Robust network traffic identification with unknown applications

Jun Zhang, Chao Chen, Yang Xiang, Wanlei Zhou
2013 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security - ASIA CCS '13  
Traffic classification is a fundamental component in advanced network management and security. Recent research has achieved certain success in the application of machine learning techniques into flow statistical feature based approach. However, most of flow statistical feature based methods classify traffic based on the assumption that all traffic flows are generated by the known applications. Considering the pervasive unknown applications in the real world environment, this assumption does not
more » ... hold. In this paper, we cast unknown applications as a specific classification problem with insufficient negative training data and address it by proposing a binary classifier based framework. An iterative method is proposed to extract unknown information from a set of unlabelled traffic flows, which combines asymmetric bagging and flow correlation to guarantee the purity of extracted negatives. A binary classifier is used as an application signature which can operate on a bag of correlated flows instead of individual flows to further improve its effectiveness. We carry out a series of experiments in a real-world network traffic dataset to evaluate the proposed methods. The results show that the proposed method significantly outperforms the-state-of-art traffic classification methods under the situation of unknown applications present.
doi:10.1145/2484313.2484366 dblp:conf/ccs/ZhangCXZ13 fatcat:er2chtmmfrgihf6kev7h2gtnhi