共查询到20条相似文献,搜索用时 15 毫秒
1.
An accurate mapping of Internet traffic to applications can be important for a broad range of network management and measurement tasks, including traffic engineering, service differentiation, performance/failure monitoring and security. Traditional mapping approaches have become increasingly inaccurate because many applications use non-default or ephemeral port numbers, use well-known port numbers associated with other applications, change application signatures or use traffic encryption. In this paper we will demonstrate that multiscale traffic analysis based on multi-order wavelet spectrum can be used as a discriminator of Internet applications traffic profiles. By performing clustering analysis over the multiscale wavelet spectrum coefficients that are inferred from the measured traffic, the proposed methodology is able to efficiently differentiate different IP applications without using any payload information. This characteristic will allow the differentiation of traffic flows in unencrypted and encrypted scenarios. In order to compare the differentiating potential of different traffic application data, upload, download and joint upload and download flow statistics are considered to evaluate the identification approach for each selected protocol. Moreover, we also evaluate which timescales and spectrum orders are more relevant for the traffic differentiation. From the analysis of the obtained results we can conclude that the proposed methodology is able to achieve good identification results using a small set of timescales of a single order wavelet spectrum of a general raw traffic statistic. 相似文献
2.
Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network 下载免费PDF全文
Meng Yue Liang Liu Zhijun Wu Minxiao Wang 《International Journal of Communication Systems》2018,31(2)
As a special type of denial of service (DoS) attacks, the TCP‐targeted low‐rate denial of service (LDoS) attacks have the characteristics of low average rate and strong concealment, so it is difficult to identify such attack traffic. As multifractal characteristics exist in network traffic, a new identification approach based on wavelet transform and combined neural network is proposed to classify normal network traffic and LDoS attack traffic. Wavelet energy spectrum coefficients extracted from the sampled traffic are used for multifractal analysis of traffic over different time scale. The combined neural network is designed to classify these multiscale spectrum coefficients that show different multifractal characteristics belonging to normal network traffic and LDoS attack traffic. Test results of test‐bed experiments indicate that the proposed approach can identify LDoS attack traffic accurately. 相似文献
3.
Internet traffic classification plays an important role in network management. Many approaches have been proposed to classify different categories of Internet traffic. However, these approaches have specific usage contexts that restrict their ability when they are applied in the current network environment. For example, the port based approach cannot identify network applications with dynamic ports; the deep packet inspection approach is invalid for encrypted network applications; and the statistical based approach is time-consuming. In this paper, a novel technique is proposed to classify different categories of network applications. The port based, deep packet inspection based and statistical based approaches are integrated as a multistage classifier. The experimental results demonstrate that this approach has high recognition rate which is up to 98% and good performance of real-time for traffic identification. 相似文献
4.
Aiming at the problem that a large number of unknown protocols exist in the Internet,which makes it very difficult to manage and maintain the network security,a classification and identification method of unknown protocols was proposed.Combined with the autoencoder technology and the improved K-means clustering technology,the unknown protocol was classified and identified for the network traffic.The autoencoder was used to reduce dimensionality and select features of network traffic,clustering technology was used to classify the dimensionality reduction data unsupervised,and finally unsupervised recognition and classification of network traffic were realized.Experimental results show that the classification effect is better than the traditional K-means,DBSCAN,GMM algorithm,and has higher efficiency. 相似文献
5.
为有效定位识别和提取网络流量序列的暂态性异常特征,针对网络异常流量特征扰动性和暂态性特点,提出一种基于小波分解的二叉分类回归决策树主分量特征优化跟踪特征提取算法。利用训练集建立决策树模型,采用二叉分类回归决策树模型进行主分量特征优化跟踪建模,利用双正交提升小波分解得到的各层细节信号对暂态性扰动特征的敏感性,通过小波分解得到各层细节信号,将提取的小波分层细节信号的奇异值分解特征再返回到决策树主分量特征优化跟踪模型中,实现网络流量异常特征的定位提取和识别。仿真实验表明,改进算法的抗干扰能力和分辨率提高显著,暂态性异常特征谱图分辨能力提高,异常特征分布谱清晰可见,展示了较好的特征提取和状态识别性能。 相似文献
6.
7.
As a special type of distributed denial of service (DDoS) attacks, the low-rate DDoS (LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditional approaches. Through signal analysis, a new identification approach based on wavelet decomposition and sliding detecting window is proposed. Wavelet decomposition extracted from the traffic are used for multifractal analysis of traffic over different time scale. The sliding window from flow control technology is designed to identify the normal and abnormal traffic in real-time. Experiment results show that the proposed approach has advantages on detection accuracy and timeliness. 相似文献
8.
