PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

On different ways to classify Internet traffic : a short review of selected publications

Autorzy
Treść / Zawartość
Identyfikatory
Warianty tytułu
PL
O wielu sposobach klasyfikacji ruchu internetowego: krótki przegląd wybranych publikacji
Języki publikacji
EN
Abstrakty
EN
Traffic classification is an important tool for network management. It reveals the source of observed network traffic and has many potential applications e.g. in Quality of Service, network security and traffic visualization. In the last decade, traffic classification evolved quickly due to the raise of peer-to-peer traffic. Nowadays, researchers still find new methods in order to withstand the rapid changes of the Internet. In this paper, we review 13 publications on traffic classification and related topics that were published during 2009-2012. We show diversify in recent algorithms and we highlight possible directions for the future research on traffic classification: relevance of multi-level classification, importance of experimental validation, and the need for common traffic datasets.
PL
Artykuł prezentuje przegląd 13 wybranych prac z dziedziny klasyfikacji ruchu internetowego pod kątem różnorodności w zastosowanych metodach. Prace zostały wybrane z najciekawszych naszym zdaniem publikacji z ostatnich kilku lat (2009-2012). W porównaniu do istniejących przeglądów literaturowych - np. [13], [14], czy [3] - niniejszy artykuł dotyczy nowszych badań, oraz wykazuje, że łączenie wielu metod klasyfikacji w jeden system może być ciekawym kierunkiem dla przyszłych badań w tej dziedzinie. Klasyfikacja ruchu internetowego polega na odgadnięciu nazwy protokołu komunikacyjnego lub aplikacji, która wygenerowała dany ciąg pakietów IR Informacja ta jest przydatna np. w zarządzaniu ruchem w sieciach internetowych, gdy potrzeba kształtować ruch w zależności od jego rodzaju. Klasyfikacja ruchu znajduje zastosowanie także w zagadnieniach sieciowych związanych z wdrażaniem zasad bezpieczeństwa (np. zakaz stosowania aplikacji Skype), monitorowaniem natężenia ruchu (np. wykrywanie ataków DoS), oraz wielu innych. Przegląd literatury został podzielony na 4 kategorie: klasyfikacja ruchu (rozdział 3.1., prace nr 16), detekcja pojedynczych aplikacji (rozdział 3.2., prace nr 7-8), metody pozyskiwania „wiedzy bazowej" (ang. ground truth, rozdział 3.3., prace nr 9-11), oraz inne (rozdział 3.4., prace nr 12 i 13). Wszystkie prace zostały podsumowane w Tabeli 3. W ostatnim rozdziale (str. 10) prezentujemy wyniki przeglądu. Pokazujemy na przykład, że istnieje wiele metod klasyfikacji, które mogą być połączone w jeden system i wzajemnie się uzupełniać - przez multiklasyfikację (ang. multi-classification] lub obsługę różnych części ruchu (np. [31] dla TCP i [15] dla UDP). Podajemy także nasze rekomendacje dotyczące walidacji metod klasyfikacji i zbierania śladów ruchu internetowego.
Słowa kluczowe
Rocznik
Strony
119--136
Opis fizyczny
Bibliogr. 58 poz., rys.
Twórcy
autor
  • The Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences ul. Bałtycka 5, Gliwice, Poland
Bibliografia
  • 1.M. Pietrzyk, L. Plissonneau, G. Urvoy-Keller, and T. En-Najjary, On profiling residential customers, Traffic Monitoring and Analysis, pp. 1-14, 2011.
  • 2.CAIDA: The Cooperative Association for Internet Data Analysis. Available from: http:// www.caida.org/ [27 March 2013].
  • 3.M. Zhang, W. John, K. Claffy, and N. Brownlee, State of the art in traffic classification: A research review, in PAM Student Workshop, 2009.
  • 4.IAN A Service Name and Transport Protocol Port Number Registry. Available from: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml [27 March 2013].
  • 5.T. Karagiannis, A. Broido, N. Brownlee, K. C. Claffy, and M. Faloutsos, Is p2p dying or just hiding?, in Global Telecommunications Conference, 2004. GLOBE-COM'04. IEEE, vol. 3, pp. 1532-1538, IEEE, 2004.
  • 6.T. Karagiannis, K. Papagiannaki, and M. Faloutsos, BLINC: Multilevel traffic classification in the dark, in ACM SIGCOMM Computer Communication Review, vol. 35, pp. 229-240, ACM, 2005.
  • 7.A. Dainotti, A. Pescape, and K. C. Claffy, Issues and future directions in traffic classification, Network, IEEE, vol. 26, no. 1, pp. 35-40, 2012.
  • 8.H. Kim, K. C. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee, Internet traffic classification demystified: Myths, caveats, and the best practices, in Proceedings of the 2008 ACM CoNEXT conference, p. 11, ACM, 2008.
  • 9.P. Bermolen, M. Mellia, M. Meo, D. Rossi, and S. Valenti, Abacus: Accurate behavioral classification of P2P-TV traffic, Computer Networks, vol. 55, no. 6, pp. 1394-1411, 2011.
