Classification and Application of Long-duration Flows Based on Flow Behavior

Abstract

Long-duration flows are extended network flows in the Internet that result from various network activities such as file transfers, persistent connections, and control command transmissions. These flows are utilized by a broad range of applications in the Internet, both benign and malicious, and their management and security are crucial for the functioning of the Internet. In this study, we categorize long-duration flows into three types: control flows, mixed flows, and information flows, based on their purpose for existence. Subsequently, features are extracted based on three characteristics: flow, time series, and packet length. The selected features are used to construct a dataset for training a classification model. The empirical analysis of real-world traffic data from high-speed network boundaries demonstrates that the classification model is capable of accurately identifying control flows in long-duration flows and determining specific applications within them.