Skip to main content
SpringerLink
Log in

TCP Traffic Classification Using Markov Models

  • Conference paper
Book cover Traffic Monitoring and Analysis (TMA 2010)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 6003))

Included in the following conference series:

Abstract

This paper presents a novel traffic classification approach which classifies TCP connections with help of observable Markov models. As traffic properties, payload length, direction, and position of the first packets of a TCP connection are considered. We evaluate the accuracy of the classification approach with help of packet traces captured in a real network, achieving higher accuracies than the cluster-based classification approach of Bernaille [1]. As another advantage, the complexity of the proposed Markov classifier is low for both training and classification. Furthermore, the classification approach provides a certain level of robustness against changed usage of applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bernaille, L., Teixeira, R., Salamatian, K.: Early application identification. In: Proc. of ACM International Conference on Emerging Networking Experiments and Technologies (CoNEXT) 2006, Lisboa, Portugal (2006)

    Google Scholar 

  2. Nguyen, T.T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys & Tutorials 10, 56–76 (2008)

    Article  Google Scholar 

  3. Wright, C., Monrose, F., Masson, G.: HMM profiles for network traffic classification (extended abstract). In: Proc. of Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), Fairfax, VA, USA, pp. 9–15 (2004)

    Google Scholar 

  4. Dainotti, A., de Donato, W., Pescapè, A., Rossi, P.S.: Classification of network traffic via packet-level hidden markov models. In: Proc. of IEEE Global Telecommunications Conference, GLOBECOM 2008, New Orleans, LA, USA (2008)

    Google Scholar 

  5. Rabiner, L.R.: A tutorial on hidden markov models and selected applications in speech recognition. In: Proceedings of IEEE, vol. 77, pp. 257–286 (1989)

    Google Scholar 

  6. Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Stochastic protocol modeling for anomaly based network intrusion detection. In: Proc. of IEEE International Workshop on Information Assurance, IWIA (2003)

    Google Scholar 

  7. Dai, H., Münz, G., Braun, L., Carle, G.: TCP-Verkehrsklassifizierung mit Markov-Modellen. In: 5. GI/ITG-Workshop MMBnet 2009, Hamburg, Germany (2009)

    Google Scholar 

  8. Bernaille, L.: Homepage of early application identification (2009), http://www-rp.lip6.fr/~teixeira/bernaill/earlyclassif.html

Download references

Author information

Authors and Affiliations

  1. Network Architectures and Services – Institute for Informatics, Technische Universität München, Germany

    Gerhard Münz, Hui Dai, Lothar Braun & Georg Carle

Authors
  1. Gerhard Münz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hui Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lothar Braun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Georg Carle
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Università del Salento, Lecce, Italy, and FTW Forschungszentrum Telekommunikation, Vienna, Austria

    Fabio Ricciato

  2. Dipartimento di Elettronica, Politecnico di Torino, Corso Duca degli Abruzzi 24, 10129, Torino, Italy

    Marco Mellia

  3. Institut EURECOM, Sophia Antipolis, France

    Ernst Biersack

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Münz, G., Dai, H., Braun, L., Carle, G. (2010). TCP Traffic Classification Using Markov Models. In: Ricciato, F., Mellia, M., Biersack, E. (eds) Traffic Monitoring and Analysis. TMA 2010. Lecture Notes in Computer Science, vol 6003. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12365-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12365-8_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12364-1

  • Online ISBN: 978-3-642-12365-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation