|
Student: Daniel Nechay, M. Eng Student
Researcher: Dr. Yvan Pointurier
Supervisor: Prof. Mark Coates
Abstract: Classifying traffic flows online into applications or broader classes without looking at the packet payloads or without relying on port numbers has become a necessity for network
operators who need to monitor their networks and provide per-class quality of service. This traffic classification problem has received much attention recently and several machine learning techniques have
been proposed. While the current techniques perform well overall in classifying traffic and make relatively few misclassifications, providing performance guarantees for particular classes of interest has
never been addressed. In this paper, we provide two kinds of online traffic classifiers that can provide performance guarantees on the false alarm and false discovery rates, respectively. These guarantees
can be for a particular class (class-wise) or between two classes (pair-wise). Controlling false alarm rates is well-suited for application prioritization (i.e. prioritize time-sensitive applications like
VoIP over HTTP) whereas controlling false discovery rates is well suited for blocking or rate-limiting a targeted class of traffic (i.e. Peer-to-Peer). The classifier that provides false alarm rate guarantees
is based on a Neyman-Pearson classification framework while the classifier that provides false discovery rate guarantees is based on the Learning to Satisfy (LSAT) framework. Both of these classifiers are
implemented using a machine learning technique, namely, a 2-nu Support Vector Machine (SVM). Moreover, all previous work done with these two statistical methodologies focused on binary classification only;
we extend these statistical methodologies to a multi-class setting. In addition to the regular application classification problem; we also present a binary LSAT classifier that can detect, after the
reception of only a handful of packets, whether a flow will be 'large' (as defined by a network operator). This large flow detector can act as a preprocessor for regular application classifiers. By allowing
only large flows to be passed to the classifier, this allows the classifier to focus on the more resource-intensive flows. We validate our work by testing our approaches using data provided by an ISP.
[Full Description] [Paper (pdf format)]
|