A cascade forest approach to application classification of mobile traces

Abstract

With the rapid development of mobile networks, mobile traffic classification, a mapping of mobile traffic to mobile applications, becomes more and more important for variant networking and security issues, such as network management, monitoring and the detection of malware activities. In this paper, we propose CFMTC (Cascade Forest for Mobile Traces Classification), a mobile network trace-based traffic classification system, which exploits flow statistical features extracted from mobile traces. Compared to other classification approaches, our system is based upon the key insight that deep learning techniques and the statistical features of bidirectional flows of mobile traces can be combined together for accurate mobile application classification. In CFMTC, we first filter UDP and TCP flows from mobile traces according to the flow attributes (Source IP, Destination IP, Source port, Destination port, Protocol), and then train Cascade Forest to classify raw mobile traces. We use a feature selection method to find the optimal feature set and determine the influence of different features. Our approach involves the following key features: 1) suitable for mobile traces classification; 2) adapted Cascade Forest algorithm for mobile traffic classification; 3) applicable to both connection-oriented protocols and connection-less protocols; 4) effective for both encrypted and non-encrypted flows. We implement CFMTC and conduct extensive evaluations on mobile network traces containing text, audio and video flows generated by Kuwo Music, WeChat, PPTV Live traces. Our experimental results show that CFMTC has the ability to accurately classify the mobile traces of the target mobile applications with an average accuracy of about 88.71%. Our experimental results prove that CFMTC is a robust system, and meanwhile displays competitive performance in practice.