Session level flow classification by packet size distribution and session grouping

Chun Nan Lu*, Ying-Dar Lin, Chun-Ying Huang, Yuan Cheng Lai

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Classifying traffic into specific network applications is essential for application-aware network management and it becomes more challenging because modern applications obscure their network behaviors. While port number-based classifiers work only for some well-known applications and signature-based classifiers are not applicable to encrypted packet payloads, researchers tend to classify network traffic based on behaviors observed in network applications. In this paper, a session level flow classification (SLFC) approach is proposed to classify network flows as a session, which comprises of flows in the same conversation. SLFC first classifies flows into the corresponding applications by packet size distribution (PSD) and then group flows as sessions by port locality. With PSD, each flow is transformed into a set of points in a two-dimension space and the distances between each flow and the representatives of pre-selected applications are computed. The flow is recognized as the application having a minimum distance. Meanwhile, port locality is used to group flows as sessions because an application often uses consecutive port numbers within a session. If flows of a session are classified into different applications, an arbitration algorithm is invoked to make the correction. The evaluation shows that SLFC achieves high accuracy rates on flow session classifications, say 99.9. When SLFC is applied to online classification, an average of 72 of packets in long-lasting flows can be skipped without reducing the classification accuracy rates.

Original languageEnglish
Title of host publicationProceedings - 26th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2012
Pages221-226
Number of pages6
DOIs
StatePublished - 14 May 2012
Event26th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2012 - Fukuoka, Japan
Duration: 26 Mar 201229 Mar 2012

Publication series

NameProceedings - 26th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2012

Conference

Conference26th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2012
Country/TerritoryJapan
CityFukuoka
Period26/03/1229/03/12

Keywords

  • flow classification
  • packet size distribution
  • session grouping

Fingerprint

Dive into the research topics of 'Session level flow classification by packet size distribution and session grouping'. Together they form a unique fingerprint.

Cite this