Online traffic classification based on sub-flows

Abstract

Traffic classification by application class provides useful information for various tasks of network engineering and administration. However, offline classification of flows has limited its practical application to auditing tasks, long-term planning and other analytical issues. Therefore, research on traffic classification now moves towards the search for accurate and efficient methods of classification in order to meet online tasks such as traffic monitoring and shaping and other specific-application operations. In this work we apply the One-Against-All Approach (OAA) for two online classification strategies based on statistical features of TCP sub-flows. One uses the first N packets of the bi-directional TCP session and the other applies to sub-flows of the N packets starting at a random position in the flow. In our variant of the OAA approach, the problem of classifying an object in one of M classes is reduced to M binary classification problems with an associated decision rule, with each of them possibly using a different subset of features and sub-flow size. We investigated the effect of variation in the amount of N on the results of classification and the smaller set of variables in each of the above problems. This study used the Naïve Bayes classifier.