Zincir-Heywood, Classifying SSH encrypted traffic with minimum packet header features using genetic programming, Proceedings of the 11th annual conference companion on Genetic and evolutionary computation conference, July 08-12, 2009, Montreal, Québec, Canada
	Daniele Apiletti , Elena Baralis , Tania Cerquitelli , Vincenzo D'Elia, Characterizing network traffic by means of the NetMine framework, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.774-789, April, 2009
	Hyunchul Kim , KC Claffy , Marina Fomenkov , Dhiman Barman , Michalis Faloutsos , KiYoung Lee, Internet traffic classification demystified: myths, caveats, and the best practices, Proceedings of the 2008 ACM CoNEXT Conference, p.1-12, December 09-12, 2008, Madrid, Spain
	Alice Este , Francesco Gringoli , Luca Salgarelli, On the stability of the information carried by traffic flow features at the packet level, ACM SIGCOMM Computer Communication Review, v.39 n.3, July 2009