Deakin University
Browse

File(s) under permanent embargo

A novel semi-supervised approach for network traffic clustering

conference contribution
posted on 2011-01-01, 00:00 authored by Yu Wang, Yang Xiang, Jun Zhang, S Yu
Network traffic classification is an essential component for network management and security systems. To address the limitations of traditional port-based and payload-based methods, recent studies have been focusing on alternative approaches. One promising direction is applying machine learning techniques to classify traffic flows based on packet and flow level statistics. In particular, previous papers have illustrated that clustering can achieve high accuracy and discover unknown application classes. In this work, we present a novel semi-supervised learning method using constrained clustering algorithms. The motivation is that in network domain a lot of background information is available in addition to the data instances themselves. For example, we might know that flow ƒ1 and ƒ2 are using the same application protocol because they are visiting the same host address at the same port simultaneously. In this case, ƒ1 and ƒ2 shall be grouped into the same cluster ideally. Therefore, we describe these correlations in the form of pair-wise must-link constraints and incorporate them in the process of clustering. We have applied three constrained variants of the K-Means algorithm, which perform hard or soft constraint satisfaction and metric learning from constraints. A number of real-world traffic traces have been used to show the availability of constraints and to test the proposed approach. The experimental results indicate that by incorporating constraints in the course of clustering, the overall accuracy and cluster purity can be significantly improved.

History

Event

Network and System Security. Conference (5th : 2011 : Milan, Italy)

Pagination

169 - 175

Publisher

IEEE

Location

Milan, Italy

Place of publication

[Milan, Italy]

Start date

2011-09-06

End date

2011-09-08

ISBN-13

9781457704581

Language

eng

Publication classification

E1 Full written paper - refereed

Copyright notice

2011, IEEE

Title of proceedings

NSS 2011 : Proceedings of the 5th International Conference on Network and System Security

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC