Comparison and Analysis of Flow Features at the Packet Level for Traffic Classification

2012 International Conference on Connected Vehicles and Expo (ICCVE) Pub Date : 2012-12-12 DOI:10.1109/ICCVE.2012.58

Gang Lu, Hongli Zhang, M. T. Qassrawi, Xiangzhan Yu

{"title":"Comparison and Analysis of Flow Features at the Packet Level for Traffic Classification","authors":"Gang Lu, Hongli Zhang, M. T. Qassrawi, Xiangzhan Yu","doi":"10.1109/ICCVE.2012.58","DOIUrl":null,"url":null,"abstract":"Recently, flow features at the packet level for traffic classification have been paid more attention to since they are simple and observable even if encrypted tunnels are applied in the network, such as SSL tunnel. However, how to use flow features at the packet level for effective classification of traffic flows is still a significant issue to be solved. The objective of this paper is to compare and analyze three typical flow features at the packet level: packet size combined with packet direction, packet size combined with interarrival time, and protocol fingerprint. The amount of information carried by each feature is presented with mutual information measurement. Based on the traffic traces captured from two different network environments, our experimental results indicate that when C4.5 algorithm classifies traffic flows with the first two packets of each flow, packet size combined with packet interarrival time, which is generated from the client-to-server direction of a TCP connection, is more accurate and stable across space and time.","PeriodicalId":182453,"journal":{"name":"2012 International Conference on Connected Vehicles and Expo (ICCVE)","volume":"3 S1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Connected Vehicles and Expo (ICCVE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCVE.2012.58","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Recently, flow features at the packet level for traffic classification have been paid more attention to since they are simple and observable even if encrypted tunnels are applied in the network, such as SSL tunnel. However, how to use flow features at the packet level for effective classification of traffic flows is still a significant issue to be solved. The objective of this paper is to compare and analyze three typical flow features at the packet level: packet size combined with packet direction, packet size combined with interarrival time, and protocol fingerprint. The amount of information carried by each feature is presented with mutual information measurement. Based on the traffic traces captured from two different network environments, our experimental results indicate that when C4.5 algorithm classifies traffic flows with the first two packets of each flow, packet size combined with packet interarrival time, which is generated from the client-to-server direction of a TCP connection, is more accurate and stable across space and time.

查看原文本刊更多论文

面向流分类的包级流特征比较与分析

近年来，即使在网络中使用加密隧道(如SSL隧道)，报文级流特征也具有简单、可观察的特点，因此在流分类中受到越来越多的关注。然而，如何利用数据包级别的流特征对流量进行有效的分类仍然是一个需要解决的重要问题。本文的目的是比较和分析数据包级别的三种典型流特征:数据包大小与数据包方向的结合，数据包大小与到达间隔时间的结合，以及协议指纹。每个特征所携带的信息量通过互信息度量来表示。基于从两种不同网络环境中捕获的流量轨迹，我们的实验结果表明，当C4.5算法以每流的前两个数据包对流量进行分类时，数据包大小结合TCP连接从客户端到服务器方向产生的数据包间到达时间在空间和时间上更加准确和稳定。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 International Conference on Connected Vehicles and Expo (ICCVE)

自引率

0.00%

发文量