19 July 2013 Network traffic classification using a random field model
Author Affiliations +
Proceedings Volume 8878, Fifth International Conference on Digital Image Processing (ICDIP 2013); 887835 (2013) https://doi.org/10.1117/12.2030954
Event: Fifth International Conference on Digital Image Processing, 2013, Beijing, China
The accurate identification of the different protocols used by various applications plays an important role in many network management and monitoring tasks. However, the development of emerging applications and the evolution of existing applications have made the early success of port number or payload signature based classification methods no longer repeatable. On the other hand, machine learning based approaches have achieved steady progress in classification accuracy, with the statistical features extracted from packets and flows. In this paper, by introducing a Markov random field to model the semantics of network application protocols, we investigate a new approach to classifying network traffic into application protocols. First the packets in a flow are aggregated into messages that contain the related semantics information. We assume that the simple message features like the length and the direction of a message are observable, while the semantics of messages are invisible in both training and test phases. Tested with traffic traces collected from heterogeneous sources, this approach was demonstrated to be able to deliver good accuracy and speed.
© (2013) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Gang Shen, Gang Shen, Zhaojie Niu, Zhaojie Niu, Liyuan Duan, Liyuan Duan, "Network traffic classification using a random field model", Proc. SPIE 8878, Fifth International Conference on Digital Image Processing (ICDIP 2013), 887835 (19 July 2013); doi: 10.1117/12.2030954; https://doi.org/10.1117/12.2030954

Back to Top