北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2011, Vol. 34 ›› Issue (1): 103-106.doi: 10.13190/jbupt.201101.103.zhangj

• 研究报告 • 上一篇    下一篇

在线聚类的网络流量识别

张剑1,2,钱宗珏1,寿国础1,胡怡红1   

  1. 1北京邮电大学 信息与通信工程学院, 北京 100876; 2青岛理工大学 电子与通信工程学院, 山东 青岛 266033
  • 收稿日期:2010-03-09 修回日期:2010-08-21 出版日期:2011-02-28 发布日期:2011-02-28
  • 通讯作者: 张剑 E-mail:zhangj9860@bupt.edu.cn
  • 基金资助:

    国家高技术研究发展计划项目(2008AA01Z218)

Network Traffic Identification Based on Online Clustering

  • Received:2010-03-09 Revised:2010-08-21 Online:2011-02-28 Published:2011-02-28
  • Contact: Jian ZHANG E-mail:zhangj9860@bupt.edu.cn

摘要:

针对网络流量在线识别的难题, 提出一种聚类算法和在线流量识别方案. 以网络数据流的若干初始数据包作为子流, 提取子流的统计特征, 应用基于滤波器算法的属性相关性算法提取子流最佳特征子集, 并提出基于密度的在线带噪声空间聚类算法对子流特征向量进行聚类, 采用优势概率业务实现聚类和应用类型的映射. 实验结果表明, 该方案具备识别新应用类型和加密数据流的功能, 且能实现在线的网络流量分类.

关键词: 流量识别, 在线聚类算法, 特征选择

Abstract:

To solve the problem of network traffic identification online, a clustering algorithm and a traffic identification scheme is proposed. The scheme uses a few number of the initial data packets in the flows as a subflow, extracts the statistical features from subflows, and extracts the best feature subset of subflows by applying correlationbased filter approach. The network traffic flows are clustered by online density based spatial clustering of applications with noise algorithm, and mapped to application types by the dominant application in clusters. Experiments show that the scheme can identify new application types and encrypted flows, and can be implemented in online network traffic classification.

Key words: traffic identification, online clustering algorithm, feature selection

中图分类号: