Journal of the Korean Institute of Intelligent Systems (한국지능시스템학회논문지)

Korean Institute of Intelligent Systems (한국지능시스템학회)
권호 표지
DOI QR코드

DOI QR Code

Hierarchical Internet Application Traffic Classification using a Multi-class SVM

다중 클래스 SVM을 이용한 계층적 인터넷 애플리케이션 트래픽의 분류

  • 유재학 (고려대학교 컴퓨터정보학과) ;
  • 이한성 (한국전자통신연구원) ;
  • 임영희 (고려대학교 컴퓨터정보학과) ;
  • 김명섭 (고려대학교 컴퓨터정보학과) ;
  • 박대희 (고려대학교 컴퓨터정보학과)
  • Received : 2009.04.30
  • Accepted : 2010.01.12
  • Published : 2010.02.25
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we introduce a hierarchical internet application traffic classification system based on SVM as an alternative overcoming the uppermost limit of the conventional methodology which is using the port number or payload information. After selecting an optimal attribute subset of the bidirectional traffic flow data collected from the campus, the proposed system classifies the internet application traffic hierarchically. The system is composed of three layers: the first layer quickly determines P2P traffic and non-P2P traffic using a SVM, the second layer classifies P2P traffics into file-sharing, messenger, and TV, based on three SVDDs. The third layer makes specific classification of the entire 16 application traffics. By classifying the internet application traffic finely or coarsely, the proposed system can guarantee an efficient system resource management, a stable network environment, a seamless bandwidth, and an appropriate QoS. Also, even a new application traffic is added, it is possible to have a system incremental updating and scalability by training only a new SVDD without retraining the whole system. We validate the performance of our approach with computer experiments.

본 논문에서는 인터넷 애플리케이션 트래픽 분류방법으로 대표되는 포트 번호 및 페이로드 정보를 이용하는 방법론의 한계점을 극복하는 대안으로서, SVM을 기반으로 한 계층적 인터넷 애플리케이션 트래픽 분류 시스템을 제안한다. 제안된 시스템은 이진 분류기인 SVM과 단일클래스 SVM의 대표적 모델인 SVDD를 계층적으로 결합한 새로운 트래픽 분류 모델로서, 학내에서 수집된 양방향 트래픽 플로우 데이터에 대한 최적의 속성 부분집합을 선택한 후, P2P 트래픽과 non-P2P 트래픽을 빠르게 분류하는 첫 번째 계층, P2P 트래픽들을 파일공유, 메신저, TV로 분류하는 두 번째 계층, 그리고 전체 16가지 애플리케이션 트래픽별로 세분화 분류하는 세 번째 계층으로 구성된다. 제안된 시스템은 인터넷 애플리케이션 트래픽을 coarse 혹은 fine하게 분류함으로써 효율적인 시스템의 자원 관리, 안정적인 네트워크 환경의 지원, 원활한 대역폭의 사용, 그리고 적절한 QoS를 보장할 수 있다. 또한, 새로운 애플리케이션 트래픽이 추가되더라도 전체 시스템을 재학습시킬 필요 없이 새로운 애플리케이션 트래픽만을 추가 학습함으로써 시스템의 점증적 갱신 및 확장성도 가능하다. 실험을 통하여 제안된 시스템의 성능을 검증한다.

