Publishing house Radiotekhnika

"Publishing house Radiotekhnika":
scientific and technical literature.
Books and journals of publishing houses: IPRZHR, RS-PRESS, SCIENCE-PRESS

Тел.: +7 (495) 625-9241


Analysis of network traffic classification approaches


V.V. Syuzev – Dr.Sc.(Eng.), Professor, Department «Computer systems and networks», Bauman Moscow State Technical University
A.M. Andreev – Ph.D.(Eng.), Associate Professor, Department «Computer systems and networks», Bauman Moscow State Technical University
S.M. Jammoul – Post-graduate Student, Department «Computer systems and networks», Bauman Moscow State Technical University
S.V. Usovik – Post-graduate Student, Department «Computer systems and networks», Bauman Moscow State Technical University

The fast development of network infrastructure and telecommunication facilities founded the necessary conditions for wide usage of the internet services in different life aspects. Along with the wide spreading of internet service, ISPs and network administrators are concerned to analyze and classify network traffic in order to protect users and network resources and prevent the violations, as well as to enhance quality of services. Many of the most popular services like google services, social networks and others services are trending toward: first, using the encryption protocols in order to protect user’s privacy, and second using web services or web ports. The current tendency of these services makes the monitoring tasks more difficult for the ISPs. Data encryption proposes the matter of balancing between privacy and security. One of the most important challenges of using encryption is related to detect and prevent security policy violation. Network traffic classification is one of the most highly researched topics in last decade; many advances have been achieved in this field, but the encrypted traffic classification still one of the challenging issues. We survey in this paper traffic classification levels, traffic analysis approaches at network application level with assessment for each approach, the most important works in each approach with emphasizing on encrypted traffic classification methods and pros and cons. As well, this paper discusses the difficulties and chal-lenges in encrypted traffic classification field.

