The contents of this legacy page are no longer maintained nor supported, and are made available only for historical purposes.

Bibliography Details

S. Zander, T. Nguyen, and G. Armitage, "Self-learning IP Traffic Classification based on Statistical Flow Characteristics", in Passive and Active Measurement Conference (PAM), Mar 2005.

Self-learning IP Traffic Classification based on Statistical Flow Characteristics
Authors: S. Zander
T. Nguyen
G. Armitage
Published: Passive and Active Measurement Conference (PAM), 2005
URL: http://www.pamconf.org/2005/PDF/34310328.pdf
Entry Dates: 2009-02-11
Abstract: A number of key areas in IP network engineering, management and surveillance greatly benefit from the ability to dynamically identify traffic flows according to the applications responsible for their creation. Currently such classifications rely on selected packet header fields (e.g. destination port) or application layer protocol decoding. These methods have a number of shortfalls e.g. many applications can use unpredictable port numbers and protocol decoding requires high resource usage or is simply infeasible in case protocols are unknown or encrypted. We propose a framework for application classification using an unsupervised machine learning (ML) technique. Flows are automatically classified based on their statistical characteristics. We also propose a systematic approach to identify an optimal set of flow attributes to use and evaluate the effectiveness of our approach using captured traffic traces.
Results:
  • datasets: Aucklan-VI, NZIX-II and Leipzig-II traces from NLANR;
  • propose a framework for application classification using an unsupervised machine learning technique;
  • use autoclass, an implementation of the Expectation Maximization (EM) algorithm;