Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Traffic Classification Using Bayesian Analysis Techniques

Published byΩσαννά Μπότσαρης Modified over 5 years ago

Similar presentations

Presentation on theme: "Internet Traffic Classification Using Bayesian Analysis Techniques"— Presentation transcript:

1 Internet Traffic Classification Using Bayesian Analysis Techniques
Presentation by Umamaheswararao K

2 Overview Statistical Method Uses Supervised Machine learning
Uses only flow records Based on descriminators of the flows - port, inter-packet gap etc… Applies Naïve Bayesian techniques Reasonably high accuracy

3 Machine Learned Classification
Deterministic Approach Assigns data points to one of mutually exclusive classes Probabilistic Approach assigns the flow with probabilties of belonging to certain class - Current technique falls into this category

4 Probabilistic Approach:
Can Identify similar Characteristics of flows after their probabilistic class assignment Robust to measurement error Provides a mechanism for quantifying class assignment probabilities Available in many implementations

5 Terminology Objects: Entities to be classfied – here traffic-flows which is a tuple of src/dst IP, protocol, src/dst port Discriminators: Characteristics parameterizing the flow behaviour – flow duration, TCP port etc - Here only complete TCP connections are considered

6 Discriminators/Categories

7 Analysis Tools Naïve Bayesian Classifier

8 Bayes Tech: Contd.. Assumptions – Discriminators Independent
TCP header length proportional to pak len or vice versa Discriminator distribution is assumed to be normal (Gaussian) - Distribution can be multimodal

9 Example

10 Naïve Bayes: Kernel Estimation
Descriminator distribution is not Gaussian

11 Naïve Bayes vs Kernel

12 Descriminator selection
Remove Irrelevant descriminators Cannot differentiate the class Same distribution for all classes Remove Redundant descriminators highly correlated with another discriminator

13 Descriminator reduction:
Filter Uses characteristics of training data to see how relevant the descriminator to the class degree of correlation b/w discriminator & class Wrapper uses results of a classifier to build optimal set

14 FCBF Fast-correlation based filter for discriminator filtering
Two stage process Identifying the relevance of a discriminator Identifying the redundancy of a feature with respect to discriminators

15 Results

16 Results: contd.. Accuracy: Correctly classified flows/Total number of flows Trust: Probability that a flow that has been classified into some class in fact from this class

17 Naïve Bayes- Trust

18 Trust: Kernel est.

19 Results for new data set

20 Identification of discriminators

21 Strengths Payload access not needed High accuracy and Trust with FCBF
Easily implementable Single flow based (a strength and a weakness) Allows any categorization

22 Weaknesses Bunch of them but then …?
Accuracy/Trust depends mainly on how good the training set is Trust of some classes is really poor works on flow based, characterization some flows require to see many flows (eg. Attacks) Temporal stability is not really good Discriminators are dependent on network dynamics

23 Weaknesses: Contd… Training is not automatic
Assumes discriminator independence Gaussian distribution assumption inaccurate

24 Future Work A significantly new approach hence can lead to many ideas
Spatial independence of traffic classification Check from weaknesses section

Download ppt "Internet Traffic Classification Using Bayesian Analysis Techniques"

Similar presentations

COMPUTER AIDED DIAGNOSIS: CLASSIFICATION Prof. Yasser Mostafa Kadah – www.k-space.org.

COMPUTER AIDED DIAGNOSIS: CLASSIFICATION Prof. Yasser Mostafa Kadah –
Notes Sample vs distribution “m” vs “µ” and “s” vs “σ” Bias/Variance Bias: Measures how much the learnt model is wrong disregarding noise Variance: Measures.

Notes Sample vs distribution “m” vs “µ” and “s” vs “σ” Bias/Variance Bias: Measures how much the learnt model is wrong disregarding noise Variance: Measures.
Probabilistic Generative Models Rong Jin. Probabilistic Generative Model Classify instance x into one of K classes Class prior Density function for class.

Probabilistic Generative Models Rong Jin. Probabilistic Generative Model Classify instance x into one of K classes Class prior Density function for class.
Data Mining Classification: Naïve Bayes Classifier

Data Mining Classification: Naïve Bayes Classifier
Assuming normally distributed data! Naïve Bayes Classifier.

Assuming normally distributed data! Naïve Bayes Classifier.
Classification and risk prediction

Classification and risk prediction
1 Chapter 12 Probabilistic Reasoning and Bayesian Belief Networks.

1 Chapter 12 Probabilistic Reasoning and Bayesian Belief Networks.
Application Identification in information-poor environments Charalampos Rotsos 02/02/20101 What is application identification Current status My work Future.

Application Identification in information-poor environments Charalampos Rotsos 02/02/20101 What is application identification Current status My work Future.
CS 590M Fall 2001: Security Issues in Data Mining Lecture 3: Classification.

CS 590M Fall 2001: Security Issues in Data Mining Lecture 3: Classification.
Logistic Regression Rong Jin. Logistic Regression Model  In Gaussian generative model:  Generalize the ratio to a linear model Parameters: w and c.

Logistic Regression Rong Jin. Logistic Regression Model  In Gaussian generative model:  Generalize the ratio to a linear model Parameters: w and c.
A Probabilistic Model for Classification of Multiple-Record Web Documents June Tang Yiu-Kai Ng.

A Probabilistic Model for Classification of Multiple-Record Web Documents June Tang Yiu-Kai Ng.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.

Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
Lecture #1COMP 527 Pattern Recognition1 Pattern Recognition Why? To provide machines with perception & cognition capabilities so that they could interact.

Lecture #1COMP 527 Pattern Recognition1 Pattern Recognition Why? To provide machines with perception & cognition capabilities so that they could interact.
Kernel Methods Part 2 Bing Han June 26, 2008. Local Likelihood Logistic Regression.

Kernel Methods Part 2 Bing Han June 26, Local Likelihood Logistic Regression.
Jeff Howbert Introduction to Machine Learning Winter 2012 1 Classification Bayesian Classifiers.

Jeff Howbert Introduction to Machine Learning Winter Classification Bayesian Classifiers.
Crash Course on Machine Learning

Crash Course on Machine Learning
A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.

A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.
Processing of large document collections Part 2 (Text categorization) Helena Ahonen-Myka Spring 2006.

Processing of large document collections Part 2 (Text categorization) Helena Ahonen-Myka Spring 2006.
Bayesian Networks. Male brain wiring Female brain wiring.

Bayesian Networks. Male brain wiring Female brain wiring.
Processing of large document collections Part 2 (Text categorization, term selection) Helena Ahonen-Myka Spring 2005.

Processing of large document collections Part 2 (Text categorization, term selection) Helena Ahonen-Myka Spring 2005.

Similar presentations

Ads by Google