摘要
互联网技术不断发展,很多新的网络通信采用动态端口、协议加密等技术,使传统的流量分类技术不再适用.以TCP三次握手后客户端到服务器的第1个包载荷大小、服务器到客户端的第1个包和第2个包载荷大小以及服务器端口信息作为流量特征,提出一种基于DDAG-SVM的网络流量分类的方法,并针对传统DDAG-SVM的误差累积效应,使分类性能变差的问题,根据类间可分离度重构DDAG-SVM决策树,每次都选择最容易分开的两个流类别构成分类决策面,测试结果表明该方法取得了较高的分类准确率.
With the quick development of internet technology, many new network commu-nications now use dynamic port, protocol encryption technology, while the traditional traffic classification technology is no longer applicable. After TCP "three-time handshake", the pa-per regards the following information as flow characteristics: the 18t packet load size from client to the server, the 1^st and 2nd packet payload size from server to client, the server port information, and then presents network traffic classification methods based on DDAG-SVM. aiming at the deterioration of classification performance caused by cumulative effect of tradi-tional DDAG-SVM error, the paper reconstruct DDAG-SVM decision tree according to the class separation. The two most likely separable tion decision surface each time. The test results classification accuracy. categories are chosen to form a classifica-show that this method can achieve higher classification accuracy.
出处
《数学的实践与认识》
CSCD
北大核心
2013年第8期197-203,共7页
Mathematics in Practice and Theory
基金
湖南省教育厅资助科研项目(10C0138)
湖南省自科基金项目(11JJ4050)