Dynamic Self-learning Traffic Classification based on Flow Characteristics (DSTC)
Overview
The dynamic classification and identification of network applications
responsible for the creation of traffic flows offers substantial
benefits to a number of key areas in IP network engineering, management
and surveillance. Currently such classifications rely on selected
packet header fields (e.g. port numbers) or application layer protocol
decoding.
These methods have a number of shortfalls e.g. many applications can
use unpredictable port numbers and protocol decoding requires a high
amount of computing resources or is simply infeasible where protocols
are unknown or encrypted. In this project we develop a novel method for
traffic classification and application identification using Machine Learning
(ML) techniques. The Machine Learning algorithm automatically
classifies traffic flows based on statistical flow characteristics
(features).
The project has the following goals:
- Identify and define suitable features for application traffic flow characterisation for a representative set of applications.
- Identify and evaluate suitable ML algorithms; if required (and possible) adapt chosen algorithm(s) to the specific problem.
- Identify an optimum feature set by evaluating the ML algorithms with different feature selection strategies.
- Identify the influence of different features on the classification.
- Characterise the performance requirements
for the proposed algorithms and investigate how/if they could be
integrated into future networking devices.
- Develop a prototype tool that implements the developed approach and can be used as demonstrator.
As part of this project we will develop and release tools for the data
gathering, feature computation and Machine Learning, and publish
interim results and papers on our website. The links on the left will
take you to additional information.
A prototype of our software is now available here.
Program Members
