| Accurate traffic classification and restoring are applied to network security monitoring system, intrusion detection system and other network control systems. But it is a challenge for new application protocols are designed frequently with the development of network application. How to identify and restore the traffic application accurately and quickly is an issue currently. Based on the research of traffic classification and restoring techniques, this paper designed and implemented a traffic classification and real-time restoring system.Firstly, this paper proposed a semi-supervised classification method on the training dataset consisting of a few labeled and many unlabeled data. The method contains two steps: Affinity Propagation (AP) clustering algorithm was employed to partition a training dataset that mixed few labeled samples with abundant unlabeled samples. Then, available labeled samples were used to map each cluster to special application class. Experimental results showed that high accuracy could be achieved with a few labeled samples.Secondly, On the base of the deep study and analysis of various application protocols, This paper proposed a general protocol analysis frame work by using IPQeue of Linux Netfilter. It used multi-threading and multi-buffering techniques to improve real-time capability and the concurrency. It also improves the scalability of system by using Interface Slot.Finally, it constructed a parallel stack of IPCG Security Audit System by using traffic classification and restoring techniques, which can monitor and restore some instant messaging softwares (QQ, MSN, Fetion, etc) and Web. Experimental results showed that our system could be used in the small and medium scale LAN, which monitored the web browsing behavior safely and effectively in real time. |
PDF Full Text Request