Online Classification of Network Flows

Date Added: Jul 2009
Format: PDF

Online classification of network traffic is very challenging and still an issue to be solved due to the increase of new applications and traffic encryption. In this paper, the authors propose a hybrid mechanism for online classification of network traffic, in which they apply a signature-based method at the first level, and then they take advantage of a learning algorithm to classify the remaining unknown traffic using statistical features. Their evaluation with over 250 thousand flows collected over three consecutive hours on a large-scale ISP network shows promising results in detecting encrypted and tunneled applications compared to other existing methods.