A Hybrid Classifier with a Binning Method for Network Application Identification Academic Article uri icon

abstract

  • 2014 - Society for Design and Process Science. Despite the increasing interest in application identification, the traditional approach based on transport layer port numbers has become less effective due to several reasons including the increasing use of random or non-standard port numbers and tunneling (e.g., HTTP tunnels). One approach to overcome this is to inspect application payload information. While highly accurate, it is limited and complicated for encrypted or obfuscated packets. Another common approach is to utilize flow statistics, such as flow size and duration, for classifying applications. Since it does not require to read packet contents, this approach has no limitation to plain-text flows, but it is known to be relatively less accurate. In this work, we develop a framework that incorporates those multiple classification techniques to offer accurate identification of applications with greater flexibility. In particular, we present our design of the hybrid classifier that performs classification based on machine learning with payload information and statistical flow-level features. With a recently collected traffic data set with a diverse set of applications, our experimental results show that our hybrid approach provides a high degree of accuracy for application identification yielding an accuracy of 95% on average. In addition, we propose an optimization technique with a novel binning method that partitions the given application set into multiple subgroups to improve the overall identification accuracy.

published proceedings

  • JOURNAL OF INTEGRATED DESIGN & PROCESS SCIENCE

author list (cited authors)

  • Moon, I., Albalawi, U., Kim, J., Suh, S., & Lee, W.

citation count

  • 0

complete list of authors

  • Moon, Ilhwan||Albalawi, Umar||Kim, Jinoh||Suh, Sang||Lee, Wang-Hwan

publication date

  • January 2014