Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult when many applications use dynamic port numbers, masquerading techniques, and encryption to avoid detecti...Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult when many applications use dynamic port numbers, masquerading techniques, and encryption to avoid detection. In this article, an approach is presented for online traffic classification relying on the observation of the first n packets of a transmission control protocol (TCP) connection. Its key idea is to utilize the properties of the observed first ten packets of a TCP connection and Bayesian network method to build a classifier. This classifier can classify TCP flows dynamically as packets pass through it by deciding whether a TCP flow belongs to a given application. The experimental results show that the proposed approach performs well in online Internet traffic classification and that it is superior to naive Bayesian method.展开更多
To understand website complexity deeply, a web page complexity measurement system is developed. The system measures the complexity of a web page at two levels: transport-level and content-level, using a packet trace-...To understand website complexity deeply, a web page complexity measurement system is developed. The system measures the complexity of a web page at two levels: transport-level and content-level, using a packet trace-based approach rather than server or client logs. Packet traces surpass others in the amount of information contained. Quantitative analyses show that different categories of web pages have different complexity characteristics. Experimental results show that a news web page usually loads much more elements at more accessing levels from much more web servers within diverse administrative domains over much more concurrent transmission control protocol (TCP) flows. About more than half of education pages each only involve a few logical servers, where most of elements of a web page are fetched only from one or two logical servers. The number of content types for web game traffic after login is usually least. The system can help web page designers to design more efficient web pages, and help researchers or Internet users to know communication details.展开更多
1.引言随着Internet网络的飞速发展,传统的"尽力"型业务越来越不能满足新的用户和应用的质量要求,网络需要提供更高级的质量保障.同时,对于不同的用户对业务质量(QoS)具有不同的要求,网络也需要区别QoS等级,并采用相应的传输...1.引言随着Internet网络的飞速发展,传统的"尽力"型业务越来越不能满足新的用户和应用的质量要求,网络需要提供更高级的质量保障.同时,对于不同的用户对业务质量(QoS)具有不同的要求,网络也需要区别QoS等级,并采用相应的传输控制机制来保障这些QoS等级.在传统Internet网络中,分别用两种传输协议来传送不同质量要求的业务:TCP(Transmission Control Protrol)和UDP(User Data Protocol)协议.展开更多
为提升网络流识别性能,本文提出了一种TCP流识别算法.该算法基于传输控制协议(Transmission Control Protocol,TCP)下网络通信双方的交互过程构建双向流自动机,由该自动机根据TCP协议规则和网络流当前状态判断TCP流终止,同时以基于规则...为提升网络流识别性能,本文提出了一种TCP流识别算法.该算法基于传输控制协议(Transmission Control Protocol,TCP)下网络通信双方的交互过程构建双向流自动机,由该自动机根据TCP协议规则和网络流当前状态判断TCP流终止,同时以基于规则的过滤机制和超时策略为辅助措施,快速识别单包流和异常中断流.该算法内存开销、计算和内存总开销均低于经典算法固定超时策略(Fixed Timeout strategy,FT)和同类代表性算法两层自适应超时策略(Two-level Self-Adaptive Timeout,TSAT),同时该算法精度高于TSAT,且仅比默认精度标准略有下降.该算法基于协议规则识别TCP流,既保证了流的准确性,又节省了流的超时等待时间,而且算法尤其适合中流、小流和不规则TCP流比重较大的情况,使得识别系统在面临DDo S攻击、蠕虫爆发等网络异常时仍能正常运行.展开更多
基金supported by the National Basic Research Program of China(2007CB310705)the Hi-Tech Research and Development Program of China(2007AA01Z255)+2 种基金the National Natural Science Foundation of China(60711140087)PCSIRT(IRT0609)ISTCP(2006DFA 11040) of China
文摘Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult when many applications use dynamic port numbers, masquerading techniques, and encryption to avoid detection. In this article, an approach is presented for online traffic classification relying on the observation of the first n packets of a transmission control protocol (TCP) connection. Its key idea is to utilize the properties of the observed first ten packets of a TCP connection and Bayesian network method to build a classifier. This classifier can classify TCP flows dynamically as packets pass through it by deciding whether a TCP flow belongs to a given application. The experimental results show that the proposed approach performs well in online Internet traffic classification and that it is superior to naive Bayesian method.
基金supported by the Open Research Program of the Key Laboratory of Computer Network and Information Integration(Southeast University),Ministry of Education(K93-9-2014-04B)the National Natural Science Foundation of China(61170322,61572263,61302157)
文摘To understand website complexity deeply, a web page complexity measurement system is developed. The system measures the complexity of a web page at two levels: transport-level and content-level, using a packet trace-based approach rather than server or client logs. Packet traces surpass others in the amount of information contained. Quantitative analyses show that different categories of web pages have different complexity characteristics. Experimental results show that a news web page usually loads much more elements at more accessing levels from much more web servers within diverse administrative domains over much more concurrent transmission control protocol (TCP) flows. About more than half of education pages each only involve a few logical servers, where most of elements of a web page are fetched only from one or two logical servers. The number of content types for web game traffic after login is usually least. The system can help web page designers to design more efficient web pages, and help researchers or Internet users to know communication details.
基金Supported by the National High-Tech Research and Development Plan of China under Grant No.2005AA121210(国家高技术研究发展计划(863))the National Basic Research Program of China under Grant No.2007CB307102(国家重点基础研究发展计划(973))
文摘针对流竞争拥塞,提出了一种拥塞分析模型FCCM(flow-competing congestion model),给出了TCP竞争流在拥塞链路上的分布特性,推导了流竞争拥塞发生的条件,进而分析了在流竞争拥塞发生时,路由器为维持拥塞链路100%利用率所需的最小缓存.分析结果表明,当流数目不确定时,应对流竞争拥塞所需的缓存将不大于流数目确定时经典BSCL(buffer sizing for congested interact links)方案中的最小缓存需求.
文摘1.引言随着Internet网络的飞速发展,传统的"尽力"型业务越来越不能满足新的用户和应用的质量要求,网络需要提供更高级的质量保障.同时,对于不同的用户对业务质量(QoS)具有不同的要求,网络也需要区别QoS等级,并采用相应的传输控制机制来保障这些QoS等级.在传统Internet网络中,分别用两种传输协议来传送不同质量要求的业务:TCP(Transmission Control Protrol)和UDP(User Data Protocol)协议.