| In recent years, Internet development is very rapid and its related technology is also increasingly mature, meanwhile all kinds of network application have brought great convenience to our daily life; so Internet users have an explosion growth. Internet has become an important part of our life, work and study and so on. More and more things around us would be to rely on the network to finish, for example, in our daily work, we need through the Internet to hold a important video conference with our customer or deliver an important documents; We also know a thing through Internet whether it happens around us or it happened Thousands of miles away; when we use IM or webmail to have a communication with our fiend and family, we also need the Internet to finish it; in our life, the network shopping is also implemented with the e-commerce and the Internet.Everything has two sides, the benefit and the disadvantage, so does Internet. At present the Internet shows increasingly complex trend of system structure and heterogeneity; more and more new applications and unknown protocol, even some of that use the package means to escape the corresponding monitoring, make network increasingly hard to manage; and along with the wide application of P2P protocol, Internet bandwidth still will be consumed by the P2P, even though Internet foundation bandwidth is more and more big, so this would seriously damage the traditional Internet application; besides network security also faces with great threat, various network malicious attacks, such as DDOS, botnet, worms, virus, and so on are severely harm to network services and information security and cause individual privacy information leaking, even the major confidential information leaking. So the classification of network flows becomes the basic and effective means of network management.There are three main categories of network flow classification, but all of them have their own defect. The classification method based on port has a very low efficiency because at present the increasing of dynamic port and the protocol packaging; the classification method based on the payload matching don’t only need a lot of computing resources but also is difficult to deal with the increasing of encryption protocols; the classification method based on the behavior statistics method can overcome such problems with a little computing resources, but it is hard to find new applications and its stability is poor.Therefore, with all kinds of reasons, we urgently need a high performance network flow classification system, which can overcome the mentioned shortcomings.In this paper, we adopt a mixed flow classification system, which is the combination of based on payload matching feature and based on the behavior statistics feature. We design a simple and formal mechanism to fuse the two classification method advantage, which can make the two flow classification system have a collaborative work and accomplish an efficient and accurate network flow classification. The main idea is:firstly using the based on payload matching classifier to classify the network flow and produce the training set; then train the based on behavior statistics classifier through the training set; finally combine the two classifiers and form a higher processing efficiency and accuracy mixed classifier. And after a period of time, train the based on behavior statistics classifier again. |
PDF Full Text Request