Identifying file-sharing P2P traffic based on traffic characteristics

This article focuses on identifying file-sharing peer-to-peer （P2P） （such as BitTorrent （BT）） traffic at the borders of a stub network. By analyzing protocols and traffic of applications, it is found that file-sharing P2P traffic of a single user differs greatly from traditional and other P2P （such as QQ） applications＇ traffic in the distribution of involved remote hosts and remote ports. Therefore, a method based on discreteness of remote hosts （RHD） and discreteness of remote ports （RPD） is proposed to identify BT-like traffic. This method only relies on flow information of each user host in a stub network, and no packet payload needs to be monitored. At intervals, instant RHD for concurrent transmission control protocol and user datagram protocol flows for each host are calculated respectively through grouping flows by the stub network that the remote host of each flow belongs to. On given conditions, instant RPD are calculated through grouping flows by the remote port to amend instant RHD. Whether a host has been using a BT-like application or not can be deduced from instant RHD or average RHD for a period of time. The proposed method based on traffic characteristics is more suitable for identifying protean file-sharing P2P traffic than content-based methods Experimental results show that this method is effective with high accuracy.     

Research of the traffic characteristics for the real time online traffic classification

Aiming at the hysteretic characteristics of classification problem existed in current internet traffic identification field,this paper investigates the traffic characteristic suitable for the on-line traffic classification,such as quality of service (QoS).By the theoretical analysis and the experimental observation,two characteristics (the ACK-Len ab and ACK-Len ba) were obtained.They are the data volume which first be sent by the communication parties continuously.For these two characteristics only depend on data’s total length of the first few packets on the flow,network traffic can be classified in the early time when the flow arrived.The experiment based on decision tree C4.5 algorithm,with above 97% accuracy.The result indicated that the characteristics proposed can commendably reflect behavior patterns of the network application,although they are simple.     

Studying cost-sensitive learning for multi-class imbalance in Internet traffic classification

Cost-sensitive learning has been applied to resolve the multi-class imbalance problem in Internet traffic classification and it has achieved considerable results.But the classification performance on the minority classes with a few bytes is still unhopeful because the existing research only focuses on the classes with a large amount of bytes.Therefore,the class-dependent misclassification cost is studied.Firstly,the flow rate based cost matrix(FCM) is investigated.Secondly,a new cost matrix named weighted cost matrix(WCM) is proposed,which calculates a reasonable weight for each cost of FCM by regarding the data imbalance degree and classification accuracy of each class.It is able to further improve the classification performance on the difficult minority class(the class with more flows but worse classification accuracy).Experimental results on twelve real traffic datasets show that FCM and WCM obtain more than 92% flow g-mean and 80% byte g-mean on average;on the test set collected one year later,WCM outperforms FCM in terms of stability.     

Method of data cleaning for network traffic classification

Network traffic classification aims at identifying the application types of network packets. It is important for Internet service providers （ISPs） to manage bandwidth resources and ensure the quality of service for different network applications However, most classification techniques using machine learning only focus on high flow accuracy and ignore byte accuracy. The classifier would obtain low classification performance for elephant flows as the imbalance between elephant flows and mice flows on Internet. The elephant flows, however, consume much more bandwidth than mice flows. When the classifier is deployed for traffic policing, the network management system cannot penalize elephant flows and avoid network congestion effectively. This article explores the factors related to low byte accuracy, and secondly, it presents a new traffic classification method to improve byte accuracy at the aid of data cleaning. Experiments are carried out on three groups of real-world traffic datasets, and the method is compared with existing work on the performance of improving byte accuracy. Experiment shows that byte accuracy increased by about 22.31% on average. The method outperforms the existing one in most cases.     

基于多级分类的网络流量在线识别方法(英文)

Internet traffic classification plays an important role in network management. Many approaches have been proposed to classify different categories of Internet traffic. However, these approaches have specific usage contexts that restrict their ability when they are applied in the current network environment. For example, the port based approach cannot identify network applications with dynamic ports; the deep packet inspection approach is invalid for encrypted network applications; and the statistical based approach is time-consuming. In this paper, a novel technique is proposed to classify different categories of network applications. The port based, deep packet inspection based and statistical based approaches are integrated as a multistage classifier. The experimental results demonstrate that this approach has high recognition rate which is up to 98% and good performance of real-time for traffic identification.     

Wavelength Routing Algorithm of All Optical Network Based on Traffic Engineering

General multi-protocol label switching （GMPLS） based on traffic engineering is one of the possible methods to implement all-optical network. This method implements the network with IP technique and guarantees the quality of service with traffic engineering. Based on the establishment of selecting schemes of optical path and methods of traffic calculation, the wavelength routing algorithm of all-optical network based on traffic engineering is presented by combining with prior route of shortest path and traffic engineering, the algorithm procedures are given, and the actual examples are introduced as well as the analysis on simulation calculation. This research results have certain significance for the achievement of optical switching technique of all-optical network.     

Weighted Multi-source TrAdaBoost

In order to take full advantage of valuable information from all source domains and to avoid negative transfer resulted from irrelevant information, a kind of weighted multi-source TrAdaBoost algorithm is proposed. At flrst some weak classifiers are respectively trained based on training sample sets constituted by both each source domain and the target domain. Then we assign a weight to each weak classifier according to its error on the target training set. In the third step, a candidate classifier is obtained based on the weighted sum of all weak classifiers. In the fourth step, sample weights of the source and target domains are updated according to the error of the candidate classifier on corresponding domains. At last, all weak classifiers are retrained based on the training samples with new updated weights. The above steps repeated until the number of maximum iterations is reached. Experimental results on bimonthly datasets show that, compared with TrAdaBoost and multi-source TrAdaBoost, the proposed algorithm has higher classification accuracy.     

Efficient complementary caching for ISP-aware networks

Internet service providers(ISPs) have taken some measures to reduce intolerable inter-ISP peer-to-peer(P2P) traffic costs,therefore user experiences of various P2P applications have been affected.The recently emerging offline downloading service seeks to improve user experience by using dedicate servers to cache requested files and provide high-speed uploading.However,with rapid increase in user population,the server-side bandwidth resource of offline downloading system is expected to be insufficient in the near future.We propose a novel complementary caching scheme with the goal of mitigating inter-ISP traffic,alleviating the load on servers of Internet applications and enhancing user experience.Both architecture and caching algorithm are presented in this paper.On the one hand,with full knowledge of P2P file sharing system and offline downloading service,the infrastructure of complementary caching is designed to conveniently be deployed and work together with existing platforms.The co-operational mechanisms among different major components are also included.On the other hand,with in-depth understanding of traffic characteristics that are relevant to caching,we develop complementary caching algorithm with respect to the density of requests,the redundancy of file and file size.Since such relevant information can be real-time captured in our design,the proposed policy can be implemented to guide the storage and replacement of caching unities.Based on real-world traces over 3 months,we demonstrate that the complementary caching scheme is capable to achieve the ’three-win’ objective.That is,for P2P downloading,over 50% of traffic is redirected to cache;for offline downloading,the average server-dependence of tasks drops from 0.71 to 0.32;for user experience,the average P2P transfer rate is increased by more than 50 KB/s.     

Analysis on the time-domain characteristics of botnets control traffic

Botnets are networks composed with malware-infect ed computers.They are designed and organized to be controlled by an adversary.As victims are infected through their inappropriate network behaviors in most cases,the Internet protocol(IP) addresses of infected bots are unpredictable.Plus,a bot can get an IP address through dynamic host configuration protocol(DHCP),so they need to get in touch with the controller initiatively and they should attempt continuously because a controller can’t be always online.The whole process is carried out under the command and control(C&C) channel.Our goal is to characterize the network traffic under the C&C channel on the time domain.Our analysis draws upon massive data obtained from honeynet and a large Internet service provider(ISP) Network.We extract and summarize fingerprints of the bots collected in our honeynet.Next,with the fingerprints,we use deep packet inspection(DPI) Technology to search active bots and controllers in the Internet.Then,we gather and analyze flow records reported from network traffic monitoring equipments.In this paper,we propose a flow record interval analysis on the time domain characteristics of botnets control traffic,and we propose the algorithm to identify the communications in the C&C channel based on our analysis.After that,we evaluate our approach with a 3.4 GB flow record trace and the result is satisfactory.In addition,we believe that our work is also useful information in the design of botnet detection schemes with the deep flow inspection(DFI) technology.     

