| Network traffic Analysis plays a fundamental role in understanding,managing and optimizing network resource. The discovery of self-similarityand non-linearity of traffic challenges traditional network theory and makestraffic analysis very difficult. In this paper, it is studied from machinelearning point of view. The focus of this thesis is how the learningalgorithm can utilize the measured traffic data to improve analysisperformance.Firstly, based on the characters of network traffic analysis, a machinelearning based concept model for traffic analysis is proposed. The modelaims to maximally make use of the information from both measured data andpeople's supervision;to performance analysis tasks automatically;and tosupport various applications as well as to optimize network resource. Onthe other hand, by means of active learning, the model can help to guideactive measurement.Secondly, network traffic prediction is studied from learning point ofview. Several learning algorithms are proposed, including support vectormachine classification based prediction algorithm;boosting regression basedprediction algorithm;and boosting classification based prediction algorithm.For boosting based algorithm, we design different base learners to take intoaccount the non-linearity within traffic. Moreover, to make use ofcorrelation structure within self-similarity, two different schemes areproposed and compared. To address the over-fitting problem, an adaptiveweight update scheme is proposed.Thirdly, anomaly network traffic detection is studied from learning pointof view. A kernel principle component analysis algorithm as well as itssimplified version is proposed. By taking into account the non-linearitywithin traffic, better anomaly detection performance is achieved. On theother hand, boosting is introduced into anomaly detection. Two differentmodels are considered in base learner design stage: probability densityfunction estimation and confident area estimation.In this thesis, network traffic analysis is studied form machine learningpoint of view. To be specific, two representative methods in learningcommunity are investigated, namely kernel based and boosting based methods.In terms of traffic analysis tasks, two important basic tasks both fromapplication side and from learning point of view are explored: trafficprediction and anomaly detection. Several learning algorithms are proposedtailored for the self-similar and non-linear nature of network traffic. Theeffectiveness of the proposed algorithms is validated by systematicexperimental results. The research in this thesis has instructional meaningin terms of the methodology for traffic analysis on CERNET. It haspractical value for various traffic prediction based applications as well as foranomaly traffic detection based network security. |
PDF Full Text Request