The contents of this legacy page are no longer maintained nor supported, and are made available only for historical purposes.

Bibliography Details

J. Erman, M. Arlitt, and A. Mahanti, "Traffic Classification Using Clustering Algorithms", in ACM SIGCOMM 2006, Aug 2006.

Traffic Classification Using Clustering Algorithms
Authors: J. Erman
M. Arlitt
A. Mahanti
Published: ACM SIGCOMM, 2006
Entry Dates: 2009-02-06
Abstract: Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult with many peer-to-peer (P2P) applications using dynamic port numbers, masquerading techniques, and encryption to avoid detection. An alternative approach is to classify traffic by exploiting the distinctive characteristics of applications when they communicate on a network. We pursue this latter approach and demonstrate how cluster analysis can be used to effectively identify groups of traffic that are similar using only transport layer statistics. Our work considers two unsupervised clustering algorithms, namely K-Means and DBSCAN, that have previously not been used for network traffic classification. We evaluate these two algorithms and compare them to the previously used AutoClass algorithm, using empirical Internet traces. The experimental results show that both K-Means and DBSCAN work very well and much more quickly then AutoClass. Our results indicate that although DBSCAN has lower accuracy compared to K-Means and AutoClass, DBSCAN produces better clusters.
  • datasets: two empirical packet traces 1) Auckland IV (publicly available packet trace, only TCP/IP headers of the traffic going through the University of Auckland's link to Internet, march 16 2001 at 6am to March 19, 2001 at 5:59:59); 2) Calgary (full packet trace collected at University of Calgary,march 10,2006 from 1 to 2 pm);
  • two unsupervised clustering algorithms: K-Means and DBSCAN
  • DBSCAN has lower accuracy compared to K-Means and AutoClass, DBSCAN produces better clusters;