Security of Broadband Access Network

Due to the rapid development of broadband access technologies, the broadband access networks have wider and wider application. However, with the development, the security issue became a public concern. Under the environment of access network, customers, access equipment and networks all face various threats, especially those from the user side. Such technologies and solutions as port positioning, fraud prevention on Medium Access Control (MAC) addresses and monitoring of illegal services might be the solution to the security problem existing in the current networks.     

Hyperspectral datum classification using kernel method based on mutual information of neighbor bands

Under the framework of support vector machines, this paper proposes a new kernel method based on neighbor bands mutual information for hyperspectral datum classification. This algorithm assigns weights to different bands in the kernel function according to the amount of useful information that they contain, which makes the band with more useful informa- tion play more important role in the classification. Our research has shown that the band with greater mutual information between neighbor bands contains more useful information, and hencewe use the mutual information of each band and its neighbor bands as the weights of the proposed kernel method. The experimental results show that for the support vector machines based on polynomial and radial basis function, after introducing the proposed kernel function, the average accuracy is increased more than 1.2% without using any reference map or increasing much more computational time.     

FEW-NNN: A Fuzzy Entropy Weighted Natural Nearest Neighbor Method for Flow-Based Network Traffic Attack Detection

Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.     

Offiine traffic analysis system based on Hadoop

Offiine network traffic analysis is very important for an in-depth study upon the understanding of network conditions and characteristics, such as user behavior and abnormal traffic. With the rapid growth of the amount of information on the Intemet, the traditional stand-alone analysis tools face great challenges in storage capacity and computing efficiency, but which is the advantages for Hadoop cluster. In this paper, we designed an offiine traffic analysis system based on Hadoop （OTASH）, and proposed a MapReduce-based algorithm for TopN user statistics. In addition, we studied the computing performance and failure tolerance in OTASH. From the experiments we drew the conclusion that OTASH is suitable for handling large amounts of flow data, and are competent to calculate in the case of single node failure.     

PPP： Towards Parallel Protocol Parsing

Network traffic classification plays an important role and benefits many practical network issues, such as Next-Generation Firewalls （NGFW）, Quality of Service （QoS）, etc. To face the challenges brought by modern high speed networks, many inspiring solutions have been proposed to enhance traffic classification. However, taking many factual network conditions into consideration, e.g., diversity of network environment, traffic classification methods based on Deep Inspection （DI） technique still occupy the top spot in actual usage. In this paper, we propose a novel classification system employing Deep Inspection technique, aiming to achieve Parallel Protocol Parsing （PPP）. We start with an analytical study of the existing popular DI methods, namely, regular expression based methods and protocol parsing based methods. Motivated by their relative merits, we extend traditional protocol parsers to achieve parallel matching, which is the representative merit of regular expression. We build a prototype system, and evaluation results show that significant improvement has been made comparing to existing open-source solutions in terms of both memory usage and throughput.     

Adaptive and Dynamic Mobile Phone Data Encryption Method

To enhance the security of user data in the clouds, we present an adaptive and dy- namic data encryption method to encrypt user data in the mobile phone before it is uploaded. Firstly, the adopted data encryption algorithm is not static and uniform. For each encryption, this algorithm is adaptively and dynamically selected from the algorithm set in the mobile phone encryption system. From the mobile phone＇s character, the detail encryption algo- rithm selection strategy is confirmed based on the user＇s mobile phone hardware information, personalization information and a pseudo-ran- dom number. Secondly, the data is rearranged with a randomly selected start position in the data before being encrypted. The start posi- tion＇s randomness makes the mobile phone data encryption safer. Thirdly, the rearranged data is encrypted by the selected algorithm and generated key. Finally, the analysis shows this method possesses the higher security be- cause the more dynamics and randomness are adaptively added into the encryption process.     