  • 10.I. Bermudez, M. Mellia, M. M. Munafo, R. Keralapura, and A. Nucci, DNS to the Rescue: Discerning Content and Services in a Tangled Web, in Proceedings of the 12th ACM SIGCOMM Conference on Internet Measurement, vol. 1101, p. 12, 2012.
  • 11.A. Dainotti, A. Pescape, and C. Sansone, Early classification of network traffic through multi-classification, Traffic Monitoring and Analysis, pp. 122-135, 2011.
  • 12.MuTriCs: Multilevel Traffic Classification. Available from: http://mutrics.iitis.pl/ [27 March 2013].
  • 13. T. T. T. Nguyen and G. Armitage, A survey of techniques for internet traffic classification using machine learning, Communications Surveys & Tutorials, IEEE, vol. 10, no. 4, pp. 56-76, 2008.
  • 14. A. Callado, C. Kamieński, G. Szabó, B. Gero, J. Kelner, S. Fernandes, and D. Sadok, A survey on internet traffic identification, Communications Surveys & Tutorials, IEEE, vol. 11, no. 3, pp. 37-52, 2009.
  • 15.A. Finamore, M. Mellia, M. Meo, and D. Rossi, KISS: Stochastic packet inspection classifier for udp traffic, Networking, IEEE/ACM Transactions on, vol. 18, no. 5, pp. 1505-515, 2010.
  • 16.MuTriCs: Literature review. Available from: http://mutrics.iitis.pl/literature-review [27 March 2013].
  • 17.J. Frank, Artificial intelligence and intrusion detection: Current and future directions, in Proceedings of the 17th National Computer Security Conference, October 1994.
  • 18.M. Roughan, S. Sen, O. Spatscheck, and N. Duffield, Class-of-service mapping for QoS: A statistical signature-based approach to IP traffic classification, in Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp. 135-148, ACM, 2004.
  • 19.A. W. Moore and D. Zuev, Internet traffic classification using bayesian analysis techniques, in ACM SIGMETRICS Performance Evaluation Review, vol. 33, pp. 50-60, ACM, 2005.
  • 20.S. Zander, T. Nguyen, and G. Armitage, Automated traffic classification and application identification using machine learning, in Local Computer Networks, 2005. 30Th Anniversary. The IEEE Conference on, pp. 250-257, IEEE, 2005.
  • 21.K. Xu, Z.-L. Zhang, and S. Bhattacharyya, Profiling internet backbone traffic: Behavior models and applications, in ACM SIGCOMM Computer Communication Review, vol. 35, pp. 169-180, ACM, 2005.
  • 22.L. Bernaille, R. Teixeira, and K. Salamatian, Early application identification, in Proceedings of the 2006 ACM CoNEXT conference, p. 6, ACM, 2006.
  • 23.G. Szabó, I. Szabó, and D. Orincsay, Accurate traffic classification, in World of Wireless, Mobile and Multimedia Networks, 2007. WoWMoM 2007. IEEE International Symposium on a, pp. 1-8, IEEE, 2007.
  • 24.Internet Traffic Classification. Available from: http://www.caida.org/research/traffic-analysis/classification-overview/ [27 March 2013].
  • 25.A. Finamore, M. Mellia, M. Meo, and D. Rossi, KISS: Stochastic packet inspection, Traffic Monitoring and Analysis, pp. 117-125, 2009.
  • 26. V. Carela-Español, P. Barlet-Ros, M. Solé-Simó, A. Dainotti, W. de Donato, and A. Pescapé, K-dimensional trees for continuous traffic classification, Traffic Monitoring and Analysis, pp. 141-154, 2010.
  • 27. J. H. Friedman, J. L. Bentley, and R. A. Finkel, An algorithm for finding best matches in logarithmic expected time, ACM Transactions on Mathematical Software (TOMS), vol. 3, no. 3, pp. 209-226, 1977.
  • 28.S. Valenti, D. Rossi, M. Meo, M. Mellia, and P. Bermolen, Accurate, fine-grained classification of P2P-TV applications by simply counting packets, Traffic Monitoring and Analysis, pp. 84-92, 2009.
  • 29.G. Miinz, H. Dai, L. Braun, and G. Carle, TCP traffic classification using Markov models, Traffic Monitoring and Analysis, pp. 127-140, 2010.
  • 30.L. R. Rabiner, A tutorial on hidden Markov models and selected applications in speech recognition, Proceedings of the IEEE, vol. 77, no. 2, pp. 257-286, 1989.
  • 31.G. Miinz, S. Heckmuller, L. Braun, and G. Carle, Improving Markov-based TCP Traffic Classification, in KiVS (N. Luttenberger and H. Peters, eds.), vol. 17 of OASICS, pp. 61-72, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, 2011.
  • 32.L. I. Kuncheva, Combining Pattern Classifiers: Methods and Algorithms. Wiley, 2004.
