트래픽 분류

Traffic Classification
기간 : 2007 - 2008

지원기관 : 과학기술부 우수연구센터 육성사업단 SRC/ERC
 

Research Area
 Traffic classification, in most cases, is mandatory and prerequisite in managerial and prospecting stage. It allows managers, administrators and operators to prepare and have glimpse of idea for launch of the new applications. It is also an effective analysis for the postmortem and further comprehension. When operators can have hold on to firm statistics on user behaviors, they can produce a right application without making the resources wasted. In terms of network peripheral’s resources it is second to processing speed, and plays critical role in operation, which is venerable in most cases to malicious users.


Figure 1. Graphical representation of CART result
 There are many ways to classify the traffic, and one of the popular and oldest models in classification is to use information provided by Transport layer, since some of the port numbers are adequate to identify the well known port numbers, and many, which has multiple usages, can be categorized by parsing the port numbers. Second is Signature and fingerprint based classification, which manipulates the specific patterns and marks created by specific applications, many applications indeed creates special signatures, however as the techniques are progressing, many applications started to hide their trademarks, concealing their identities by encryption. Third method is unsupervised or supervised machine learning, which has many bifurcations. One of which is usage of statistics in inter-arrival time of packets and flow to determine the application they are using.
 This work manipulates schemes popularly used in data mining, which are SVM, CART. Support Vector Machine (SVM) is an effective but rather slow type of classifier compared to Classification and Regression Tree (CART). Figure 1 is graphical representation of CART result.
 


Figure 1. Graphical representation of CART result
 
 In table 1, classified application results are shown. Row axis means the types of different applications used as an input of classification routine, and column axis gives prediction of different applications.
 
Appl.
Pred.
Download Game Uploads VOD VoIP Web
Download 51 0 12 5 1 0
Game 0 180 0 0 0 2
Uploads 1 6 43 1 0 0
VOD 1 0 2 38 0 1
VoIP 0 15 0 1 156 2
Web 0 19 1 28 5 11523
Total 53 220 58 73 162 11528
Table 1. Classification rate of CART
 
Research Goal
 1. Construct a efficient traffic classification critical statistical parameters  2. Construct a architecture to classify the real time traffic, which can be used for online/offline network traffic
 
Expected Effects
 1. Successful identification of traffic using statistic of available information will reduces the time and effort to determine the right methods in classification  2. Successful creation of the architecture will be beneficial and provide supportive information in managerial process stage and to network operators.
 
Supporting Institute: 과학기술부 우수연구센터 육성사업단(SRC/ERC)
 
Duration of the Research: 2007.6 - 2007.12
 
Papers
Research Personnel
  • Seongjin Lee james<>ece.hanyang.ac.kr