A novel semi-supervised approach for network traffic clustering
conference contribution
posted on 2011-01-01, 00:00authored byYu Wang, Yang Xiang, Jun Zhang, S Yu
Network traffic classification is an essential component for network management and security systems. To address the limitations of traditional port-based and payload-based methods, recent studies have been focusing on alternative approaches. One promising direction is applying machine learning techniques to classify traffic flows based on packet and flow level statistics. In particular, previous papers have illustrated that clustering can achieve high accuracy and discover unknown application classes. In this work, we present a novel semi-supervised learning method using constrained clustering algorithms. The motivation is that in network domain a lot of background information is available in addition to the data instances themselves. For example, we might know that flow ƒ1 and ƒ2 are using the same application protocol because they are visiting the same host address at the same port simultaneously. In this case, ƒ1 and ƒ2 shall be grouped into the same cluster ideally. Therefore, we describe these correlations in the form of pair-wise must-link constraints and incorporate them in the process of clustering. We have applied three constrained variants of the K-Means algorithm, which perform hard or soft constraint satisfaction and metric learning from constraints. A number of real-world traffic traces have been used to show the availability of constraints and to test the proposed approach. The experimental results indicate that by incorporating constraints in the course of clustering, the overall accuracy and cluster purity can be significantly improved.
History
Event
Network and System Security. Conference (5th : 2011 : Milan, Italy)
Pagination
169 - 175
Publisher
IEEE
Location
Milan, Italy
Place of publication
[Milan, Italy]
Start date
2011-09-06
End date
2011-09-08
ISBN-13
9781457704581
Language
eng
Publication classification
E1 Full written paper - refereed
Copyright notice
2011, IEEE
Title of proceedings
NSS 2011 : Proceedings of the 5th International Conference on Network and System Security