Application of Clustering Algorithms in Ip Traffic Classification

Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult with many peer-to-peer (P2P) applications using dynamic port numbers, nat techniques,and encryption to avoid detection. An alternative approach is to classify traffic by exploiting the distinctive characteristics of applications when they communicate on a network. We pursue this latter approach and demonstrate how cluster analysis can be used to effectively identify groups of traffic that are similar using only transport layer statistics. Our work considers two unsupervised clustering algorithms, namely K-means and DBSCAN, that have previously not been used for network traffic classification. We evaluate these two algorithms, using empirical Internet traces. The experimental results show that both K-means and DBSCAN work very well and much more quickly Our results indicate that although DBSCAN has lower accuracy compared to K-means and, DBSCAN produces better clusters.