Home // ICNS 2013, The Ninth International Conference on Networking and Services // View article
Authors:
Zuleika Nascimento
Djamel Sadok
Stenio Fernandes
Keywords: Association Rules; Self-Organizing Maps; Network Traffic Measurement; Genetic Algorithms.
Abstract:
Considerable effort has been made by researchers in the area of network traffic classification, since the Internet grows exponentially in both traffic volume and number of protocols and applications. The task of traffic identification is a complex task due to the constantly changing Internet and an increase in encrypted data. There are several methods for classifying network traffic such as known ports and Deep Packet Inspection (DPI), but they are not effective since many applications constantly randomize their ports and the payload could be encrypted. This paper proposes a hybrid model that makes use of a rule-based model along with a self-organizing map (SOM) model to tackle the problem of traffic classification without making use of the payload or ports. The proposed method also allows the generation of association rules for new unknown applications and further labeling by experts. The proposed hybrid model was superior to a rule-based model only and presented a precision of over 94% except for eMule application. The model was validated against a Measurement and Analysis on the WIDE Internet (MAWI) trace and presented true positive results above 99% and 0% false positives. It was also validated against another model based on computational intelligence, named Realtime, and the hybrid model proposed in this work presented better results when tested in real time network traffic.
Pages: 213 to 219
Copyright: Copyright (c) IARIA, 2013
Publication date: March 24, 2013
Published in: conference
ISSN: 2308-4006
ISBN: 978-1-61208-256-1
Location: Lisbon, Portugal
Dates: from March 24, 2013 to March 29, 2013