ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification
Full text PdfPdf (395 KB)
Source ACM SIGCOMM Computer Communication Review archive
Volume 36 ,  Issue 5  (October 2006) table of contents
FEATURE: Reviewed articles table of contents
Pages: 5 - 16  
Year of Publication: 2006
ISSN:0146-4833
Authors
Nigel Williams  Swinburne University of Technology, Melbourne, Australia
Sebastian Zander  Swinburne University of Technology, Melbourne, Australia
Grenville Armitage  Swinburne University of Technology, Melbourne, Australia
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 37,   Downloads (12 Months): 237,   Citation Count: 14
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1163593.1163596
What is a DOI?

ABSTRACT

The identification of network applications through observation of associated packet traffic flows is vital to the areas of network management and surveillance. Currently popular methods such as port number and payload-based identification exhibit a number of shortfalls. An alternative is to use machine learning (ML) techniques and identify network applications based on per-flow statistics, derived from payload-independent features such as packet length and inter-arrival time distributions. The performance impact of feature set reduction, using Consistency-based and Correlation-based feature selection, is demonstrated on Naïve Bayes, C4.5, Bayesian Network and Naïve Bayes Tree algorithms. We then show that it is useful to differentiate algorithms based on computational performance rather than classification accuracy alone, as although classification accuracy between the algorithms is similar, computational performance can differ significantly.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
T. Karagiannis, A. Broido, N. Brownlee, kc claffy, "Is P2P dying or just hiding?", In Proceedings of Globecom, November/December 2004.
 
2
Thomas M. Mitchell, Machine Learning, McGraw-Hill Higher Education, 1997
3
Andrew W. Moore , Denis Zuev, Internet traffic classification using bayesian analysis techniques, Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 06-10, 2005, Banff, Alberta, Canada
 
4
A. McGregor, M. Hall, P. Lorier, J. Brunskill, "Flow Clustering Using Machine Learning Techniques", Passive & Active Measurement Workshop, France, April 2004.
 
5
T. Dunnigan, G. Ostrouchov, "Flow Characterization for Intrusion Detection", Technical Report, Oak Ridge National Laboratory, November 2000.
 
6
Sebastian Zander , Thuy Nguyen , Grenville Armitage, Automated Traffic Classification and Application Identification using Machine Learning, Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary, p.250-257, November 15-17, 2005  [doi>10.1109/LCN.2005.35]
7
Matthew Roughan , Subhabrata Sen , Oliver Spatscheck , Nick Duffield, Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy  [doi>10.1145/1028788.1028805]
8
Thomas Karagiannis , Konstantina Papagiannaki , Michalis Faloutsos, BLINC: multilevel traffic classification in the dark, Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, August 22-26, 2005, Philadelphia, Pennsylvania, USA
9
Laurent Bernaille , Renata Teixeira , Ismael Akodkenou , Augustin Soule , Kave Salamatian, Traffic classification on the fly, ACM SIGCOMM Computer Communication Review, v.36 n.2, April 2006  [doi>10.1145/1129582.1129589]
 
10
Tjen-Sien Lim , Wei-Yin Loh , Yu-Shan Shih, A Comparison of Prediction Accuracy, Complexity, and Training Time of Thirty-Three Old and New Classification Algorithms, Machine Learning, v.40 n.3, p.203-228, Sept. 2000  [doi>10.1023/A:1007608224229]
 
11
G. H. John, P. Langley, "Estimating Continuous Distributions in Bayesian Classifiers", in Proceedings of 11th Conference on Uncertainty in Artificial Intelligence, pp. 338--345, Morgan Kaufman, San Mateo, 1995.
 
12
Ronny Kohavi , J. Ross Quinlan, Data mining tasks and methods: Classification: decision-tree discovery, Handbook of data mining and knowledge discovery, Oxford University Press, Inc., New York, NY, 2002
 
13
R. Bouckaert, "Bayesian Network Classifiers in Weka", Technical Report, Department of Computer Science, Waikato University, Hamilton, NZ 2005.
 
14
R. Kohavi, "Scaling Up the Accuracy of Naive-Bayes Classifiers: a Decision-Tree Hybrid", in Proceedings of 2nd International Conference on Knowledge Discovery and Data Mining (KDD), 1996.
 
