TY - GEN
T1 - Leveraging Inner-Connection of Message Sequence for Traffic Classification
T2 - 24th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2018
AU - Jin, Renjie
AU - Xue, Guangtao
AU - Lyu, Feng
AU - Sheng, Hao
AU - Liu, Gongshen
AU - Li, Minglu
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - Classifying traffic flows into source applications is of great value for intelligent network management, which can help to detect malicious attacks, monitor the network, optimize network behaviors and then improve user experience, etc. However, to achieve high-accuracy traffic classification, especially in real time, is very challenging due to very complicated behaviors of traffic flows where network applications could often transmit traffics with encryption at randomized port numbers under highly dynamic network conditions. In this paper, by collecting extensive application traffic flows at the exit router of Shanghai Maritime University (the traffic rate can reach up to 7 GB/s at peak time), we identify that there is a very distinct characteristic in inner-connection of message (grouped by single or multiple consecutive TCP packets) sequence for different application flows. We then propose our traffic classification algorithm, which essentially adopts a Long Short-Term Memory (LSTM) neural network to output a classifier with message sequence vector (not necessarily covering all messages) of a traffic flow as the training input, to conduct online traffic flow classification. Extensive simulations are conduced considering varied training data size and diverse source applications, and an average about 97 % accuracy on per-flow classification can be achieved.
AB - Classifying traffic flows into source applications is of great value for intelligent network management, which can help to detect malicious attacks, monitor the network, optimize network behaviors and then improve user experience, etc. However, to achieve high-accuracy traffic classification, especially in real time, is very challenging due to very complicated behaviors of traffic flows where network applications could often transmit traffics with encryption at randomized port numbers under highly dynamic network conditions. In this paper, by collecting extensive application traffic flows at the exit router of Shanghai Maritime University (the traffic rate can reach up to 7 GB/s at peak time), we identify that there is a very distinct characteristic in inner-connection of message (grouped by single or multiple consecutive TCP packets) sequence for different application flows. We then propose our traffic classification algorithm, which essentially adopts a Long Short-Term Memory (LSTM) neural network to output a classifier with message sequence vector (not necessarily covering all messages) of a traffic flow as the training input, to conduct online traffic flow classification. Extensive simulations are conduced considering varied training data size and diverse source applications, and an average about 97 % accuracy on per-flow classification can be achieved.
KW - Inner-connection of message sequence
KW - Internet traffic
KW - LSTM neural network
KW - Traffic flow classification
UR - https://www.scopus.com/pages/publications/85063315425
U2 - 10.1109/PADSW.2018.8644617
DO - 10.1109/PADSW.2018.8644617
M3 - 会议稿件
AN - SCOPUS:85063315425
T3 - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
SP - 77
EP - 84
BT - Proceedings - 2018 IEEE 24th International Conference on Parallel and Distributed Systems, ICPADS 2018
PB - IEEE Computer Society
Y2 - 11 December 2018 through 13 December 2018
ER -