Classification of Internet Traffic Data Using Ensemble Method

  • N. ManjuEmail author
  • B. S. Harish
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1119)


Accurate traffic classification is critical in network security and traffic engineering. Traditional methods based on port numbers and payload have proved to be ineffective in terms of dynamic port allocation and packet encapsulation. These methods also fail if the data is encrypted. In this work, we propose a ensemble method using (a) extra-tree-based feature selection, (b) support vector machines (SVMs) for classification of Internet traffic using various kernels, and finally (c) ensemble of SVM classifier using major voting technique. The method classifies the Internet traffic into broad application categories according to the network flow parameters obtained from the packet headers. We first compare three types of SVM kernels, i.e., linear, polynomial, and radial basis function (RBF) kernels. Later, we combine all the three kernels through majority voting (ensemble) method. In most of the cases, ensemble method gives better result compared with all other kernel methods.


Internet traffic Feature selection Ensemble Classification 


  1. 1.
    Zander, S., Nguyen, T., Armitage, G.: Automated traffic classification and application identification using machine learning. In: The IEEE Conference on Local Computer Networks 30th Anniversary (LCN’05) vol. l, pp. 250–257. IEEE (2005)Google Scholar
  2. 2.
    Vigna, G., Robertson, W., Balzarotti, D.: Testing network-based intrusion detection signatures using mutant exploits. In: Proceedings of the 11th ACM conference on Computer and communications security, pp. 21–30 (2004)Google Scholar
  3. 3.
    Shon, T., Moon, J.: A hybrid machine learning approach to network anomaly detection. Inf. Sci. 177(18), 3799–3821 (2007)CrossRefGoogle Scholar
  4. 4.
    Nguyen, TTT., Armitage, G., Branch, O., Zander, S.: Timely and continuous machine-learning-based classification for interactive IP traffic. IEEE/ACM Trans. Netw. (TON) 20(6), 1880–1894 (2012)Google Scholar
  5. 5.
    Roesch, M.: Snort: lightweight intrusion detection for networks. Lisa 99(1), 229–238 (1999)MathSciNetGoogle Scholar
  6. 6.
    Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)CrossRefGoogle Scholar
  7. 7.
    Stewart, L., Armitage, G., Branch, P., Zander, S.: An architecture for automated network control of QoS over consumer broadband links (2005)Google Scholar
  8. 8.
    Baker, F., Foster, B., Sharp, C.:Cisco architecture for lawful intercept in IP networks, (No. RFC 3924) (2004)Google Scholar
  9. 9.
    Geurts, P., Ernst, D., Wehenkel, L.: Extremely randomized trees. Mach. Learn. 63(1), 3–42 (2006) (Springer)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Department of Information Science and EngineeringSri Jayachamarajendra College of EngineeringMysuruIndia

Personalised recommendations