research-article

NeTraMark: a network traffic classification benchmark

Authors:

Chong-kwon Kim,

Yanghee ChoiAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 41, Issue 1

Pages 22 - 30

https://doi.org/10.1145/1925861.1925865

Published: 22 January 2011 Publication History

Abstract

Recent research on Internet traffic classification has produced a number of approaches for distinguishing types of traffic. However, a rigorous comparison of such proposed algorithms still remains a challenge, since every proposal considers a different benchmark for its experimental evaluation. A lack of clear consensus on an objective and cientific way for comparing results has made researchers uncertain of fundamental as well as relative contributions and limitations of each proposal. In response to the growing necessity for an objective method of comparing traffic classifiers and to shed light on scientifically grounded traffic classification research, we introduce an Internet traffic classification benchmark tool, NeTraMark. Based on six design guidelines (Comparability, Reproducibility, Efficiency, Extensibility, Synergy, and Flexibility/Ease-of-use), NeTraMark is the first Internet traffic lassification benchmark where eleven different state-of-the-art traffic classifiers are integrated. NeTraMark allows researchers and practitioners to easily extend it with new classification algorithms and compare them with other built-in classifiers, in terms of three categories of performance metrics: per-whole-trace flow accuracy, per-application flow accuracy, and computational performance.

References

[1]

CoralReef. http://www.caida.org/tools/measurement/coralreef/

[2]

WEKA: Data Mining Software in Java. http://www.cs.waikato.ac.nz/ml/weka/

[3]

Postgresql. http://www.postgresql.org

[4]

L7-filter, Application Layer Packet Classifier for Linux. http://l7-filter.sourceforge.net

[5]

K. Claffy, H.-W. Braun, and G. C. Polyzos. A parameterizable methodology for internet traffic flow profiling. In IEEE JSAC Special Issue on the Global Internet, Vol. 13, Num. 8, pp. 1481--1494, Oct. 1995.

Digital Library

[6]

H. Kim, K. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee. Internet Traffic Classification Demystified: Myths, Caveats and the Best Practices. In ACM CoNEXT, December 2008.

Digital Library

[7]

Y. Lim, H. Kim, J. Jeong, C. Kim, T. Kwon, and Y. Choi. Internet Traffic Classification Demystified: On the Sources of the Discriminative Power. In ACM CoNEXT, December 2010.

Digital Library

[8]

G. Szabo, I. Szabo, and D. Orincsay. Accurate Traffic Classification. In IEEE WoWMoM, June 2007.

[9]

L. Salgarelli, F. Gringoli, and T. Karagiannis. Comparing Traffic Classifiers. In ACM SIGCOMM CCR, Vol. 37, Num. 3, pp. 65--68, July 2007.

Digital Library

[10]

A. Dainotti, W. de Donato, A. Pescape, and G. Ventre. TIE: A Community-Oriented Traffic Classification Platform, In TMA, May 2009.

Digital Library

[11]

M. Iliofotou, P. Pappu, M. Faloutsos, M. Mitzenmacher, S. Singh, and G. Varghese. Network monitoring using traffic dispersion graphs. In ACM SIGCOMM IMC, October 2007.

Digital Library

[12]

M. Iliofotou, H. Kim, M. Faloutsos, M. Mitzenmacher, P. Pappu, and G. Varghese. Graph-based P2P Traffic Classification at the Internet Backbone. In IEEE Global Internet Symposium, April 2009.

Digital Library

[13]

T. Karagiannis, K. Papagiannaki, and M. Faloutsos. BLINC: Multilevel traffic classification in the dark. In ACM SIGCOMM, August 2005.

Digital Library

[14]

A. Moore and K. Papagiannaki. Toward the accurate identification of network applications. In PAM, April 2005.

Digital Library

[15]

A. McGregor, M. Hall, P. Lorier, and J. Brunskill. Flow clustering using machine learning techniques. In PAM, April 2004.

[16]

A. Moore and D. Zuev. Internet traffic classification using bayesian analysis techniques. In ACM SIGMETRICS, June 2005.

Digital Library

[17]

J. Erman, M. Arlitt, and A. Mahanti. Traffic Classificaton Using Clustering Algorithms. In ACM SIGCOMM MineNet Workshop, September 2006.

Digital Library

[18]

J. Erman, A. Mahanti, M. Arlitt, I. Cohen, and C. Williamson. Offline/Realtime Traffic Classification Using Semi-Supervised Learning. In IFIP Performance, October 2007.

Digital Library

[19]

J. Erman, A. Mahanti, and M. Arlitt. Byte Me: A Case for Byte Accuracy in Traffic Classification. In ACM SIGMETRICS MineNet Workshop, June 2007.

Digital Library

[20]

N. Williams, S. Zander, and G. Armitage. A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. In ACM SIGCOMM CCR, Vol. 36, Num. 5, pp.7--15, October 2006.

Digital Library

[21]

I. H. Witten and E. Frank. Data Mining:Practical Machine Leaning Tools and Techniques, 2nd ed. Morgan Kaufmann, 2005.

Digital Library

[22]

J. Crowcroft. Net neutrality: the technical side of the debate: a white paper. In ACM SIGCOMM CCR, Vol. 37, Num. 1, pp. 49--55, January 2007.

