Internet traffic classification demystified

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Internet traffic classification demystified: myths, caveats, and the best practices

Full text

Pdf (207 KB)

Source

International Conference On Emerging Networking Experiments And Technologies archive
Proceedings of the 2008 ACM CoNEXT Conference table of contents

Madrid, Spain

Article No. 11

Year of Publication: 2008

ISBN:978-1-60558-210-8

Authors

Hyunchul Kim	CAIDA and Seoul National University
KC Claffy	UC San Diego
Marina Fomenkov	UC San Diego
Dhiman Barman	UC Riverside
Michalis Faloutsos	UC Riverside
KiYoung Lee	UC San Diego

Sponsors

ACM: Association for Computing Machinery
SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 53, Downloads (12 Months): 137, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1544012.1544023 What is a DOI?

ABSTRACT

Recent research on Internet traffic classification algorithms has yield a flurry of proposed approaches for distinguishing types of traffic, but no systematic comparison of the various algorithms. This fragmented approach to traffic classification research leaves the operational community with no basis for consensus on what approach to use when, and how to interpret results. In this work we critically revisit traffic classification by conducting a thorough evaluation of three classification approaches, based on transport layer ports, host behavior, and flow features. A strength of our work is the broad range of data against which we test the three classification approaches: seven traces with payload collected in Japan, Korea, and the US. The diverse geographic locations, link characteristics and application traffic mix in these data allowed us to evaluate the approaches under a wide variety of conditions. We analyze the advantages and limitations of each approach, evaluate methods to overcome the limitations, and extract insights and recommendations for both the study and practical application of traffic classification. We make our software, classifiers, and data available for researchers interested in validating or extending this work.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	CoralReef. http://www.caida.org/tools/measurement/coralreef/.
	2	Ellacoya. http://www.ellacoya.com.
	3	Packeteer. http://www.packeteer.com.
	4	WEKA: Data Mining Software in Java. http://www.cs.waikato.ac.nz/ml/weka/.
	5	Mark Allman , Vern Paxson , Jeff Terrell, A brief history of scanning, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, October 24-26, 2007, San Diego, California, USA [doi>10.1145/1298306.1298316]
	6	Annalisa Appice , Michelangelo Ceci , Simon Rawles , Peter Flach, Redundant feature elimination for multi-class problems, Proceedings of the twenty-first international conference on Machine learning, p.5, July 04-08, 2004, Banff, Alberta, Canada [doi>10.1145/1015330.1015397]
	7	T. Auld, A. W. Moore, and S. F. Gull. Bayesian neural networks for internet traffic classification. IEEE Transactions on Neural Networks, 18(1): 223--239, January 2007.
	8	Kristin P. Bennett , Colin Campbell, Support vector machines: hype or hallelujah?, ACM SIGKDD Explorations Newsletter, v.2 n.2, p.1-13, Dec. 2000 [doi>10.1145/380995.380999]
	9	Laurent Bernaille , Renata Teixeira , Kave Salamatian, Early application identification, Proceedings of the 2006 ACM CoNEXT conference, December 04-07, 2006, Lisboa, Portugal [doi>10.1145/1368436.1368445]
	10	Avrim L. Blum , Pat Langley, Selection of relevant features and examples in machine learning, Artificial Intelligence, v.97 n.1-2, p.245-271, Dec. 1997 [doi>10.1016/S0004-3702(97)00063-5]
	11	Kun-chan Lan , John Heidemann, A measurement study of correlations of internet flow characteristics, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.1, p.46-62, 16 January 2006 [doi>10.1016/j.comnet.2005.02.008]
	12	T. Choi, C. Kim, S. Yoon, J. Park, B. Lee, H. Kim, and H. Chung. Content-aware internet application traffic measurement and analysis. In IEEE/IFIP NOMS, April 2004.
	13	K. Claffy, H.-W. Braun, and G. C. Polyzos. A parameterizable methodology for internet traffic flow profiling. IEEE JSAC Special Issue on the Global Internet, 1995.
	14	Manuel Crotti , Maurizio Dusi , Francesco Gringoli , Luca Salgarelli, Traffic classification through simple statistical fingerprinting, ACM SIGCOMM Computer Communication Review, v.37 n.1, January 2007 [doi>10.1145/1198255.1198257]
	15	Holger Dreger , Anja Feldmann , Michael Mai , Vern Paxson , Robin Sommer, Dynamic application-layer protocol analysis for network intrusion detection, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
	16	Jeffrey Erman , Martin Arlitt , Anirban Mahanti, Traffic classification using clustering algorithms, Proceedings of the 2006 SIGCOMM workshop on Mining network data, p.281-286, September 11-15, 2006, Pisa, Italy [doi>10.1145/1162678.1162679]
