Williams et al., 2006 - Google Patents
A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classificationWilliams et al., 2006
View PDF- Document ID
- 16171706774457845243
- Author
- Williams N
- Zander S
- Armitage G
- Publication year
- Publication venue
- ACM SIGCOMM Computer Communication Review
External Links
Snippet
The identification of network applications through observation of associated packet traffic flows is vital to the areas of network management and surveillance. Currently popular methods such as port number and payload-based identification exhibit a number of …
- 238000010801 machine learning 0 title abstract description 38
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6279—Classification techniques relating to the number of classes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
- G06K9/6232—Extracting features by transforming the feature space, e.g. multidimensional scaling; Mappings, e.g. subspace methods
- G06K9/6251—Extracting features by transforming the feature space, e.g. multidimensional scaling; Mappings, e.g. subspace methods based on a criterion of topology preservation, e.g. multidimensional scaling, self-organising maps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/14—Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning
- H04L41/142—Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning using statistical or mathematical methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
- G06K9/6228—Selecting the most significant subset of features
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/50—Network service management, i.e. ensuring proper service fulfillment according to an agreement or contract between two parties, e.g. between an IT-provider and a customer
- H04L41/5003—Managing service level agreement [SLA] or interaction between SLA and quality of service [QoS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/3061—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F17/30705—Clustering or classification
- G06F17/3071—Clustering or classification including class or cluster creation or modification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Williams et al. | A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification | |
| Williams et al. | Evaluating machine learning algorithms for automated network application identification | |
| Atli et al. | Anomaly-based intrusion detection using extreme learning machine and aggregation of network traffic statistics in probability space | |
| Bouzida et al. | Efficient intrusion detection using principal component analysis | |
| Amelio et al. | Correction for closeness: Adjusting normalized mutual information measure for clustering comparison | |
| US9729571B1 (en) | System, method, and computer program for detecting and measuring changes in network behavior of communication networks utilizing real-time clustering algorithms | |
| US8869276B2 (en) | Method and apparatus for whole-network anomaly diagnosis and method to detect and classify network anomalies using traffic feature distributions | |
| US7885791B2 (en) | Method for capturing local and evolving clusters | |
| Ren et al. | The efficient imputation method for neighborhood-based collaborative filtering | |
| Zhang et al. | ProWord: An unsupervised approach to protocol feature word extraction | |
| Bacquet et al. | Genetic optimization and hierarchical clustering applied to encrypted traffic identification | |
| Liu et al. | A novel algorithm for encrypted traffic classification based on sliding window of flow's first N packets | |
| Takyi et al. | Clustering techniques for traffic classification: A comprehensive review | |
| Perona et al. | Service-independent payload analysis to improve intrusion detection in network traffic | |
| CN119557861A (en) | Abnormal analysis method, device and electronic device for user login behavior | |
| Aziz et al. | Cluster Analysis-Based Approach Features Selection on Machine Learning for Detecting Intrusion. | |
| Tian et al. | A dynamic online traffic classification methodology based on data stream mining | |
| Panda et al. | SOME CLUSTERING ALGORITHMS TO ENHANCE THE PERFORMANCE OF THE NETWORK INTRUSION DETECTION SYSTEM. | |
| Raveendran et al. | A novel aggregated statistical feature based accurate classification for internet traffic | |
| SE | Survey of traffic classification using machine learning | |
| Ghofrani et al. | A new probabilistic classifier based on decomposable models with application to internet traffic | |
| Castrillo et al. | Dynamic structural similarity on graphs | |
| Lei et al. | Optimizing traffic classification using hybrid feature selection | |
| Li et al. | Identifying skype traffic by random forest | |
| Williams et al. | Evaluating machine learning methods for online game traffic identification |