基于流记录偏好度的多分类器融合流量识别模型

doi:10.3969/j.issn.1000-436x.2013.10.017

Abstract

Abstract:

The concept of multi-classifier fusion was introduced which can improve the classification accuracy and over-come the disadvantage of single classifier.DS theory was introduced into decision module of traffic classification and preference and timeliness was proposed.After analyzing multi-classifier model by simulation,the results show the new classifier model can overcome one sidedness of single ier,depending on multiple evidences to optimize the traffic results.

Key words: multi-classifier, DS theory, preference, machine learning

Shi DONG,Wei DING. Traffic classification model based on fusion of multiple classifiers with flow preference[J]. Journal on Communications, 2013, 34(10): 143-152.

Figures/Tables 14

		分类结果
		Class 1	Class 2	?	Class n
	Class 1	h₁₁	h₁₂	?	h_1n
正确的分类	Class 2	h₂₁	h₂₂	?	h_2n
正确的分类	$⋮$	$⋮$	$⋮$	$⋮$	$⋮$
	Class n	h_n1	h_n2	?	h_nn

References 18

[1]	KARAGIANNIS T , PAPAGIANNAKI K , FALOUTSOS M . BLINC:multilevel traffic classification in the dark[A]. Proc of the ACM SIG-COMM[C]. Philadelphia, 2005. 229-240.
[2]	ROUGHAN M , SEN S , SPATSCHECK O ,et al. Class-of-service mapping for QoS:a statistical signature-based approach to IP traffic classification[A]. Proc of the ACM SIGCOMM Internet Measurement Conf[C]. Taormina, 2004. 135-148.
[3]	MOORE A W , ZUEV D . Internet traffic classification using Bayes n analysis techniques[A]. Proc of the 2005 ACM SIGMETRICS Int'1 Conf on Measurement and Modeling of Computer Systems[C]. Banff, 2005. 50-60.
[4]	李君, 张顺颐, 王浩云 ,等. 基于贝叶斯网络的Peer to peer识别方法[J]. 应用科学学报, 2009,27(2): 124-130. LI J , ZHANG S Y , WANG H Y ,et al. Peer to peer identification using Bayesian networks[J]. Journal of Applied Sciences, 2009,27(2): 124-130.
[5]	徐鹏, 刘琼, 林森 . 基于支持向量机的Internet流量分类研究[J]. 计算机研究与发展, 2009,46(3): 407-414. XU P , LIU Q , LIN S . Internet traffic classification based on support vector machines[J]. Journal of Computer Research and Development, 2009,46(3): 407-414.
[6]	LI Z , YUAN R X , GUAN X H . Accurate classification of the Internet traffic based on the SVM method[A]. Proc of IEEE International Conference on Communications (ICC)[C]. Glasgow,Scotland,United Kingdom, 2007. 1373-1378.
[7]	MA Y L , QIAN Z J , SHOU G C . Study on preliminary performance of algorithms for network traffic identification[A]. Proc of 2008 Interna-tional Conference on Computer Science and Software Eng neering[C]. Wuhan,China, 2008. 629-633.
[8]	ALSHAMMARI R , ZINCIR-HEYWOOD A N . Investigating two different approaches for encrypted traffic classification[A]. Proc of Sixth Annual Conference on Privacy,Security and Trust[C]. Fredericton,NB,Canada, 2008. 156-166.
[9]	HIRVONEN M , LAULAJAINEN J P . Two-phased network traffic classification method for quality of service management[A]. Proc of the 13th IEEE International Symposium on Consumer Electronics (ISCE2009)[C]. Kyoto,Japan, 2009. 962-966.
[10]	ZUEV D , ANDREW W M . Traffic classification using a statistical approach[A]. Proc of the 6th Annual Passive and Active Measure-ments Workshop (PAM'05)[C]. Boston,USA, 2005. 321-324.
[11]	ANDREW W M , DENIS Z . Internet traffic classification using baye-sian analysis techniques[A]. Proc of ACM SIGMETRICS'05[C]. Banff,Canada, 2005. 50-60.
[12]	JIANG H B , MOORE A W , GE Z H ,et al. Lightweight application classification for network management[A]. Proc of the SIGCOMM Workshop on Internet Network Management'07[C]. Kyoto,Japan, 2007.299-304.
[13]	AULD T , MOORE A W , GULL S F . Bayesian neural networks Internet traffic classification[J]. IEEE Transactions on Neural Net-works, 2007,18(1): 223-239.
[14]	LI W , CANINI M , MOORE A W ,et al. Efficient application identifi-cation and the temporal and spatial stability of class fication schema[J]. Computer Networks, 2009,53: 790-809.
[15]	HALL D L.Mathematical Techniques in Multi Sensor Data Fusion . Bosston[M]. Artech Hous, 2004. 125-13.
[16]	ORPONEN P . Dempster's rule of combination is # P-complete[J]. Artificial Intelligence, 1990,44(1,2): 245-253.
[17]	DAVIS J , GOADRICH M . The relationship between precision-recall and ROC curves[A]. Proceedings of the 23rd International Conference on Machine Learning (ACM,2006)[C]. Pittsburgh,PA,United, 2006. 233-240.
[18]	L7-filter,application layer packet classifier for Linux[EB/OL]. . 2003.

