Demo Abstract: NeTraMark: A Network Traffic classification benchMark

1. Introduction: Recent research on Internet traffic classification has produced a flurry of proposed approaches for distinguishing types of traffic. However, rigorous comparison of the proposed algorithms remains an almost impossible task, since nearly every paper considers a different benchmark for its experimental evaluation. To shed light on scientifically grounded traffic classification research and respond to the growing necessity for an objective way of comparing results from different research groups [4], [5], this demonstration introduces an extensible Internet traffic classification benchmark , NeTraMark. To the best of our knowledge, this is the first benchmark where all the state-of-the-art Internet traffic classification approaches are integrated; the payload-based classifier called crl pay [4], [7], graphs-based classifiers like BLINC [7] and Traffic Dispersion Graphs (TDG) [6], the seven most oft-used machine learning algorithms 1 [4], and CoralReef's [1] ports-applications matching database. 2. Design Principles: We employ six design principles for developing NeTraMark. Those principles are: Comparable: Experimental results of different approaches should be comparable based on the same performance metrics. Reproducible: Experimental results should be reproducible for verification. Extensible: A new classification method should be easily added and integrated into existing software or it should be easy to modify and enhance an existing method. Synergetic: It is known that each traffic classification method has its own strengths and weaknesses (e.g., payload-based classifiers are not applicable to encrypted traffic data), and careful combinations can provide synergy [4]. Our benchmark allows users to test and obtain synergy by combining/applying multiple classification methods on a given dataset, in order to build a combined classifier which outperforms individual ones. Flexible in use: to enable users to setup plugged-in classi-fiers in variable configurations determined at runtime, either interactively or via batch. (e.g., configuring which classifier will be used to establish a comparison reference point, which features will be selected and/or discretized in advance, which classifiers will be combined together to create a new one, ...) Easy-to-use : All functionalities derived from the above design principles should be easy-to-use, both for traffic classification researchers as well as network administrators.