Title :
Early traffic identification using Bayesian networks
Author :
Gu, Rentao ; Wang, Hongxiang ; Ji, Yuefeng
Author_Institution :
Key Lab. of Inf. Photonics & Opt. Commun. of MOE, Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Port-based or payload-based analysis is becoming difficult for accurate traffic identification when many applications use dynamic port numbers and encryption to avoid detection. In this paper we present an approach for online traffic classification relying on the observation of the first n packets of a flow. The packet size and inter-arrival times of the individual packets, rather than the statistic features, are chosen as identification parameters. We use labeled data set as training set to construct a Naïve Bayes classifier and use the real discretized conditional probability instead of Gaussian distribution. Two real data sets collected in the campus networks are used to evaluate the proposed approach and the effectiveness is proved. The results also indicate that this approach is not sensitive to the prior probability estimation in most cases, and that packet sizes are more efficient than the inter-arrival times although both of them are important.
Keywords :
belief networks; computer networks; pattern classification; probability; telecommunication traffic; Bayesian networks; discretized conditional probability; dynamic port numbers; early traffic identification; encryption; identification parameters; labeled data set; naive Bayes classifier; online traffic classification; payload-based analysis; port-based analysis; statistic features; Accuracy; Bayesian methods; Estimation; IP networks; Internet; Machine learning; Training; Bayesian networks; Internet; Protocols; high-speed networks; traffic classification;
Conference_Titel :
Network Infrastructure and Digital Content, 2010 2nd IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6851-5
DOI :
10.1109/ICNIDC.2010.5657833
