English

应用科学学报 >

2011 , Vol. 29 >Issue 1: 73 - 77

DOI: https://doi.org/10.3969/j.issn.0255-8297.2011.01.013

计算机科学与应用

TCP流量早期识别方法

展开
  • 1. 北京邮电大学网络与信息攻防技术教育部重点实验室,北京100876
    2. 北京邮电大学灾备技术国家工程实验室,北京100876
彭建芬,博士生,讲师,研究方向:流量识别、网络安全,E-mail: horsepjf@gmail.com;王枞,博士,教授,博导,研究方向:网络信息内容安全、智能控制与信息系统工程,E-mail: wangc@bupt.edu.cn;杨义先,博士,教授,博导,研究方向:网络与信息安全、现代密码理论与应用,E-mail: yxyang@bupt.edu.cn

收稿日期: 2010-10-20

  修回日期: 2010-12-13

  网络出版日期: 2011-01-25

基金资助

国家自然科学基金(No.60972077);北京市自然科学基金(No.9092009, No.4092029);教育部科学技术研究重点项目基金资助

收起

Early TCP Traffic Classification

Expand
  • 1. Key Laboratory of Network and Information Attack and Defence Technology of Ministry of Education,
    Beijing University of Posts and Telecommunications, Beijing 100876, China
    2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and
    Telecommunications, Beijing 100876, China

Received date: 2010-10-20

  Revised date: 2010-12-13

  Online published: 2011-01-25

Fold

摘要

摘要: 为了对TCP数据流进行及时、快速并准确的识别,本文提出一种TCP流量早期识别方法. 该方法以TCP流初期的3 个数据包的载荷大小和服务器端口作为特征,利用支持向量机进行分类. 实验结果表明,根据提取的特征,采用无偏训练样本能快速而有效地识别WEB、MAIL、P2P中的BitTorrent和eMule等流量.

关键词: 早期流量识别; 机器学习; 支持向量机; 包载荷

本文引用格式

彭建芬1;2, 周亚建1;2, 王枞1;2, 杨义先1;2, 平源1;2 . TCP流量早期识别方法[J]. 应用科学学报, 2011 , 29(1) : 73 -77 . DOI: 10.3969/j.issn.0255-8297.2011.01.013

Abstract

In order to identify classification quickly and accurately, an early traffic classification method (ETCM) is proposed. The method uses the payload size of three early packets and the server port number obtained from the TCP flow as flow feature, and classifies the traffic based on support vector machine (SVM). The results show that ETCM meets the following conditions: extracted features used, training samples selected without bias, Internet traffic related to WEB, MAIL, BitTorrent and eMule can be identified efficiently and quickly.

Key words: early traffic classification; machine learning; support vector machine; packet payload

Options
文章导航

/