A method for classification of network traffic based on C5.0 Machine Learning Algorithm

Publication: Research - peer-reviewArticle in proceeding

Abstract

Monitoring of the network performance in high-speed Internet infrastructure is a challenging task, as the requirements for the given quality level are service-dependent. Backbone QoS monitoring and analysis in Multi-hop Networks requires therefore knowledge about types of applications forming current network traffic. To overcome the drawbacks of existing methods for traffic classification, usage of C5.0 Machine Learning Algorithm (MLA) was proposed. On the basis of statistical traffic information received from volunteers and C5.0 algorithm we constructed a boosted classifier, which was shown to have ability to distinguish between 7 different applications in test set of 76,632-1,622,710 unknown cases with average accuracy of 99.3-99.9%. This high accuracy was achieved by using high quality training data collected by our system, a unique set of parameters used for both training and classification, an algorithm for recognizing flow direction and the C5.0 itself. Classified applications include Skype, FTP, torrent, web browser traffic, web radio, interactive gaming and SSH. We performed subsequent tries using different sets of parameters and both training and classification options. This paper shows how we collected accurate traffic data, presents arguments used in classification process, introduces the C5.0 classifier and its options, and finally evaluates and compares the obtained results.
Close

Details

Monitoring of the network performance in high-speed Internet infrastructure is a challenging task, as the requirements for the given quality level are service-dependent. Backbone QoS monitoring and analysis in Multi-hop Networks requires therefore knowledge about types of applications forming current network traffic. To overcome the drawbacks of existing methods for traffic classification, usage of C5.0 Machine Learning Algorithm (MLA) was proposed. On the basis of statistical traffic information received from volunteers and C5.0 algorithm we constructed a boosted classifier, which was shown to have ability to distinguish between 7 different applications in test set of 76,632-1,622,710 unknown cases with average accuracy of 99.3-99.9%. This high accuracy was achieved by using high quality training data collected by our system, a unique set of parameters used for both training and classification, an algorithm for recognizing flow direction and the C5.0 itself. Classified applications include Skype, FTP, torrent, web browser traffic, web radio, interactive gaming and SSH. We performed subsequent tries using different sets of parameters and both training and classification options. This paper shows how we collected accurate traffic data, presents arguments used in classification process, introduces the C5.0 classifier and its options, and finally evaluates and compares the obtained results.
Original languageEnglish
Title of host publicationICNC'12: 2012 International Conference on Computing, Networking and Communications (ICNC) : Workshop on Computing, Networking and Communications
Number of pages5
PublisherIEEE Press
Publication date2 Feb 2012
Pages237-241
ISBN (print)978-1-4673-0008-7
ISBN (electronic)978-1-4673-0723-9
DOI
StatePublished - 2 Feb 2012
Event - Maui, Hawaii, United States

Conference

Conference2012 International Conference on Computing, Networking and Communications
LandUnited States
ByMaui, Hawaii
Periode30/01/201202/02/2012

    Keywords

  • traffic classification, computer networks, C5.0, Machine Learning Algorithms (MLAs), performance monitoring

Download statistics

No data available
ID: 61495484