High-Speed Flow Nature Identification

Khakpour, Amir R.; Liu, Alex X.

doi:10.1109/icdcs.2009.34

Cited by 10 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…So Khakpour [20] does not carry out any experiments based on real-world packet traces. However, despite the difficulties mentioned above, we still utilize pure text and encrypted data, which are obtained from real-world traces for validation in our paper.…”

Section: Real-world Packet Verificationmentioning

confidence: 99%

See 1 more Smart Citation

Using Entropy to Classify Traffic More Deeply

Wang¹,

Zhang²,

Guo³

et al. 2011

2011 IEEE Sixth International Conference on Networking, Architecture, and Storage

View full text Add to dashboard Cite

The network community always pays its attention to find better methods for traffic classification, which is crucial for Internet Service Providers (ISPs) to provide better QoS for users. Prior works on traffic classification mainly focus their attentions on dividing Internet traffic into different categories based on application layer protocols (such as HTTP, BitTorrent etc.). Making traffic classification from another point of view, we divide Internet traffic into different content types. Our technology is an attempt to solve the classification problem of network traffic, which contains unknown and proprietary protocols (i.e., no publicly available protocol specification).In this paper, we design a classifier which can distinguish Internet traffic into different content types using machine learning techniques. Features of our classifier are entropy of consecutive bytes and frequencies of characters. Our method is capable of classifying real-world traces into different content types (including Text, Picture, Audio, Video, Compressed, Base64-encoded image, Base64-encoded text and Encrypted). The chief features of our classifier are small computing space (about 1K Bytes) and high classification accuracy (about 81%).

show abstract

Section: Real-world Packet Verificationmentioning

confidence: 99%

“…The work of Khakpour et al [20] was the pioneer of our task. They suggested a high-speed architecture which can separate flows into three categories, including text, binary and encrypted.…”

Section: Related Workmentioning

confidence: 99%

Using Entropy to Classify Traffic More Deeply

Wang¹,

Zhang²,

Guo³

et al. 2011

2011 IEEE Sixth International Conference on Networking, Architecture, and Storage

View full text Add to dashboard Cite

show abstract

“…В [6] потоки определяются как зашифрованные или незашифрованные на основании энтропии первого пакета. В [7] вычисление энтропии первых байтов полезной нагрузки идентифицирует тип содержимого как текст, бинарный файл или шифрованный файл, что позволяет приоритизировать передачу некоторых файлов. Однако, такую классификацию сложно назвать точной или детализированной, так как для одного и того же приложения возможно использование всех видов содержимого.…”

Section: стохастический анализ пакетовunclassified

A Survey of Network Traffic Classification

Getman¹,

Иконникова²

2020

Proceedings of ISP RAS

View full text Add to dashboard Cite

This survey is dedicated to the task of network traffic classification, particularly to the use of machine learning algorithms in this task. The survey begins with the description of the task, its variations and possible uses in real-world problems. It then proceeds to the description of the methods used historically to solve this task, their limitations and evolution of traffic making machine learning the main way to solve the problem. Then the most popular machine learning algorithms used in this task are described, with the examples of research papers, providing the insight into their advantages and disadvantages in relation to this field. The task of feature selection is discussed, followed by the more global problem of acquiring the suitable dataset to use in the research; some examples of such popular datasets and their descriptions are provided. The paper concludes with the outline of the current problems in this research area to be solved.

show abstract

“…文献 [17] 使用一个会话的第 1 个报文进行 DPI 检测, 实现及早的分类, 但是这种技术除了要预先提取有效的签名外, 还要检测报文负载, 不仅导致计算开销大还会侵犯隐私. 为了解决 DPI 面临的一些问题, Khakpour 等 [18] 使用随机报文探测 (stochastic packet inspection, SPI) 技术 [12] , 设计了一种快速算法, 该算法计算报文中第 1 个负载字节数的信息熵进行载荷内容类型识别. 但是该技术仍然可能涉及侵犯客户隐私的问题.…”

unclassified

Network traffic classification method based on improved deep convolutional neural network

Zhang¹,

Cheng²,

Zhang³

2020

Sci. Sin.-Inf.

View full text Add to dashboard Cite

UDP 端口号克服传统传输架构的性能限制. 基于深度包检测 (deep packet inspection, DPI) 的流量分类方法有效提高了分类精度. 该方法不仅要检测 IP 包头和 TCP/IP 包头, 还会针对数据包的部分和全部负载内容进行检测 [3]. 尽管该方法有效提高了检测精度, 但是仍具有以下缺陷: (1) 难用于加密负载流量; (2) 算法的复杂度较高, 效率较低 [4]. 为了应对上述困难, 机器学习技术广泛应用到流量分类中. 具体方法包括浅层学习和深度学习. 在浅层学习中, 研究人员主要利用 artificial neural network [5] 、k-nearest neighbour [6] 、支持向量机 [7, 8] 和决策树 [9] 对网络流量进行二元分类, 即区分出正常的和恶意的网络流量. 另外, 研究人员还利用

show abstract

High-Speed Flow Nature Identification

Cited by 10 publications

References 14 publications

Using Entropy to Classify Traffic More Deeply

Using Entropy to Classify Traffic More Deeply

A Survey of Network Traffic Classification

Network traffic classification method based on improved deep convolutional neural network

Contact Info

Product

Resources

About