Hierarchical Real-time Network Traffic Classification Based on ECOC

Classification of network traffic is basic and essential for many network researches and managements. With the rapid development of peer-to-peer (P2P) application using dynamic port disguising techniques and encryption to avoid detection, port-based and simple payload-based network traffic classification methods were diminished. An alternative method based on statistics and machine learning had attracted researchers’ attention in recent years. However, most of the proposed algorithms were off-line and usually used a single classifier. In this paper, a new hierarchical real-time model was proposed which comprised of a three tuple (source ip, destination ip and destination port) look up table(TT-LUT) part and layered milestone part. TT-LUT was used to quickly classify short flows which need not to pass the layered milestone part, and milestones in layered milestone part could classify the other flows in real-time with the real-time feature selection and statistics. Every milestone was a ECOC(Error-Correcting Output Codes) based model which was used to improve classification performance. Experiments showed that the proposed model can improve the efficiency of real-time to 80%, and the multi-class classification accuracy to 91.4% on the data sets which had been captured from the backbone router in our campus through a week.