Digital Library

[23]

B. Park, Y. Won, M. Kim, and J. Hong. Towards Automated Application Signature Generation for Traffic Identification. In IEEE/IFIP NOMS, October 2008.

Cited By

Liang YWang FChen SChen BBo Y(2024)STI: A self-evolutive traffic identification system for unknown applications based on improved random forestComputer Communications10.1016/j.comcom.2024.02.010219(64-75)Online publication date: Apr-2024
https://doi.org/10.1016/j.comcom.2024.02.010
Ryšavý OMatoušek P(2021)A Network Traffic Processing Library for ICS Anomaly Detection7th Conference on the Engineering of Computer Based Systems10.1145/3459960.3459963(1-7)Online publication date: 26-May-2021
https://dl.acm.org/doi/10.1145/3459960.3459963
Alizadeh HVranken HZuquete AMiri A(2020)Timely Classification and Verification of Network Traffic Using Gaussian Mixture ModelsIEEE Access10.1109/ACCESS.2020.29925568(91287-91302)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2992556
Show More Cited By

Index Terms

NeTraMark: a network traffic classification benchmark
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

Batch classifier with adaptive update for backbone traffic classification
Abstract
Network traffic analysis is an important method for ISPs to know the status of the network. However, the high speed and rapid evolution of backbone network traffic have brought new challenges to traffic analysis. Most existing traffic classifiers ...
Byte me: a case for byte accuracy in traffic classification
MineNet '07: Proceedings of the 3rd annual ACM workshop on Mining network data

Numerous network traffic classification approaches have recently been proposed. In general, these approaches have focused on correctly identifying a high percentage of total flows. However, on the Internet a small number of "elephant" flows contribute a ...
Learning for accurate classification of real-time traffic
CoNEXT '06: Proceedings of the 2006 ACM CoNEXT conference

Accurate network traffic classification is an important task. We intend to develop an intelligent classification system by learning the types of service inside a network flow using machine learning techniques. Previous work used Bayesian methods for ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 41, Issue 1

January 2011

132 pages

ISSN:0146-4833

DOI:10.1145/1925861

Issue’s Table of Contents

Copyright © 2011 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 January 2011

Published in SIGCOMM-CCR Volume 41, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
816
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)3

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liang YWang FChen SChen BBo Y(2024)STI: A self-evolutive traffic identification system for unknown applications based on improved random forestComputer Communications10.1016/j.comcom.2024.02.010219(64-75)Online publication date: Apr-2024
https://doi.org/10.1016/j.comcom.2024.02.010
Ryšavý OMatoušek P(2021)A Network Traffic Processing Library for ICS Anomaly Detection7th Conference on the Engineering of Computer Based Systems10.1145/3459960.3459963(1-7)Online publication date: 26-May-2021
https://dl.acm.org/doi/10.1145/3459960.3459963
Alizadeh HVranken HZuquete AMiri A(2020)Timely Classification and Verification of Network Traffic Using Gaussian Mixture ModelsIEEE Access10.1109/ACCESS.2020.29925568(91287-91302)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2992556
Casino FChoo KPatsakis C(2019)HEDGE: Efficient Traffic Classification of Encrypted and Compressed PacketsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2019.291115614:11(2916-2926)Online publication date: Nov-2019
https://doi.org/10.1109/TIFS.2019.2911156
Kim JSim A(2019)A New Approach to Multivariate Network Traffic AnalysisJournal of Computer Science and Technology10.1007/s11390-019-1915-y34:2(388-402)Online publication date: 22-Mar-2019
https://doi.org/10.1007/s11390-019-1915-y
Kim JSim ATierney BSuh SKim I(2019)Multivariate network traffic analysis using clustered patternsComputing10.1007/s00607-018-0619-4101:4(339-361)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1007/s00607-018-0619-4
Lee SKim SLee SChoi JYoon HLee DLee J(2018)LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet AllocationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2016.260990715:5(771-783)Online publication date: 1-Sep-2018
https://doi.org/10.1109/TDSC.2016.2609907
Lastovicka MDufka AKomarkova J(2018)Machine Learning Fingerprinting Methods in Cyber Security Domain: Which one to Use?2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC)10.1109/IWCMC.2018.8450406(542-547)Online publication date: Jun-2018
https://doi.org/10.1109/IWCMC.2018.8450406
Swarnkar MHubballi N(2018)RDClass: on using relative distance of keywords for accurate network traffic classificationIET Networks10.1049/iet-net.2017.00657:4(273-279)Online publication date: 1-Jul-2018
https://doi.org/10.1049/iet-net.2017.0065
Balasingam ABansal MMisra RTandra RSchulman AKatti SVan der Merwe KGreenstein BSrinivasan K(2017)PosterProceedings of the 23rd Annual International Conference on Mobile Computing and Networking10.1145/3117811.3131254(531-533)Online publication date: 4-Oct-2017
https://dl.acm.org/doi/10.1145/3117811.3131254
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents