Abstract
In this paper we present a fully unsupervised algorithm to identify classes of traffic inside an aggregate. The algorithm leverages on the K-means clustering algorithm, augmented with a mechanism to automatically determine the number of traffic clusters. The signatures used for clustering are statistical representations of the application layer protocols. The proposed technique is extensively tested considering UDP traffic traces collected from operative networks. Performance tests show that it can clusterize the traffic in few tens of pure clusters, achieving an accuracy above 95%. Results are promising and suggest that the proposed approach might effectively be used for automatic traffic monitoring, e.g., to identify the birth of new applications and protocols, or the presence of anomalous or unexpected traffic. © 2011 Springer-Verlag Berlin Heidelberg.
Cite
CITATION STYLE
Finamore, A., Mellia, M., & Meo, M. (2011). Mining unclassified traffic using automatic clustering techniques. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6613 LNCS, pp. 150–163). https://doi.org/10.1007/978-3-642-20305-3_13
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