  1. Simon Denyer. The walls are closing in: China finds new ways to tighten Internet controls. The Washington Post. 27. Sept 2017.
  2. Suxov V.E. Sistema obnaruzheniya anomalij setevogo trafika na osnove iskusstvenny'x immunny'x sistem nejrosetevy'x detektorov // 2015. № 54. Ch. 1. S. 84−90.
  3. Global Internet Phenomena Report – Asia pacific, Africa and the middle-east [E'lektronny'j resurs] / Sandvine inc. 2016. – Rezhim dostupa:
  4. Kuz'min V.V. Klassifikacziya i identifikacziya trafika v mul'tiservisnoj seti operatora svyazi // Sovremenny'e problemy' nauki i obrazovaniya. 2014. № 5.
  5. Dainotti A., Pescape A., Claffy K.C. Issues and future directions in traffic classification // IEEE Network. 2012. V. 26. № 4. S. 35-40.
  6. Service Name and Transport Protocol Port Number Registry / Internet Assigned Numbers Authority (IANA) 2017. – Rezhim dostupa:
  7. Flax P. Mashinnoe obuchenie. Nauka i iskusstvo postroeniya algoritmov, kotory'e izvlekayut znaniya iz danny'x: Per. s angl. A.A. Slinkina. M.: DMK Press. 2015. 400 s.
  8. Moore A., Crogan M., Zuev D. Discriminators for use in flow-based classification // Technical report, Queen Mary, University of London. 2005. P. 16.
  9. Alshammari R., Zincir-Heywood A.N. An Investigation on the Identification of VoIP traffic: Case study on Gtalk and Skype // International Conference on Network and Service Management (CNSM). Oct 2010. P. 310−313.
  10. Babak Rahbarinia, Roberto Perdisci1 Andrea Lanzi, and Kang Li. PeerRush: Mining for Unwanted P2P Traffic // Journal of Information Security and Applications. July 2014. V. 19. № 3. P. 194−208.
  11. Maurizio Dusi, Manuel Crotti, Francesco Gringoli, Luca Salgarelli. Detection of Encrypted Tunnels across Network Boundaries // IEEE International Conference on Communications. 2008.
  12. Charles V. Wright, Lucas Ballard, Fabian Monrose, Gerald M. Masson. Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? // 16th USENIX Security Symposium. 2007.
  13. M. Mazhar U. Rathore. Threshold-based generic scheme for encrypted and tunneled Voice Flows Detection over IP Networks // Journal of King Saud University. Computer and Information Sciences. July 2015. V. 27. № 3. P. 305−314.
  14. F. Sanchez, Z. Duan, Y. Dong. Blocking spam by separating end-user machines from legitimate mail server machines // Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS ’11). ACM, New York. NY. USA. 2011. P. 116−124.
  15. Z. Berkay Celik, Robert J. Walls; Patrick McDaniel; Ananthram Swami Malware Traffic Detection using Tamper Resistant Features // IEEE Military Communications Conference (MILCOM). 2015.
  16. Y. Kumano, S. Ata, N. Nakamura, Y. Nakahira, and I. Oka. Towards real-time processing for application identification of encrypted traffic. In Computing, Networking and Communications (ICNC), 2014 International Conference on. P. 136−140. Feb 2014.
  17. Y. Okada, S. Ata, N. Nakamura, Y. Nakahira, and I. Oka. Application Identification from Encrypted Traffic Based on Characteristic Changes by Encryption // IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR). May 2011. P. 1−6.
  18. Lei Ding, Fei Yu, Sheng Peng, Chen Xu. Classification Algorithm for Network Traffic based on Improved Support Vector Machine // Journal of Computers. 2013. 8(4). 1090−1096.
  19. C. Bacquet, A.N. Zincir-Heywood, and M.I. Heywood. Genetic Optimization and Hierarchical Clustering Applied to Encrypted Traffic Identification // IEEE Symposium on Computational Intelligence in Cyber Security (CICS). April 2011. P. 194−201.
  20. T. Bakhshi and B. Ghita. On internet traffic classification: A two-phased machine learning approach // Journal of Computer Networks and Communications. 2016.
  21. Elike Hodo, Xavier Bellekens, Ephraim Iorkyase, Andrew Hamilton, Christos Tachtatzis, Robert Atkinson. Machine Learning Approach for Detection of nonTor Traffic // Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES). 2017.
  22. Bujlow T., Riaz M.T., & Pedersen J.M. A method for classification of network traffic based on C5.0 Machine Learning Algorithm // IEEE International Conference on Computing, Networking and Communications (ICNC). 2012.
  23. Korczynski and A. Duda. Classifying Service Flows in the Encrypted Skype Traffic // IEEE International Conference on Communications (ICC). June 2012. P. 1064−1068.
  24. Hjelmvik E. and John W. Statistical protocol identification with spid: Preliminary results // 6th Swedish National Computer Networking Workshop (SNCNW). 2009.
  25. S. Kullback and R.A. Leibler. On Information and Sufficiency // Annals of Mathematical Statistics. 1951. V. 22. P. 49−86.
  26. M. Crotti, M. Dusi, F. Gringoli, and L. Salgarelli. Traffic classification through simple statistical fingerprinting // SIGCOMM Comput. Commun. Rev. 2007. V. 37. № 1. P. 5−16.
  27. Deep packet inspection / Vikipediya. 2017. Rezhim dostupa:
  28. Do L.H. and Branch P. Real Time VoIP Traffic Classification. Technical Report 090914A. Centre for Advanced Internet Architectures, Swinburne University of Technology, Melbourne, Australia. 2009.
  29. Andreev A.M., Usovik S.V. Model' traffika korporativnoj telekommunikaczionnoj seti s paketnoj kommutacziej v zadache klasterizaczii pri uslovii ogranichennogo nablyudeniya // Vestnik MGTU im. N.E'. Baumana. Ser. «Priborostroenie». Specz. vy'pusk «Modelirovanie i identifikacziya komp'yuterny'x sistem i setej». 2012.
  30. Dainotti A., De Donato W., Pescape A., Rossi P.S. (2008) Classification of network traffic via packet-level hidden markov models // IEEE Global Telecommunications Conference (GLOBECOM). 2008. New Orleans, LA, USA.
  31. Wright C.V., Monrose F., Masson G.M. HMM profiles for network traffic classification (extended abstract) // Proc. ACM Workshop on Visualization and Data Mining for Computer Security. Oct. 2004. P. 9−15.
June 24, 2020
May 29, 2020

© Издательство «РАДИОТЕХНИКА», 2004-2017            Тел.: (495) 625-9241                   Designed by [SWAP]Studio