Classification of Network Traffic via Packet-Level Hidden Markov Models
- 1 January 2008
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Traffic classification and identification is a fertile research area. Beyond Quality of Service, service differentiation, and billing, one of the most important applications of traffic classification is in the field of network security. This paper proposes a packet-level traffic classification approach based on Hidden Markov Model (HMM). Classification is performed by using real network traffic and estimating - in a combined fashion - Packet Size (PS) and Inter Packet Time (IPT) characteristics, thus remaining applicable to encrypted traffic too. The effectiveness of the proposed approach is evaluated by considering several traffic typologies: we applied our model to real traffic traces of Age of Mythology and Counter Strike (two Multi Player Network Games), HTTP, SMTP, Edonkey, PPlive (a peer-to-peer IPTV application), and MSN Messenger. An analytical basis and the mathematical details regarding the model are given. Results show how the proposed approach is able to classify network traffic by using packet-level statistical properties and therefore it is a good candidate as a component for a multi-classification framework.Keywords
This publication has 12 references indexed in Scilit:
- Lightweight application classification for network managementPublished by Association for Computing Machinery (ACM) ,2007
- QRP05-4: Internet Traffic Identification using Machine LearningIEEE Globecom 2006, 2006
- QRP07-2: An HMM Approach to Internet Traffic ModelingIEEE Globecom 2006, 2006
- A statistical approach to IP-level classification of network trafficPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- A traffic characterization of popular on-line gamesIEEE/ACM Transactions on Networking, 2005
- Is P2P dying or just hiding?Published by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Automated traffic classification and application identification using machine learningPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- HMM profiles for network traffic classificationPublished by Association for Computing Machinery (ACM) ,2004
- Fusion of multiple classifiers for intrusion detection in computer networksPattern Recognition Letters, 2003
- A tutorial on hidden Markov models and selected applications in speech recognitionProceedings of the IEEE, 1989