TCP traffic classification using Markov models

Gerhard Münz; Hui Dai; Lothar Braun; Georg Carle

doi:10.1007/978-3-642-12365-8_10

TCP traffic classification using Markov models

Gerhard Münz, Hui Dai, Lothar Braun, Georg Carle

Informatics 8 - Chair of Network Architectures and Services

Technical University of Munich

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

This paper presents a novel traffic classification approach which classifies TCP connections with help of observable Markov models. As traffic properties, payload length, direction, and position of the first packets of a TCP connection are considered. We evaluate the accuracy of the classification approach with help of packet traces captured in a real network, achieving higher accuracies than the cluster-based classification approach of Bernaille [1]. As another advantage, the complexity of the proposed Markov classifier is low for both training and classification. Furthermore, the classification approach provides a certain level of robustness against changed usage of applications.

Original language	English
Title of host publication	Traffic Monitoring and Analysis - Second International Workshop, TMA 2010, Proceedings
Pages	127-140
Number of pages	14
DOIs	https://doi.org/10.1007/978-3-642-12365-8_10
State	Published - 2010
Event	2nd International Workshop on Traffic Monitoring and Analysis, TMA 2010 - Zurich, Switzerland Duration: 7 Apr 2010 → 7 Apr 2010

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6003 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	2nd International Workshop on Traffic Monitoring and Analysis, TMA 2010
Country/Territory	Switzerland
City	Zurich
Period	7/04/10 → 7/04/10

Access to Document

10.1007/978-3-642-12365-8_10

Cite this

Münz, G., Dai, H., Braun, L., & Carle, G. (2010). TCP traffic classification using Markov models. In Traffic Monitoring and Analysis - Second International Workshop, TMA 2010, Proceedings (pp. 127-140). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6003 LNCS). https://doi.org/10.1007/978-3-642-12365-8_10

@inproceedings{101bba1a3e8e4d519d034c5acea8f855,

title = "TCP traffic classification using Markov models",

abstract = "This paper presents a novel traffic classification approach which classifies TCP connections with help of observable Markov models. As traffic properties, payload length, direction, and position of the first packets of a TCP connection are considered. We evaluate the accuracy of the classification approach with help of packet traces captured in a real network, achieving higher accuracies than the cluster-based classification approach of Bernaille [1]. As another advantage, the complexity of the proposed Markov classifier is low for both training and classification. Furthermore, the classification approach provides a certain level of robustness against changed usage of applications.",

author = "Gerhard M{\"u}nz and Hui Dai and Lothar Braun and Georg Carle",

year = "2010",

doi = "10.1007/978-3-642-12365-8\_10",

language = "English",

isbn = "3642123643",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "127--140",

booktitle = "Traffic Monitoring and Analysis - Second International Workshop, TMA 2010, Proceedings",

note = "2nd International Workshop on Traffic Monitoring and Analysis, TMA 2010 ; Conference date: 07-04-2010 Through 07-04-2010",

}

Münz, G, Dai, H, Braun, L & Carle, G 2010, TCP traffic classification using Markov models. in Traffic Monitoring and Analysis - Second International Workshop, TMA 2010, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6003 LNCS, pp. 127-140, 2nd International Workshop on Traffic Monitoring and Analysis, TMA 2010, Zurich, Switzerland, 7/04/10. https://doi.org/10.1007/978-3-642-12365-8_10

TCP traffic classification using Markov models. / Münz, Gerhard; Dai, Hui; Braun, Lothar et al.
Traffic Monitoring and Analysis - Second International Workshop, TMA 2010, Proceedings. 2010. p. 127-140 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6003 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - TCP traffic classification using Markov models

AU - Münz, Gerhard

AU - Dai, Hui

AU - Braun, Lothar

AU - Carle, Georg

PY - 2010

Y1 - 2010

N2 - This paper presents a novel traffic classification approach which classifies TCP connections with help of observable Markov models. As traffic properties, payload length, direction, and position of the first packets of a TCP connection are considered. We evaluate the accuracy of the classification approach with help of packet traces captured in a real network, achieving higher accuracies than the cluster-based classification approach of Bernaille [1]. As another advantage, the complexity of the proposed Markov classifier is low for both training and classification. Furthermore, the classification approach provides a certain level of robustness against changed usage of applications.

AB - This paper presents a novel traffic classification approach which classifies TCP connections with help of observable Markov models. As traffic properties, payload length, direction, and position of the first packets of a TCP connection are considered. We evaluate the accuracy of the classification approach with help of packet traces captured in a real network, achieving higher accuracies than the cluster-based classification approach of Bernaille [1]. As another advantage, the complexity of the proposed Markov classifier is low for both training and classification. Furthermore, the classification approach provides a certain level of robustness against changed usage of applications.

UR - https://www.scopus.com/pages/publications/77952048799

U2 - 10.1007/978-3-642-12365-8_10

DO - 10.1007/978-3-642-12365-8_10

M3 - Conference contribution

AN - SCOPUS:77952048799

SN - 3642123643

SN - 9783642123641

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 127

EP - 140

BT - Traffic Monitoring and Analysis - Second International Workshop, TMA 2010, Proceedings

T2 - 2nd International Workshop on Traffic Monitoring and Analysis, TMA 2010

Y2 - 7 April 2010 through 7 April 2010

ER -

TCP traffic classification using Markov models

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this