Packet scheduling for OFDMA based relay networks

The combination of relay networks with orthogonal frequency division multiple access （OFDMA） has been proposed as a promising solution for the next generation wireless system. Considering different traffic classes and user quality of service （QoS）, three efficient scheduling algorithms are introduced in such networks. The round-robin （RR） algorithm in relay networks serves as a performance benchmark. Numerical results show that the proposed algorithms achieve significant improvement on system throughput and decrease system packet loss rate, compared with the RR and absence of relaying system （traditional network）. Furthermore, comparisons have been carried out among the three proposed algorithms.     

混合ossiocs网络中基于突发插空的传输机制(英文)

Hybrid optical switching networks make full use of the advantages of Optical Circuit Switching(OCS)and Optical Burst Switching(OBS).In parallel hybrid optical switching networks,edge nodes choose a switching mode for traffic and no longer change.The inflexible decision making of the traffic transfer mode leads to low resource utilization when the arrival rate of the OCS traffic is lower than the capacity of the light path.In this paper,a new transmission scheme is proposed to improve resource utilization for hybrid optical switching networks.When the traffic arrival rate of the light path is lower than the transmission rate of the light path,the OCS traffic flow is reshaped at the edge nodes to generate a series of voids.Then,several message packets are sent along the light path to inform the core nodes of the voids of the light paths that represent the unused bandwidth resources.To improve the resource utilization,the voids can be filled with data bursts by core nodes.The simulation results show that the new scheme can effectively reduce the burst loss rate and improve the link utilization of the hybrid optical switching network on the premise of a providing service quality guarantee for OCS traffic.     

A quantum multiple access communications scheme using orbital angular momentum

We propose a quantum multiple access communications scheme using Orbital Angular Momentum (OAM) sector states in the paper. In the scheme, each user has an individual modified Poincare Bloch sphere and encodes his information with his own corresponding sector OAM states. A prepared entangled photon pairs are separated at transmitter and receiver. At the transmitter, each user encodes his information with the sector OAM states on the photons and the superposition of the different sector OAM states is carried by the photons. Then the photons are transmitted through quantum noiseless channel to the receiver. At the receiver, each user could retrieve his information by coincidently measuring the transmitted photons with the receiver side photons which are modulated by a special prepared measurement basis. The theoretical analysis and the numerical simulations show that each user could get his information from the superposition state without error. It seems that this scheme provides a novel method for quantum multiple users communications.     

OpenFIow Based Flow Slice Load Balancing

Today＇s data center networks are designed using densely interconnected hosts in the data center.There are multiple paths between source host and destination server.Therefore,how to balance traffic is key issue with the fast growth of network applications.Although lots of load balancing methods have been proposed,the traditional approaches cannot fully satisfy the requirement of load balancing in data center networks.The main reason is the lack of efficient ways to obtain network traffic statistics from each network device.As a solution,the OpenFlow protocol enables monitoring traffic statistics by a centralized controller.However,existing solutions based on OpenFlow present a difficult dilemma between load balancing and packet reordering.To achieve a balance between load balancing and packet reordering,we propose an OpenFlow based flow slice load balancing algorithm.Through introducing the idea of differentiated service,the scheme classifies Internet flows into two categories：the aggressive and the normal,and applies different splitting granularities to the two classes of flows.This scheme improves the performance of load balancing and also reduces the number of reordering packets.Using the trace-driven simulations,we show that the proposed scheme gains over 50%improvement over previous schemes under the path delay estimation errors,and is a practical and efficient algorithm.     

BPR-UserRec:a personalized user recommendation method in social tagging systems

Social tagging is one of the most important characteristics of Web 2.0 services, and social tagging systems (STS) are becoming more and more popular for users to annotate, organize and share items on the Web. Moreover, online social network has been incorporated into social tagging systems. As more and more users tend to interact with real friends on the Web, personalized user recommendation service provided in social tagging systems is very appealing. In this paper, we propose a personalized user recommendation method, and our method handles not only the users’ interest networks, but also the social network information. We empirically show that our method outperforms a state-of-the-art method on real dataset from Last.fm dataset and Douban.