Keywords

References

  1. H. Schulze and K. Mochalski, Ipoque Internet Study 2008/2009, http://www.ipoque.com/.
  2. G. Szabo, I. Szabo, and D. Orincsay, "Accurate Traffic Classification," IEEE Int. Symposium on World of Wireless Mobile and Multimedia Networks, pp. 1-8, 2007. https://doi.org/10.1109/WOWMOM.2007.4351725
  3. J. Erman, A. Mahanti, and M. Arlitt, "Internet Traffic Identification using Machine Learning," IEEE Conf. on Global Telecommunications, pp. 1-6, 2006.
  4. T. Auld, A. Moore, and S. Gull, "Bayesian Neural Networks for Internet Traffic Classifications," IEEE Trans. on Neural Networks, Vol. 18, No. 1. pp. 223-239, 2007. https://doi.org/10.1109/TNN.2006.883010
  5. Y. Liu, R. Wang, H. Huang, Y. Zeng, and H. He, "Applying Support Vector Machine to P2P Traffic Identification with Smooth Processing," IEEE Int. Conf. on Signal Processing, Vol. 3, pp.16-20, 2006.
  6. F. J. Gonzalez-Castano, P. S.Rodriguez-Hernandez R. P. Martinez-Alvarez, A. Gomez, I. Lopez- Cabido, and J. Villasuso-Barreiro, "Support Vector Machine Detection of Peer-to-Peer Traffic," IEEE Int. Conf. on Computational Intelligence for Measurement Systems and Applications, pp. 103-108, 2006.
  7. A. Yang, S. Jiang, and H. Deng, "A P2P Network Traffic Classification Method using SVM," The 9th Int. Conf. for Young Computer Scientists, pp. 398-403, 2008.
  8. X. Zhou, "A P2P Traffic Classification Method Based on SVM," Int. Symposium Computer Science and Computational Technology, pp. 53-57, 2008.
  9. H. Lee, J. Song, and D. Park, "Intrusion Detection System Based on Multi-class SVM," LNAI, 3642, pp. 511-519, 2005.
  10. M. Tai, S. Ata, and I. Oka, "Fast, Accurate, and Lightweight Real-Time Traffic Identification Method Based on Flow Statistics," LNCS, 4427, pp. 255-259, 2007.
  11. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "BLINC: Multilevel Traffic Classification in the Dark," In Proc. of ACM SIGCOMM, Vol. 35, No.4, pp. 229-240, 2005. https://doi.org/10.1145/1090191.1080119
  12. J. Li, S. Zhang, S. Liu, and Y. Xuan, "Active P2P Traffic Identification Technique," IEEE Int. Conf. on Computational Intelligence and .Security, pp. 37-41, 2007.
  13. G. Zhang, G. Xie, J. Yang, Y. Min, Z. Zhou, and X. Duan, "Accurate Online Traffic Classification with Multi-phases Identification Methodology," IEEE Int. Conf. on Consumer Communications and Networking, pp. 141-146, 2008.
  14. P. Phaal, S. Panchen, and N. McKee, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks, IETF RFC 3176, 2001.
  15. Cisco Systems, White Papers, NetFlow Services and Applications, http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm.
  16. S. Han, M, Kim, H, Ju, and J. W. Hong, "The Architecture of NG-MON: A Passive Network Monitoring System," LNCS, 2506, pp. 16-27, 2002.
  17. M. Hall, Correlation-based Feature Selection for Machine Learning, PhD Diss. Department of Computer Science, Waikato University, Hamilton, NZ, 1998.
  18. I. Seok, J. Lee, and B. Moon, "Hybrid Genetic Algorithms for Feature Selection," IEEE Trans. on Pattern Analysis and Machine Intelligence, Vol. 26, No. 11, pp. 1424-1437, 2006. https://doi.org/10.1109/TPAMI.2004.105
  19. F. Fleuret, "Fast Binary Feature Selection with Conditional Mutual Information," Journal of Machine Learning Research, Vol. 5, pp. 1531-1555, 2004.
  20. Y. Sun and J. Li, "Iterative RELIEF for Feature Weighting," In Proc. of the 23rd Int. Conf. on Machine Learning, pp. 913-920, 2006.
  21. T. Ambwani, "Multi Class Support Vector Machine Implementation to Intrusion Detection," In Proc. of the Int. Conf. on Neural Networks, Vol. 3, pp.2300-2305, 2003. https://doi.org/10.1109/IJCNN.2003.1223770
  22. B. Park, Y. Won, M. Kim, and Hong, J. W. Hong, "Towards Automated Application Signature Generation for Traffic Identification," Network Operations and Management Symposium, pp. 160-167, 2008.
  23. Machine Learning Lab in The University of Waikato, http://www.cs.waikato.ac.nz/ml..

Cited by

  1. An analysis of satisfaction index on computer education of university based on Fuzzy Decision Making Method vol.16, pp.4, 2013, https://doi.org/10.9717/kmms.2013.16.4.502