| Traffic Labeller: Collecting Internet Traffic Samples with Accurate Application Information |
| |
| 基金项目: | ACKNOWLEDGEMENT This research was partially supported by the National Basic Research Program of China (973 Program) under Grant No. 2011CB30- 2605; the National High Technology Research and Development Program of China (863 Pro- gram) under Grant No. 2012AA012502; the National Key Technology Research and Dev- elopment Program of China under Grant No. 2012BAH37B00; the Program for New Cen- tury Excellent Talents in University under Gr- ant No. NCET-10-0863; the National Natural Science Foundation of China under Grants No 61173078, No. 61203105, No. 61173079, No. 61070130, No. 60903176; and the Provincial Natural Science Foundation of Shandong under Grants No. ZR2012FM010, No. ZR2011FZ001, No. ZR2010FM047, No. ZR2010FQ028, No. ZR2012FQ016. |
| |
| 摘 要: | Traffic classification research has been suffering from a trouble of collecting acc- urate samples with ground truth. A model named Traffic Labeller (TL) is proposed to solve this problem. TL system captures all user socket calls and their corresponding applica- tion process information in the user mode on a Windows host. Once a sending data call has been captured, its 5-tuple {source IP, destina- tion IP, source port, destination port and tra- nsport layer protocol}, associated with its ap- plication information, is sent to an intermedi- ate NDIS driver in the kernel mode. Then the intermediate driver writes application type inf- ormation on TOS field of the IP packets which match the 5-tuple. In this way, each IP packet sent from the Windows host carries their ap- plication information. Therefore, traffic sam- ples collected on the network have been lab- elled with the accurate application information and can be used for training effective traffic classification models.
|
| 关 键 词: | 应用信息 网络流量 贴标机 收集 交通 Windows 中间驱动程序 采样 |
| 本文献已被 维普 等数据库收录! |
|
