| There has been a rapid development in the area of the information technology in recent year. The application of many newly-emerged technologies, especially the TCP/IP protocol based Internet, has brought great changes to our daily life, and the Internet is becoming one of the most important infrastructures to the world in this information age. With the development of network technology and the unceasing increase of network bandwidth, traffic classification as the basis for network management and network analysis has shown its prominent prospect in the field of network security, and network service quality assessment. For this reason innovations have been sought for by scientist, researchers and engineers.Internet traffic is very complex as it involves many interlinked entities, mainframes, networks, applications, etc. Since every network application has its own characteristics of traffic behavior and new types of network applications are being applied one after another, the behavior of network traffic is more and more complex due to the increased volatility and heterogeneity. Meanwhile, the wide application of new technologies such as dynamic port transmission, and data transmission encryption is also adding extra challenges to traffic classification. Furthermore, their behaviors vary from region to region and time to time, this particular feature exerts impacts on the network traffic identification. This thesis includes a historical review of the network classification methods, as well as the achievements made during different stages of the development. The research works by the ISO and other scientists in this area are summarized and their highlights are commented. The importance of network traffic classification and recognition is addressed in the context of the rapid development of networks. In hope of improving the performance of traffic classification, the author has studied the key problems that exist in the field, methods for network traffic classification and identifications and the modeling, the identification and analysis of traffic types, etc. The following achievements have been made:(1) Network traffic classification and recognition method based on Bayesian updating. Adjustments must be made to the classification algorithms according to the change of data and traffic behavior over time, however no such considerations are made in the existing traffic classification methods. In this thesis, a technique based on the Bayesian algorithm is proposed, in which the classification model is updated with new datasets. This updating mechanism can enhance the overall performance of the classification model, and ensures the data consistency and the stability of model application.(2) Study on traffic classification and recognition methods based on the neural networks. ’Noise’ will unavoidably appear as the network data vary over time. A new classification method has been devised based on the neural networks, for which are by nature tolerant of network noise and capable of auto-adapting and auto-organizing. A classification algorithm based on neural network with supervised learning is proposed, in which the Bayesian regularization principle and FCBF attribute selection algorithm are applied to improve the overall accuracy of the classification. Moreover, a neural network classification method combining the SOM and PNN model is proposed, which improves the classification efficiency by computing the input space dimensions for PNN using SOM and enhances the classification accuracy Probabilistic neural network by means of retaining the characteristics of the training samples. The employment of PNN overcomes the drawback of SOM incapable of outputting classification results, which is a particularly desired feature in practice. Both theoretic analysis and experimental test runs have shown that with proper adjustment of the parameters the identification performance can be improved and accurate classification can be achieved.(3) Research on network traffic classification and identification method based on spectral clustering. The approach is to convert the network traffic classification problem to a multiple paths partition one of undirected graph, then apply the Laplacian matrix, and finally solve the classification problem using the graph theory. Experimental results have shown that it has satisfying classification accuracy, more importantly; clustering can find the new types of network applications that supervised leaning cannot.(4) Research on classification and recognition method based on semi-supervised machine learning. The network application types of flow are marked and labeled as reorganization information for identification by analyzing the effective payloads, and the unlabeled types of flow are identified using the proposed clustering algorithm. The algorithm takes account into the need for global consistency of the sample data, and selection of cluster centroid and K-means clustering algorithms using density-sensitive similarity functions have been optimized for better clustering performance; in the meantime then maximum-likelihood estimation is employed to label the clustering results before they are matched with correspondent application types or protocols. Experimental results show that this algorithm improved the accuracy and efficiency of network traffic classification.(5) Analysis of the network transmission behaviors and dynamical changes of network traffic flows through a macroscopic flow based model. The actual traffic characteristics were informed from a macro perspective, and to provide more auxillary information for network traffic classification and identification. Experimental results show that the macro-level quantitative analysis of network traffic behavior can help discover the pattern of network traffic behavior on the macro level, and thus provide better support for network administration activities, such as network congestion control, traffic balance management, analysis and forecast of network performance, design and implementation of high-performance network protocols.
|
PDF Full Text Request