كليدواژه :
ترافيك شبكه , شناسايي ترافيك شبكه , يادگيري ماشين , از دست دادن بسته
چكيده فارسي :
شناسايي ترافيك شبكه يكي از نيازهاي اساسي مديران جهت كنترل شبكه، براي بهبود كيفيت خدماتدهي و حفظ امنيت در شبكه است. يكي از چالشهاي اساسي در روشهاي مبتني بر تحليل آماري بسته ها، شناسايي ترافيك شبكه، مسأله از دستدادن (اتلاف) بستهها است كه استفاده از ويژگيهاي آماري در تحليل ترافيك شبكه را با مشكل جدي روبهرو ميسازد. اين مسأله، ويژگيهاي آماري بستهها نظير فاصله زماني بين ارسال بستههاي متوالي برنامههاي كاربردي را تحت تأثير قرار ميدهد، و در مواردي دقت شناسايي ترافيك را به ميزان قابل توجهي كاهش ميدهد. هدف اصلي اين مقاله بررسي تأثيرات اتلاف بستهها بر روي ويژگيهاي آماري، و در نتيجه دقت شناسايي برنامههاي كاربردي، و همچنين استخراج ويژگيهاي مناسب جهت چيرهشدن بر اين تأثيرات است. بدين منظور، رفتار چهار ويژگي آماري، مورد بررسي قرار گرفته و با استخراج ويژگي از توزيع آنها ترافيك شبكه شناسايي ميشود. به همين منظور پايگاه دادهاي از ترافيك هفت برنامه كاربردي با نرخهاي مختلفي از اتلاف بسته، تهيه شده و ميزان صحت تشخيص برنامههاي كاربردي بهوسيله شبكه عصبي، مورد تحليل قرار گرفته است. نتايج نشان ميدهد كه ويژگيهاي استخراجشده در مقابل رخداد اتلاف بستهها مقاوم بوده و دقت شناسايي ترافيك شبكه را در حالتهاي مختلف رخداد اتلاف بسته به حالت ايدهآل (عدم رخداد اتلاف بسته در شبكه) نزديك ميكند.
چكيده لاتين :
There are huge petitions of network traffic coming from various applications on Internet. In dealing with this volume of network traffic, network management plays a crucial rule. Traffic classification is a basic technique which is used by Internet service providers (ISP) to manage network resources and to guarantee Internet security. In addition, growing bandwidth usage, at one hand, and limited physical capacity of communication lines, at the other hand, lead providers to improve utilization quality of network resources. In fact, classification or identification of network is a critical task in network processing for traffic management, anomaly detection, and also to improve network quality-of-service (QoS). Port and payload based methods are two classical techniques which are applicable under traditional network conditions. However, many Internet applications use dynamic port numbers for communications, which lead to difficulties in identifying traffic using port numbers. Also many applications encrypt the data before transmitting to avoid detection. Therefore, payload-based techniques are inefficient for these traffics. In recent years, statistical feature-based traffic flow identification methods (STFIM) have attracted the interest of many researchers. The most important part of a STFIM is the selection of efficient statistical features.
Preliminary analysis shows that the problem of packet loss in data transmission is one of the major challenges in employing STFIM for network traffic identification. This affects the statistical characteristics of packets, such as the time interval between sending successive application packets, and in some cases significantly reduces the accuracy of traffic identification. The main goal of this paper is to examine the effects of packet loss on statistical features, and therefore the accuracy of identifying applications, as well as extracting appropriate features to overcome these effects. For this purpose, the behavior of four statistical features, including the packet size, the time interval between sending and receiving packets, the duration of the flows and the rate of sending packets, are investigated; then applications traffics are identified via considering characteristics of their distribution.
We collected a database of network traffic flow from seven applications with different rates of packet loss. We used the extracted features in a multilayer neural network, as a classifier, to differentiate between different traffic applications. Experimental results show that the extracted features are robust against the packets loss, and the accuracy of the network traffic identification is close to the ideal state (traffic flow with no packet lost).