15
Manoranjan Dash , Huan Liu, Consistency-based search in feature selection, Artificial Intelligence, v.151 n.1-2, p.155-176, December 2003  [doi>10.1016/S0004-3702(03)00079-1]
 
16
M. Hall, "Correlation-based Feature Selection for Machine Learning", PhD Diss. Department of Computer Science, Waikato University, Hamilton, NZ, 1998.
 
17
NLANR traces: http://pma.nlanr.net/Special/ (viewed August 2006).
 
18
NetMate, http://sourceforge.net/projects/netmate-meter/ (viewed August 2006).
 
19
N. Brownlee, "NeTraMet & NeMaC Reference Manual", University of Auckland, http://www.auckland. ac.nz/net/Accounting/ntmref.pdf, June 1999.
 
20
Waikato Environment for Knowledge Analysis (WEKA) 3.4.4, http://www.cs.waikato.ac.nz/ml/weka/ (viewed August 2006).

CITED BY  14
Jeffrey Erman , Anirban Mahanti , Martin Arlitt, Byte me: a case for byte accuracy in traffic classification, Proceedings of the 3rd annual ACM workshop on Mining network data, June 12-12, 2007, San Diego, California, USA
Jason But , Thuy Nguyen , Lawrence Stewart , Nigel Williams , Grenville Armitage, Performance analysis of the ANGEL system for automated control of game traffic prioritisation, Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games, p.123-128, September 19-20, 2007, Melbourne, Australia
Jeffrey Erman , Anirban Mahanti , Martin Arlitt , Ira Cohen , Carey Williamson, Offline/realtime traffic classification using semi-supervised learning, Performance Evaluation, v.64 n.9-12, p.1194-1213, October, 2007
Songyun Duan , Shivanath Babu, Processing forecasting queries, Proceedings of the 33rd international conference on Very large data bases, September 23-27, 2007, Vienna, Austria
Harsha V. Madhyastha , Balachander Krishnamurthy, A generic language for application-specific flow sampling, ACM SIGCOMM Computer Communication Review, v.38 n.2, April 2008
Jaehak Yu , Hansung Lee , Myung-Sup Kim , Daihee Park, Traffic flooding attack detection with SNMP MIB using SVM, Computer Communications, v.31 n.17, p.4212-4219, November, 2008
Yan Luo , Ke Xiang , Sanping Li, Acceleration of decision tree searching for IP traffic classification, Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, November 06-07, 2008, San Jose, California
Wei Li , Marco Canini , Andrew W. Moore , Raffaele Bolla, Efficient application identification and the temporal and spatial stability of classification schema, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.790-809, April, 2009
Riyad Alshammari , Peter I. Lichodzijewski , Malcolm Heywood , A. Nur Zincir-Heywood, Classifying SSH encrypted traffic with minimum packet header features using genetic programming, Proceedings of the 11th annual conference companion on Genetic and evolutionary computation conference, July 08-12, 2009, Montreal, Québec, Canada
Yan Hu , Dah-Ming Chiu , John C. S. Lui, Profiling and identification of P2P traffic, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.849-863, April, 2009
Wei Lu , Mahbod Tavallaee , Ali A. Ghorbani, Automatic discovery of botnet communities on large-scale communication networks, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Hyunchul Kim , KC Claffy , Marina Fomenkov , Dhiman Barman , Michalis Faloutsos , KiYoung Lee, Internet traffic classification demystified: myths, caveats, and the best practices, Proceedings of the 2008 ACM CoNEXT Conference, p.1-12, December 09-12, 2008, Madrid, Spain
Philip A. Branch , Amiel Heyde , Grenville J. Armitage, Rapid identification of Skype traffic flows, Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video, June 03-05, 2009, Williamsburg, VA, USA
Alice Este , Francesco Gringoli , Luca Salgarelli, Support Vector Machines for TCP traffic classification, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.14, p.2476-2490, September, 2009

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations
          Subjects: Network monitoring

Additional Classification:
  C. Computer Systems Organization
  C.4 PERFORMANCE OF SYSTEMS
      Subjects: Measurement techniques


General Terms:
Algorithms, Measurement


Keywords:
machine learning, traffic classification

Collaborative Colleagues:
Nigel Williams: colleagues
Sebastian Zander: colleagues
Grenville Armitage: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player