Improving Markov-Based TCP Traffic Classification

Date Added: Feb 2011
Format: PDF

This paper presents an improved variant of the authors' Markov-based TCP traffic classifier and demonstrates its performance using traffic captured in a university network. Payload length, flow direction, and position of the first data packets of a TCP connection are reflected in the states of the Markov models. In addition, the authors integrate a new "End of connection" state to further improve the classification accuracy. Using 10-fold cross validation, they identify appropriate settings for the payload length intervals and the number of data packets considered in the models. Finally, they discuss the classification results for the different applications.