	17	Jeffrey Erman , Anirban Mahanti , Martin Arlitt , Carey Williamson, Identifying and discriminating between web and peer-to-peer traffic in the network core, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada [doi>10.1145/1242572.1242692]
	18	J. Erman, A. Mahanti, and M. Arlitt. Internet Traffic Identification using Machine Learning. In IEEE Globecom, November 2006.
	19	Jeffrey Erman , Anirban Mahanti , Martin Arlitt, Byte me: a case for byte accuracy in traffic classification, Proceedings of the 3rd annual ACM workshop on Mining network data, June 12-12, 2007, San Diego, California, USA [doi>10.1145/1269880.1269890]
	20	J. Erman, A. Mahanti, M. Arlitt, I. Cohen, and C. Williamson. Offline/Realtime Traffic Classification Using Semi-Supervised Learning. In IFIP Performance, October 2007.
	21	Marc E. Fiuczynski, PlanetLab: overview, history, and future directions, ACM SIGOPS Operating Systems Review, v.40 n.1, January 2006 [doi>10.1145/1113361.1113366]
	22	Patrick Haffner , Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, ACAS: automated construction of application signatures, Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data, August 26-26, 2005, Philadelphia, Pennsylvania, USA [doi>10.1145/1080173.1080183]
	23	Marios Iliofotou , Prashanth Pappu , Michalis Faloutsos , Michael Mitzenmacher , Sumeet Singh , George Varghese, Network monitoring using traffic dispersion graphs (tdgs), Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, October 24-26, 2007, San Diego, California, USA [doi>10.1145/1298306.1298349]
	24	Thomas Karagiannis , Andre Broido , Michalis Faloutsos , Kc claffy, Transport layer identification of P2P traffic, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy [doi>10.1145/1028788.1028804]
	25	Thomas Karagiannis , Konstantina Papagiannaki , Michalis Faloutsos, BLINC: multilevel traffic classification in the dark, Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, August 22-26, 2005, Philadelphia, Pennsylvania, USA
	26	Anukool Lakhina , Mark Crovella , Christophe Diot, Mining anomalies using traffic feature distributions, Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, August 22-26, 2005, Philadelphia, Pennsylvania, USA
	27	Z. Li, R. Yuan, and X. Guan. Accurate Classification of the Internet Traffic Based on the SVM Method. In ICC, June 2007.
	28	Justin Ma , Kirill Levchenko , Christian Kreibich , Stefan Savage , Geoffrey M. Voelker, Unexpected means of protocol inference, Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil [doi>10.1145/1177080.1177123]
	29	A. McGregor, M. Hall, P. Lorier, and J. Brunskill. Flow clustering using machine learning techniques. In PAM, April 2004.
	30	A. Moore and K. Papagiannaki. Toward the accurate identification of network applications. In PAM, April 2005.
	31	Andrew W. Moore , Denis Zuev, Internet traffic classification using bayesian analysis techniques, Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 06-10, 2005, Banff, Alberta, Canada
	32	T. T. Nguyen and G. Armitage. Training on multiple sub-flows to optimise the use of machine learning classifiers in real-world ip networks. In IEEE LCN, November 2006.
	33	T. T. Nguyen and G. Armitage. A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys and Tutorials, to appear, 2008.
	34	Vladimir Pervouchine , Graham Leedham, Extraction and analysis of forensic document examiner features used for writer identification, Pattern Recognition, v.40 n.3, p.1004-1013, March, 2007 [doi>10.1016/j.patcog.2006.08.008]
	35	J. C. Plat. Sequential minimal optimization: A fast algorithm for training support vector machines. Technical Report MSR-TR-98-14, Microsoft Research, April 1998.
	36	Matthew Roughan , Subhabrata Sen , Oliver Spatscheck , Nick Duffield, Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy [doi>10.1145/1028788.1028805]
	37	Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA [doi>10.1145/988672.988742]
	38	N. Williams, S. Zander, and G. Armitage. Evaluating machine learning algorithms for automated network application identification. Technical Report 060401B, CAIA, Swinburne Univ., April 2006.
	39	Nigel Williams , Sebastian Zander , Grenville Armitage, A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification, ACM SIGCOMM Computer Communication Review, v.36 n.5, October 2006 [doi>10.1145/1163593.1163596]
	40	Ian H. Witten , Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems), Morgan Kaufmann Publishers Inc., San Francisco, CA, 2005
	41	Y. J. Won, B.-C. Park, H.-T. Ju, M.-S. Kim, and J. W. Hong. A hybrid approach for accurate application traffic idenficiation. In IEEE/IFIP E2EMON, April 2006.
	42	Sebastian Zander , Thuy Nguyen , Grenville Armitage, Automated Traffic Classification and Application Identification using Machine Learning, Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary, p.250-257, November 15-17, 2005 [doi>10.1109/LCN.2005.35]