Early TCP Traffic Classification

PENG Jian-fen1;2, ZHOU Ya-jian1;2, WANG Cong1;2, YANG Yi-xian1;2, PING Yuan1;2

doi:10.3969/j.issn.0255-8297.2011.01.013

Journal of Applied Sciences >

2011 , Vol. 29 >Issue 1: 73 - 77

DOI: https://doi.org/10.3969/j.issn.0255-8297.2011.01.013

Computer Science and Applications

Early TCP Traffic Classification

Expand

1. Key Laboratory of Network and Information Attack and Defence Technology of Ministry of Education,
Beijing University of Posts and Telecommunications, Beijing 100876, China
2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and
Telecommunications, Beijing 100876, China

Received date: 2010-10-20

Revised date: 2010-12-13

Online published: 2011-01-25

Fold

Abstract

In order to identify classification quickly and accurately, an early traffic classification method (ETCM) is proposed. The method uses the payload size of three early packets and the server port number obtained from the TCP flow as flow feature, and classifies the traffic based on support vector machine (SVM). The results show that ETCM meets the following conditions: extracted features used, training samples selected without bias, Internet traffic related to WEB, MAIL, BitTorrent and eMule can be identified efficiently and quickly.

Key words： early traffic classification; machine learning; support vector machine; packet payload

Cite this article

PENG Jian-fen1;2, ZHOU Ya-jian1;2, WANG Cong1;2, YANG Yi-xian1;2, PING Yuan1;2 . Early TCP Traffic Classification[J]. Journal of Applied Sciences, 2011 , 29(1) : 73 -77 . DOI: 10.3969/j.issn.0255-8297.2011.01.013

Options

Outlines

模态框（Modal）标题

Abstract

Cite this article