Metrics

Recommended 0

No Suggested Reading articles found!

测度	测度描述
双向报文数	前向和后向的报文数之和
双向字节数	前向和后向的字节数之和
平均报文长度	双向字节数双向报文数/
持续时间	流结束时间—流开始时间
TOS	NETFLOW中双向TOS之OR
TCPFLAGS1	某一方向流的TCPFLAGS
TCPFLAGS2	另一方向流的TCPFLAGS
传输层协议	NETFLOW直接得到
低位端口	NETFLOW直接得到
高位端口	NETFLOW直接得到
PPS	报文数持续时间/
BPS	字节数持续时间/
平均报文到达间隔	持续时间报文数/
双向报文数比	流中双向报文数的比
双向字节数比	流中双向字节数的比
双向报文长度比	流中双向报文长度的比

Trace	Pkt count	byte	Flow count
Trace1(0:00～1:00)	3.70×10⁸	2.52×10¹⁰(24.0G)	1.28×10⁶
Trace2(5:00～6:00)	1.23×10⁸	8.39×10⁹(8.0G)	3.74×10⁵
Trace3(19:00～20:00)	9.78×10⁸	5.73×10¹⁰(53.36G)	2.42×10⁶

应用协议标号	应用类别	所含协议举例	流数	比重/%
1	WWW	HTTP等	304 572	74.01
2	Bulk	FTP	5 483	1.33
3	Mail	IMAP,POP3,SMTP	385	0.09
4	P2P	BitTorrent,eDonkey,Gnu-tella,Xun-Lei,pplive	71 186	17.3
5	Service	DNS,NTP	3 035	0.74
6	Interactive	SSH,CVS,pcAnywhere	60	0.014
7	Multimedia	RTSP,Real	20	0.004 9
8	Voice	SIP,Skype	276	0.067
9	Others	games,attacks	26 500	6.44

识别算法	Overall accuracy/%
多分类器算法	97.36
C4.5算法	96.65
NaiveBayes算法	58.5
SVM	92.5

流数量	多分类器时间消耗		C4.5时间消耗		NaiveBayes时间消耗		SVM时间消耗
流数量	训练时间/s	分类时间/s	训练时间/s	分类时间/s	训练时间/s	分类时间/s	训练时间/s	分类时间/s
10³	30.0	5.20	84.6	12.58	46.63	13.24	116.6	13.2
10⁴	256	7.11	284.7	16.36	275.5	12.44	325.6	19.4
10⁵	3 503	15.24	3 870	23.57	3 781	18.96	4 294	25.9
10⁶	36 172	59.2	38 476	79.84	37 276	67.01	42 162	86.7

Traffic classification model based on fusion of multiple classifiers with flow preference

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 18

Related Articles 15

Metrics

Recommended 0

流数量	多分类器	C4.5	NaiveBayes	SVM
流数量	内存开销/MB	内存开销/MB	内存开销/MB	内存开销/MB
10³	90	145	174	116.6
10⁴	158	234.7	275.5	224.6
10⁵	260	364	388.1	323.4
10⁶	298	364.43	392.37	339.62

[1]	Qianyi DAI, Bin ZHANG, Song GUO, Kaiyong XU. Blockchain network layer anomaly traffic detection method based on multiple classifier integration [J]. Journal on Communications, 2023, 44(3): 66-80.
[2]	Jianxun LIU, Linghang DING, Guosheng KANG, Buqing CAO, Yong XIAO. Joint QoS prediction for Web services based on deep fusion of features [J]. Journal on Communications, 2022, 43(7): 215-226.
[3]	Gaofeng HE, Qianfeng WEI, Xiancai XIAO, Haiting ZHU, Bingfeng XU. Confirmation method for the detection of malicious encrypted traffic with data privacy protection [J]. Journal on Communications, 2022, 43(2): 156-170.
[4]	Zhibin FENG, Yuhua XU, Zhiyong DU, Xin LIU, Wen LI, Hao HAN, Xiaobo ZHANG. Active defense technology against intelligent jammer [J]. Journal on Communications, 2022, 43(10): 42-54.
[5]	Yanhui LU, Han LIU, Hang LI, Guangxu ZHU. Time series generation model based on multi-discriminator generative adversarial network [J]. Journal on Communications, 2022, 43(10): 167-176.
[6]	Kai MEI, Haitao ZHAO, Xiaoran LIU, Jun LIU, Jun XIONG, Baoquan REN, Jibo WEI. Efficient model-and-data based channel estimation algorithm [J]. Journal on Communications, 2022, 43(1): 59-70.
[7]	Changgen PENG, Ting GAO, Huilan LIU, Hongfa DING. PCA-based membership inference attack for machine learning models [J]. Journal on Communications, 2022, 43(1): 149-160.
[8]	Futai ZOU, Yue TAN, Lin WANG, Yongkang JIANG. Botnet detection based on generative adversarial network [J]. Journal on Communications, 2021, 42(7): 95-106.
[9]	Liu LIU, Jianhua ZHANG, Yuanyuan FAN, Li YU, Jiachi ZHANG. Survey of application of machine learning in wireless channel modeling [J]. Journal on Communications, 2021, 42(2): 134-153.
[10]	Yusun FU,Genke YANG. Application of artificial intelligence in mobile communication:challenge and practice [J]. Journal on Communications, 2020, 41(9): 190-201.
[11]	Jiazhi REN,Hui TIAN,Shaoshuai FAN,Yuanzhuo LIN,Gaofeng NIE,Jilong LI. UAV deployment and caching scheme based on user preference prediction [J]. Journal on Communications, 2020, 41(6): 1-13.
[12]	Tieming CHEN,Chengqiang JIN,Mingqi LYU,Tiantian ZHU. Intelligent detection method on network malicious traffic based on sample enhancement [J]. Journal on Communications, 2020, 41(6): 128-138.
[13]	Chunyu HAN,Yongzheng ZHANG,Yu ZHANG. Fast-flucos:malicious domain name detection method for Fast-flux based on DNS traffic [J]. Journal on Communications, 2020, 41(5): 37-47.
[14]	Xin ZHOU,Xiaoxin HE,Changwen ZHENG. Radio signal recognition based on image deep learning [J]. Journal on Communications, 2019, 40(7): 114-125.
[15]	Xuehui DU,Yangdong LIN,Yi SUN. Malicious PDF document detection based on mixed feature [J]. Journal on Communications, 2019, 40(2): 118-128.