Jun Li Shunyi Zhang Cuilian Li Junrong Yan 《International Journal of Network Management》2010,20(2):85-105
Accurate and real‐time classification of network traffic is significant to a number of network operation and management tasks such as quality of service differentiation, traffic shaping and security surveillance. However, with emerging P2P applications using dynamic port numbers, IP masquerading techniques and payload encryption, accurate and intelligent traffic classification continues to be a big challenge despite a wide range of research work on the topic. Since each classification method has its disadvantages and hardly could meet the specific requirement of Internet traffic classification, this paper innovatively presents a composite traffic classification system. The proposed lightweight system can accurately and effectively identify Internet traffic with good scalability to accommodate both known and unknown/encrypted applications. Furthermore, It promises to satisfy various Internet uses and is feasible for use in real‐time line speed applications. Our experimental results show the distinct advantages of the proposed classification system. Copyright © 2009 John Wiley & Sons, Ltd. 相似文献
9.
This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered a system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good indication of attack detection. Aggregated traffic has been found to be strong bursty across a wide range of time scales. Wavelet analysis is able to capture complex temporal correlation across multiple time scales with very low computational complexity. We utilize energy distribution based on wavelet analysis to detect DDoS attack traffic. Energy distribution over time will have limited variation if the traffic keeps its behavior over time (i.e. attack-free situation) while an introduction of attack traffic in the network will elicit significant energy distribution deviation in a short time period. Our experimental results with typical Internet traffic trace show that energy distribution variance markedly changes, causing a spike when traffic behaviors are affected by DDoS attack. In contrast, normal traffic exhibits a remarkably stationary energy distribution. In addition, this spike in energy distribution variance can be captured in the early stages of an attack, far ahead of congestion build-up, making it an effective detection of the attack. 相似文献
10.
Accurate and real-time classification of network traffic is significant to network operation and management such as QoS differentiation, traffic shaping and security surveillance. However, with many newly emerged P2P applications using dynamic port numbers, masquerading techniques, and payload encryption to avoid detection, traditional classification approaches turn to be ineffective. In this paper, we present a layered hybrid system to classify current Internet traffic, motivated by variety of network activities and their requirements of traffic classification. The proposed method could achieve fast and accurate traffic classification with low overheads and robustness to accommodate both known and unknown/encrypted applications. Furthermore, it is feasible to be used in the context of real-time traffic classification. Our experimental results show the distinct advantages of the proposed classification system, compared with the one-step Machine Learning (ML) approach. 相似文献
11.
一种基于小波变换和FIR神经网络的广域网网络流量预测模型 总被引:3,自引:1,他引:2
该文提出了一种基于小波变换和FIR神经网络的广域网网络流量预测模型,首先采用小波分解把网络流量数据分解成小波系数和尺度系数,即高频系数和低频系数,将这些不同频率成分的系数单支重构为高频流量分量和低频流量分量,利用FIR神经网络对这些分量分别进行预测,将合成之后的结果作为原始网络流量的预测。实验结果表明:采用该模型对实际的广域网网络流量数据进行预测,不仅可以得到较快的收敛效果,而且预测性能比现有的小波神经网络和FIR神经网络要好得多。 相似文献
12.
Sung‐Ho Yoon Jun‐Sang Park Baraka D. Sija Mi‐Jung Choi Myung‐Sup Kim 《International Journal of Network Management》2017,27(1)
Various traffic identification methods have been proposed with the focus on application‐level traffic analysis. Header signature–based identification using the 3‐tuple (Internet Protocol address, port number, and L4 protocol) within a packet header has garnered a lot of attention because it overcomes the limitations faced by the payload‐based method, such as encryption, privacy concerns, and computational overhead. However, header signature–based identification does have a significant flaw in that the volume of header signatures increases rapidly over time as a number of applications emerge, evolve, and vanish. In this article, we propose an efficient method for header signature maintenance. Our approach automatically constructs header signatures for traffic identification and only retains the most significant signatures in the signature repository to save memory space and to improve matching speed. For the signature maintenance, we define a new metric, the so‐called signature weight, that reflects its potential ability to identify traffic. Signature weight is periodically calculated and updated to adapt to the changes of network environment. We prove the feasibility of the proposed method by developing a prototype system and deploying it in a real operational network. Finally, we prove the superiority of our signature maintenance method through comparison analysis against other existing methods on the basis of various evaluation metrics. 相似文献
13.
