Traffic Labeller： Collecting Internet Traffic Samples with Accurate Application Information 被引量：1

Traffic Labeller： Collecting Internet Traffic Samples with Accurate Application Information

下载PDF

导出

摘要 Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth.A model named Traffic Labeller(TL) is proposed to solve this problem.TL system captures all user socket calls and their corresponding application process information in the user mode on a Windows host.Once a sending data call has been captured,its 5-tuple {source IP,destination IP,source port,destination port and transport layer protocol},associated with its application information,is sent to an intermediate NDIS driver in the kernel mode.Then the intermediate driver writes application type information on TOS field of the IP packets which match the 5-tuple.In this way,each IP packet sent from the Windows host carries their application information.Therefore,traffic samples collected on the network have been labelled with the accurate application information and can be used for training effective traffic classification models. Traffic classification research has been suffering from a trouble of collecting acc- urate samples with ground truth. A model named Traffic Labeller （TL） is proposed to solve this problem. TL system captures all user socket calls and their corresponding applica- tion process information in the user mode on a Windows host. Once a sending data call has been captured, its 5-tuple {source IP, destina- tion IP, source port, destination port and tra- nsport layer protocol}, associated with its ap- plication information, is sent to an intermedi- ate NDIS driver in the kernel mode. Then the intermediate driver writes application type inf- ormation on TOS field of the IP packets which match the 5-tuple. In this way, each IP packet sent from the Windows host carries their ap- plication information. Therefore, traffic sam- ples collected on the network have been lab- elled with the accurate application information and can be used for training effective traffic classification models.

作者 PENG Lizhi ZHANG Hongli YANG Bo CHEN Yuehui WU Tong

机构地区 School of Computer Science and Technology Provincial Key Laboratory for Network Based Intelligent Computing School of Computer and Information Technology

出处《China Communications》 SCIE CSCD 2014年第1期69-78,共10页 中国通信（英文版）

基金 ACKNOWLEDGEMENT This research was partially supported by the National Basic Research Program of China （973 Program） under Grant No. 2011CB30- 2605 the National High Technology Research and Development Program of China （863 Pro- gram） under Grant No. 2012AA012502 the National Key Technology Research and Dev- elopment Program of China under Grant No. 2012BAH37B00 the Program for New Cen- tury Excellent Talents in University under Gr- ant No. NCET-10-0863 the National Natural Science Foundation of China under Grants No 61173078, No. 61203105, No. 61173079, No. 61070130, No. 60903176 and the Provincial Natural Science Foundation of Shandong under Grants No. ZR2012FM010, No. ZR2011FZ001, No. ZR2010FM047, No. ZR2010FQ028, No. ZR2012FQ016.

关键词应用信息网络流量贴标机收集交通 Windows 中间驱动程序采样 network measurement traffic cla- ssification data collection ground truth

分类号 TP393 [自动化与计算机技术—计算机应用技术] U279.3 [机械工程—车辆工程]

引文网络
相关文献

参考文献24

1VALENTI S, ROSSI D, DAINOTTI A, et al. Re- viewing Traffic Classification[M]. Springer Be- rlin Heidelberg, 2013.
2CALLADO A, KAMIENSK! C, SZABO G, et al. A Survey on Internet Traffic Identification[J]. IEEE Communications Surveys and Tutorials, 2009, ii(3): 37-52.
3NGUYEN T T T, ARMITAGE G. A Survey of Tec- hniques for Internet Traffic Classification Us- ing Machine Learning[J]. IEEE Communications Surveys and Tutorials, 2008, 3.0(4): 56-76.
4HU Bin, SHEN Yi. Machine Learning Based Net- work Traffic Classification: A Survey[J]. Journal of Information and Computational Science, 2012, 9(11): 3161-4170.
5CROTTI M, DUS! M, GRINGOLI F, et al. Traffic Classification Through Simple Statistical Fin- gerprinting[C]. ACM SIGCOMM Computer Communication Review, 2007, 37(1): 5-16.
6BERNAILLE L, TEIXEIRA R, AKODKENOU I, et al Traffic Classification on the Fly[J]. ACM SIGC- OMM Computer Communication Review, 2006, 36(2): 23-26.
7KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC: Multilevel Traffic Classification in the Dark[J]. ACM SIGCOMM Computer Com- munication Review, 2005, 35(4): 229-240.
8LU Gang, ZHANG Hongli, SHA Xuefu, et al. TCFOM: A Robust Traffic Classification Frame- work Based on OC-SVM Combined with MC-SVM [C]// Proceedings of 2010 International Con- ference on Communications and Intelligence Information Security (ICCIIS): October 13-14, 2010. Nanning, China. IEEE, 2010: 180-186.
9杜敏,陈兴蜀,谭骏.基于多级分类的网络流量在线识别方法(英文)[J].China Communications,2013,10(2):89-97. 被引量：3
10杜敏,陈兴蜀,谭骏.一种新的基于BPSO和KNN的P2P流量识别算法(英文)[J].China Communications,2011,8(2):52-58. 被引量：6

