학술지 Real-Time Classification of Internet Application Traffic Using a Hierarchical Multi-Class SVM
유재학, 이한성, 임영희, 김명섭, 박대희
KSII Transactions on Internet and Information Systems, v.4 no.5, pp.859-876
10MC5200, 차세대 USN기반의 스마트 사회안전 프레임워크 기술 개발, 이병복
In this paper, we propose a hierarchical application traffic classification system as an alternative means to overcome the limitations of the port number and payload based methodologies, which are traditionally considered traffic classification methods. The proposed system is a new classification model that hierarchically combines a binary classifier SVM and Support Vector Data Descriptions (SVDDs). The proposed system selects an optimal attribute subset from the bi-directional traffic flows generated by our traffic analysis system (KU-MON) that enables real-time collection and analysis of campus traffic. The system is composed of three layers: The first layer is a binary classifier SVM that performs rapid classification between P2P and non-P2P traffic. The second layer classifies P2P traffic into file-sharing, messenger and TV, based on three SVDDs. The third layer performs specialized classification of all individual application traffic types. Since the proposed system enables both coarse- and fine-grained classification, it can guarantee efficient resource management, such as a stable network environment, seamless bandwidth guarantee and appropriate QoS. Moreover, even when a new application emerges, it can be easily adapted for incremental updating and scaling. Only additional training for the new part of the application traffic is needed instead of retraining the entire system. The performance of the proposed system is validated via experiments which confirm that its recall and precision measures are satisfactory. Copyright © 2010 KSII.
Attribute subset selection, P2P traffic analysis, Support vector machine, Traffic classification, Traffic monitoring and analysis