Accurate and real-time classification of network traffic is significant to network operation and management such as QoS differentiation,
traffic shaping and security surveillance. However, with many newly emerged P2P applications using dynamic port numbers, masquerading
techniques, and payload encryption to avoid detection, traditional classification approaches turn to be ineffective. In this
paper, we present a layered hybrid system to classify current Internet traffic, motivated by variety of network activities
and their requirements of traffic classification. The proposed method could achieve fast and accurate traffic classification
with low overheads and robustness to accommodate both known and unknown/encrypted applications. Furthermore, it is feasible
to be used in the context of real-time traffic classification. Our experimental results show the distinct advantages of the
proposed classification system, compared with the one-step Machine Learning (ML) approach.
Communication author: Li Jun, born in 1971, female, Ph.D. candidate, Associate Professor. Nanjing University of Posts and
Telecommunications, Nanjing 210003, China. 相似文献
14.
15.
Multipath routing mechanism is vital for reliable packet delivery, load balance, and flexibility in the open network because its topology is dynamic and the nodes have limited capability. This article proposes a new multipath switch approach based on traffic prediction according to some characteristics of open networks. We use wavelet neural network (WNN) to predict the node traffic because the method has not only good approximation property of wavelet, but also self-learning adaptive quality of neural network. When the traffic prediction indicates that the primary path is a failure, the alternate path will be occupied promptly according to the switch strategy, which can save time for the switch in advance. The simulation results show that the presented traffic prediction model has better prediction accuracy; and the approach based on the above model can balance network load, prolong network lifetime, and decrease the overall energy consumption of the network. 相似文献
16.
随着互联网技术的不断发展以及网络规模的不断扩大,应用的类别纷繁复杂,新型应用层出不穷。为了保障用户服务质量(QoS)并确保网络安全,准确快速的流量分类是运营商及网络管理者亟须解决的问题。首先给出网络流量分类的问题定义和性能指标;然后分别介绍基于机器学习和基于深度学习的流量分类方法,分析了这些方法的优缺点,并对现存问题进行阐述;接着围绕流量分类线上部署时会遇到的3个问题:数据集问题、新应用识别问题、部署开销问题对相关工作进行阐述与分析,并进一步探讨目前网络流量分类研究面临的挑战;最后对网络流量分类下一步的研究方向进行展望。 相似文献
17.
18.
The pervasive game environments have activated explosive growth of the Internet over recent decades. Thus, understanding Internet traffic characteristics and precise classification have become important issues in network management, resource provisioning, and game application development. Naturally, much attention has been given to analyzing and modeling game traffic. Little research, however, has been undertaken on the classification of game traffic. In this paper, we perform an interpretive traffic analysis of popular game applications at the transport layer and propose a new classification method based on a simple decision tree, called an alternative decision tree (ADT), which utilizes the statistical traffic characteristics of game applications. Experimental results show that ADT precisely classifies game traffic from other application traffic types with limited traffic features and a small number of packets, while maintaining low complexity by utilizing a simple decision tree. 相似文献
19.
An efficient method of P2P traffic identification based on wavelet packet decomposition and kernel principal component analysis 下载免费PDF全文
Peer‐to‐peer (P2P) traffic identification is currently an important challenge to network management and measurement. Many approaches based on statistics have been proposed to identify P2P traffic. However, flow features extracted by traditional methods are rough and one‐sided, which might lead to inaccuracy identification of network traffic. Besides, P2P traffic has too many statistical features, which is a challenge to the time complexity and space complexity of the classifier. This work focuses on the study of flow features. First, micro features of flow signals are extracted based on wavelet packet decomposition, and we combine them with the traditional features into combination features. The experimental results show that combination features have better performance than traditional features for P2P traffic identification, and 16 kinds of wavelet functions were tested to find the best one. Second, a feature reduction algorithm based on improved kernel principal component analysis is provided. The results show that the feature reduction algorithm proposed in this paper plays good performance to P2P traffic identification, because it could greatly reduced the number of features while having no affection on identification accuracy. Copyright © 2012 John Wiley & Sons, Ltd. 相似文献
20.
Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult when many applications use dynamic port numbers, masquerading techniques, and encryption to avoid detection. In this article, an approach is presented for online traffic classification relying on the observation of the first n packets of a transmission control protocol (TCP) connection. Its key idea is to utilize the properties of the observed first ten packets of a TCP connection and Bayesian network method to build a classifier. This classifier can classify TCP flows dynamically as packets pass through it by deciding whether a TCP flow belongs to a given application. The experimental results show that the proposed approach performs well in online Internet traffic classification and that it is superior to naive Bayesian method. 相似文献