二级参考文献30

1杜敏,陈兴蜀,谭骏.一种新的基于BPSO和KNN的P2P流量识别算法(英文)[J].China Communications,2011,8(2):52-58. 被引量：6
2SOYSAL M, CHMfDT E G. Machine Learning Algorithms for Accurate Flow-Based Network Traffic Classification: Evaluation and Com- parison[J]. Performance Evaluation, 2010, 67(6): 452-467.
3SEN S, WANG Jia. Analyzing Peer-to-Peer Traffic Across Large Networks[J]. IEEE/ACM Transactions on Networking, 2004, 12(2): 219-232.
4MOORE A, PAPAGIANNAKI K. Toward the Ac- curate Identification of Network Applica- tions[J]. Lecture Notes in Computer Science, 2005. 3431: 41-54.
5GERBER A, HOULE J, NGUYEN H, etaL P2P, the Gorilla in the Cable[C]// Proceedings of the 2003 National Cable & Telecommunications Association Conference: June 8-11. 2003.Chicago, FL, USA.
6MUELLER M L, ASGHARI H. Deep Packet In- spection and Bandwidth Management: Battles over BitTorrent in Canada and the United States[J]. Telecommunications Policy, 2012, 36(6): 462-475.
7KERALAPURA R, NUCCI A, CHUAH C N. A Novel Self-Learning Architecture for P2PTraffic Classification in High Speed Net- work[J]. Computer Networks, 2010, 54(7): 1055-1068.
8KARAGIANNIS T, BROIDO A, FALOUTSOS M, et al. Transport Layer Identification of P2P Traffic[C]// Proceedings of the 4th ACM SIGCOMM Conference on Internet Measure- ment: October 25-27, 2004. Taormina, Sicily, Italy, 2004: 121-134.
9XU Ke, ZHANG Ming, YE Mingjiang, et al. Identify P2P Traffic by Inspecting Data Trans- fer Behavior[J]. Computer Communications, 2010, 33(10): 1141-1150.
10ESTE A, GRINGOLI F, SALGARELLI L. Support Vector Machines for TCP Traffic Classifica- tion[J]. Computer Networks, 2009, 53(14): 2476-2490.

共引文献6

1杜敏,陈兴蜀,谭骏.基于多级分类的网络流量在线识别方法(英文)[J].China Communications,2013,10(2):89-97. 被引量：3
2何杰,杨岳湘,乔勇,唐川.基于簇流的P2P流量精确分类技术（英文）[J].China Communications,2013,10(11):42-51. 被引量：2
3吴同,韩臻,王伟,彭立志.基于有效载荷大小的早期网络流量识别(英文)[J].Journal of Southeast University(English Edition),2014,30(3):289-295.
4苗长胜,原常青,王兴伟,常桂然.基于互信息和文化基因算法的网络流量特征选择[J].东北大学学报（自然科学版）,2014,35(11):1530-1534. 被引量：3
5彭立志.互联网流量识别研究综述[J].济南大学学报（自然科学版）,2016,30(2):95-104. 被引量：13
6程珊,钮焱,李军.基于网络资源的kNN网络流量分类模型的研究[J].湖北工业大学学报,2016,31(4):75-79. 被引量：4

同被引文献2

1Yanhua Yu,Meina Song,Yu Fu,Junde Song.Traffic Prediction in 3G Mobile Networks Based on Multifractal Exploration[J].Tsinghua Science and Technology,2013,18(4):398-405. 被引量：6
2Zhen Chen,Linyun Ruan,Junwei Cao,Yifan Yu,Xin Jiang.TIFAflow: Enhancing Traffic Archiving System with Flow Granularity for Forensic Analysis in Network Security[J].Tsinghua Science and Technology,2013,18(4):406-417. 被引量：3

引证文献1

1PENG Lizhi,YANG Bo,CHEN Yuehui,WU Tong.How Many Packets Are Most Effective for Early Stage Traffic Identification： An Experimental Study[J].China Communications,2014,11(9):183-193. 被引量：2

二级引证文献2

1彭立志,张宏莉.基于柔性神经树的Internet流量早期识别模型[J].智能计算机与应用,2015,5(2):21-24.
2Xiaolin Gui,Jun Liu,Qiujian Lv,Chao Dong,Zhenming Lei.Probabilistic Top-k Query:Model and Application on Web Traffic Analysis[J].China Communications,2016,13(6):123-137. 被引量：1

1饶文碧,陈旭辉,方复兴.Windows NT下的NDIS中间驱动程序的设计[J].微机发展,2002,12(1):66-68. 被引量：2
2王文联,侯整风,周先存.基于NDIS中间驱动程序的防火墙的研究与实现[J].安徽建筑工业学院学报（自然科学版）,2004,12(1):52-55.
3许德鹏,牛秦洲.一种基于NDIS的实时调度实现方法[J].桂林工学院学报,2004,24(2):248-251. 被引量：2
4高中鹤,曹洪波.论信息技术在项目施工管理中的应用[J].黑龙江交通科技,2006,29(12):112-113. 被引量：1
5Niu Xiaona Guo Yunfei Zhang Jin Wang Chao.EARLY RECOGNITION OF INTERNET TRAFFIC BASED ON SIGNATURE INSPECTION[J].Journal of Electronics(China),2010,27(2):230-236.
6今夏笔记本电脑的88种选择[J].新潮电子,2005(12):48-67.
7Xiaobing Liu,Bo Zhang.Automatic Collecting Representative Logo Images from the Internet[J].Tsinghua Science and Technology,2013,18(6):606-617. 被引量：2
8晁汾涛,郑锋.基于中间驱动程序的数据包截获技术[J].空军雷达学院学报,2005,19(2):50-52.
9杨戈.利用NDIS中间驱动程序实现VoIP网关的软交换功能[J].江苏通信,2009,0(4):46-48.
10秦根建,张秉权.网络数据包截获机制的研究[J].兵工自动化,2003,22(6):34-36. 被引量：10

China Communications

2014年第1期

浏览历史

内容加载中请稍等...