An approach for classification of network traffic on semi-supervised data using clustering techniques

Classification of network traffic is extensively required mainly for many network management tasks such as flow prioritization, traffic shaping/policing, and diagnostic monitoring. Many approaches have been evolved for this purpose. The classical approaches such as port number or payload analyis methods has their own limitations. For example, some applications uses dynamic port number and encryption techniques, making these techniques ineffective. To overcome these limitations machine learning approaches were proposed. But these approaches also have problems of labeled instances in supervised learning and tedious manual work in unsupervised learning. Our aim was to implement an approach for classification of network traffic on semi-supervised data which overcomes the shortcomings of other two approaches. In this approach, flow (instance) statistics are used to classify the traffic. These flow statistics contains few labeled and many unlabeled instances constitutes a training data set which was used for the training(learning) of classifier. Then we used two processes: the clustering (using K-Medoids) which divides the training data into different groups and classification in which the labeling to the groups was done. To build the model we used the MATLAB tool. To test the build model we used KDD CUP 99 intrusion detection data set, which includes both attack data and normal data.