  • 33.N. Williams, S. Zander, and G. Armitage, Evaluating machine learning algorithms for automated network application identification, Center for Advanced Internet Architectures, CAIA, Technical Report B, vol. 60410, p. 2006, 2006.
  • 34.R. Alshammari and A. N. Zincir-Heywood, Machine learning based encrypted traffic classification: identifying ssh and skype, in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, pp. 1-8, IEEE, 2009.
  • 35.G. Aceto, A. Dainotti, W. de Donato, and A. Pescape, PortLoad: Taking the best of two worlds in traffic classification, in INFOCOM IEEE Conference on Computer Communications Workshops, 2010, pp. 1-5, IEEE, 2010.
  • 36.P. Domingos and M. Pazzani, On the optimality of the simple bayesian classifier under zero-one loss, Machine learning, vol. 29, no. 2, pp. 103-130, 1997.
  • 37.R. Battiti and A. M. Colla, Democracy in neural nets: Voting schemes for classification, Neural Networks, vol. 7, no. 4, pp. 691-707, 1994.
  • 38.L. Shapley and B. Grofman, Optimizing group judgmental accuracy in the presence of interdependencies, Public Choice, vol. 43, no. 3, pp. 329-343, 1984.
  • 39.G. Rogova, Combining the results of several neural network classifiers, Neural networks, vol. 7, no. 5, pp. 777-781, 1994.
  • 40.Y. S. Huang and C. Y. Suen, A method of combining multiple experts for the recognition of unconstrained handwritten numerals, Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 17, no. 1, pp. 90-94, 1995.
  • 41. K.-D. Wernecke, A coupling procedure for the discrimination of mixed data, Biometrics, pp. 497-506, 1992.
  • 42. S. H. Yeganeh, M. Eftekhar, Y. Ganjali, R. Keralapura, and A. Nucci, CUTE: Traffic Classification Using TErms, in Computer Communications and Networks (ICCCN), 2012 21st International Conference on, pp. 1-9, IEEE, 2012.
  • 43.B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, Towards automated application signature generation for traffic identification, in Network Operations and Management Symposium, 2008. NOMS 2008. IEEE, pp. 160-167, IEEE, 2008.
  • 44.M. Dusi, M. Crotti, F. Gringoli, and L. Salgarelli, Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting, Computer Networks, vol. 53, no. 1, pp. 81-97, 2009.
  • 45.D. Adami, C. Callegari, S. Giordano, M. Pagano, and T. Pepe, Skype-Hunter: A real¬time system for the detection and classification of Skype traffic, International Journal of Communication Systems, vol. 25, no. 3, pp. 386-403, 2012.
  • 46.D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, and P. Tofanelli, Revealing skype traffic-When randomness plays with you, in ACM SIGCOMM Computer Communication Review, vol. 37, pp. 37-18, ACM, 2007.
  • 47.F. Gringoli, L. Salgarelli, M. Dusi, N. Cascarano, F. Risso, and K. Claffy, Gt: Picking up the truth from the ground for internet traffic, ACM SIGCOMM Computer Communication Review, vol. 39, no. 5, pp. 13-18, 2009.
  • 48.M. Dusi, F. Gringoli, and L. Salgarelli, Quantifying the accuracy of the ground truth associated with Internet traffic traces, Computer Networks, vol. 55, no. 5, pp. 1158-1167, 2011.
  • 49.P. Foremski, Tracedump: A Novel Single Application IP Packet Sniffer, Theoretical and Applied Informatics, vol. 24, no. 1, pp. 23-31, 2012.
  • 50.MuTriCs: Automatic trace generation. Available from: http://mutrics.iitis.pl/automatic-traffic-trace-generation [27 March 2013].
  • 51.M. Dusi, A. Este, F. Gringoli, and L. Salgarelli, Taking a Peek at Bandwidth Usage on Encrypted Links, in Communications (ICC), 2011 IEEE International Conference on, pp. 1-6, IEEE, 2011.
  • 52.CoMo-UPC: TMA evaluation service@UPC. Available from: http://monitoring.ccaba. upc.edu/como-upc/ [27 March 2013].
  • 53.Tstat - Skype Traces. Available from: http://tstat.tlc.polito.it/traces-skype.shtml [27 March 2013].
  • 54.SPDY: An experimental protocol for a faster web. Available from: http://www. chromium.org/spdy/spdy-whitepaper [27 March 2013].
  • 55. L. Salgarelli, F. Gringoli, and T. Karagiannis, Comparing traffic classifiers, ACM SIGCOMM Computer Communication Review, vol. 37, no. 3, pp. 65-68, 2007.
  • 56. MuTriCs: Datasets review. Available from: http://mutrics.iitis.pl/traffic-traces [27 March 2013].
  • 57.CAIDA Data. Available from: http://vvWW.caida.org/data/overview/ [27 March 2013].
  • 58.MAWI WG Traffic Archive. Available from: http://mawi.wide.ad.jp/mawi/ [27 March 2013].
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-16306525-2fb7-442c-8022-e06acacf7ccc
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.