BLINC: multilevel traffic classification in the dark. We present a fundamentally different approach to classifying traffic flows according to the applications that generate them. In contrast to previous methods, our approach is based on observing and identifying patterns of host behavior at the transport layer. We analyze these patterns at three levels of increasing detail (i) the social, (ii) the functional and (iii) the application level. This multilevel approach of looking at traffic flow is probably the most important contribution of this paper. Furthermore, our approach has two important features. First, it operates in the dark, having (a) no access to packet payload, (b) no knowledge of port numbers and (c) no additional information other than what current flow collectors provide. These restrictions respect privacy, technological and practical constraints. Second, it can be tuned to balance the accuracy of the classification versus the number of successfully classified traffic flows. We demonstrate the effectiveness of our approach on three real traces. Our results show that we are able to classify 80%-90% of the traffic with more than 95% accuracy.
Keywords for this software
References in zbMATH (referenced in 9 articles )
Showing results 1 to 9 of 9.
- Chen, Zhenxiang; Liu, Zhusong; Peng, Lizhi; Wang, Lin; Zhang, Lei: A novel semi-supervised learning method for Internet application identification (2017)
- Li, Ting; Liu, Jason: Cluster-based spatiotemporal background traffic generation for network simulation (2015)
- Glatz, Eduard; Mavromatidis, Stelios; Ager, Bernhard; Dimitropoulos, Xenofontas: Visualizing big network traffic data using frequent pattern mining and hypergraphs (2014) ioport
- Wang, Yu; Xiang, Yang; Zhang, Jun; Zhou, Wanlei; Xie, Bailin: Internet traffic clustering with side information (2014)
- Xiong, Wei; Hu, Hanping; Xiong, Naixue; Yang, Laurence T.; Peng, Wen-Chih; Wang, Xiaofei; Qu, Yanzhen: Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications (2014) ioport
- Freire, Emanuel Pacheco; Ziviani, Artur; Salles, Ronaldo Moreira: On metrics to distinguish skype flows from HTTP traffic (2009) ioport
- He, Haitao; Luo, Xiaonan; Ma, Feiteng; Che, Chunhui; Wang, Jianmin: Network traffic classification based on ensemble learning and co-training (2009)
- Szabó, Géza; Veres, András; Molnár, Sándor: On the impacts of human interactions in MMORPG traffic (2009) ioport
- Jung, Jaeyeon; Milito, Rodolfo A.; Paxson, Vern: On the adaptive real-time detection of fast-propagating network worms. (2008) ioport