Network traffic classification via HMM under the guidance of syntactic structure

Network traffic classification is the basis of many network technologies including intrusion detection, traffic scheduling, and quality of service. Given the limitations of existing classification approaches based on the port number, the packet-payload and statistical characteristics of network traffic, in this paper we propose a novel classification method via a hidden Markov model. With the analysis about the time series characteristics and statistical properties of network traffic, we use a hidden Markov model to model for a type of traffic under the guidance of syntactic structure of it. And then a classification approach is presented based on the model. Experiment results on several typical network applications indicate that the combination of time series characteristics and the statistical properties not only make the established model more precise, but also improve the accuracy of network traffic classification. 2012 Elsevier B.V. All rights reserved.