Real-time Classification of Internet Application Traffic using a Hierarchical Multi-class SVM
- Authors
- Yu, Jaehak; Lee, Hansung; Im, Younghee; Kim, Myung-Sup; Park, Daihee
- Issue Date
- 30-Oct-2010
- Publisher
- KSII-KOR SOC INTERNET INFORMATION
- Keywords
- Traffic monitoring and analysis; traffic classification; P2P traffic analysis; support vector machine; attribute subset selection
- Citation
- KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, v.4, no.5, pp.859 - 876
- Indexed
- SCIE
SCOPUS
KCI
OTHER
- Journal Title
- KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
- Volume
- 4
- Number
- 5
- Start Page
- 859
- End Page
- 876
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/115487
- DOI
- 10.3837/tiis.2010.10.009
- ISSN
- 1976-7277
- Abstract
- In this paper, we propose a hierarchical application traffic classification system as an alternative means to overcome the limitations of the port number and payload based methodologies, which are traditionally considered traffic classification methods. The proposed system is a new classification model that hierarchically combines a binary classifier SVM and Support Vector Data Descriptions (SVDDs). The proposed system selects an optimal attribute subset from the bi-directional traffic flows generated by our traffic analysis system (KU-MON) that enables real-time collection and analysis of campus traffic. The system is composed of three layers: The first layer is a binary classifier SVM that performs rapid classification between P2P and non-P2P traffic. The second layer classifies P2P traffic into file-sharing, messenger and TV, based on three SVDDs. The third layer performs specialized classification of all individual application traffic types. Since the proposed system enables both coarse-and fine-grained classification, it can guarantee efficient resource management, such as a stable network environment, seamless bandwidth guarantee and appropriate QoS. Moreover, even when a new application emerges, it can be easily adapted for incremental updating and scaling. Only additional training for the new part of the application traffic is needed instead of retraining the entire system. The performance of the proposed system is validated via experiments which confirm that its recall and precision measures are satisfactory.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Computer and Information Science > 1. Journal Articles
- College of Science and Technology > Department of Computer Convergence Software > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.