TY - GEN
T1 - Comparison and analysis of flow features at the packet level for traffic classification
AU - Lu, Gang
AU - Zhang, Hongli
AU - Qassrawi, Mahmoud
AU - Yu, Xiangzhan
PY - 2012
Y1 - 2012
N2 - Recently, flow features at the packet level for traffic classification have been paid more attention to since they are simple and observable even if encrypted tunnels are applied in the network, such as SSL tunnel. However, how to use flow features at the packet level for effective classification of traffic flows is still a significant issue to be solved. The objective of this paper is to compare and analyze three typical flow features at the packet level: packet size combined with packet direction, packet size combined with interarrival time, and protocol fingerprint. The amount of information carried by each feature is presented with mutual information measurement. Based on the traffic traces captured from two different network environments, our experimental results indicate that when C4.5 algorithm classifies traffic flows with the first two packets of each flow, packet size combined with packet interarrival time, which is generated from the client-to-server direction of a TCP connection, is more accurate and stable across space and time.
AB - Recently, flow features at the packet level for traffic classification have been paid more attention to since they are simple and observable even if encrypted tunnels are applied in the network, such as SSL tunnel. However, how to use flow features at the packet level for effective classification of traffic flows is still a significant issue to be solved. The objective of this paper is to compare and analyze three typical flow features at the packet level: packet size combined with packet direction, packet size combined with interarrival time, and protocol fingerprint. The amount of information carried by each feature is presented with mutual information measurement. Based on the traffic traces captured from two different network environments, our experimental results indicate that when C4.5 algorithm classifies traffic flows with the first two packets of each flow, packet size combined with packet interarrival time, which is generated from the client-to-server direction of a TCP connection, is more accurate and stable across space and time.
KW - flow features
KW - packet level
KW - traffic classification
UR - https://www.scopus.com/pages/publications/84879487136
U2 - 10.1109/ICCVE.2012.58
DO - 10.1109/ICCVE.2012.58
M3 - 会议稿件
AN - SCOPUS:84879487136
SN - 9780769549002
T3 - Proceedings - 2012 International Conference on Connected Vehicles and Expo, ICCVE 2012
SP - 262
EP - 267
BT - Proceedings - 2012 International Conference on Connected Vehicles and Expo, ICCVE 2012
T2 - 2012 1st International Conference on Connected Vehicles and Expo, ICCVE 2012
Y2 - 12 December 2012 through 16 December 2012
ER -