Share by e-mail

Return to the home page of Tomasz Bujlow

A Method for Classification of Network Traffic Based on C5.0 Machine Learning Algorithm

Tomasz Bujlow, Tahir Riaz, and Jens Myrup Pedersen

Proceedings of ICNC'12: 2012 International Conference on Computing, Networking and Communications (ICNC): Workshop on Computing, Networking and Communications, pp. 244 - 248, IEEE, Maui, Hawaii, USA, February 2012, DOI: 10.1109/ICCNC.2012.6167418.

  Download this publication in PDF (author's version)


Monitoring of the network performance in a high-speed Internet infrastructure is a challenging task, as the requirements for the given quality level are service-dependent. Therefore, the backbone QoS monitoring and analysis in Multi-hop Networks requires the knowledge about the types of applications forming the current network traffic. To overcome the drawbacks of existing methods for traffic classification, usage of C5.0 Machine Learning Algorithm (MLA) was proposed. On the basis of the statistical traffic information received from volunteers and C5.0 algorithm, we constructed a boosted classifier, which was shown to have the ability to distinguish between 7 different applications in the test set of 76,632 - 1,622,710 unknown cases with average accuracy of 99.3 - 99.9%. This high accuracy was achieved by using high quality training data collected by our system, a unique set of parameters used for both training and classification, an algorithm for recognizing flow direction and the C5.0 itself. The classified applications include Skype, FTP, torrent, web browser traffic, web radio, interactive gaming and SSH. We performed subsequent tries using different sets of parameters and both training and classification options. This paper shows how we collected accurate traffic data, presents arguments used in classification process, introduces the C5.0 classifier and its options, and finally, evaluates and compares the obtained results.

Return to the home page of Tomasz Bujlow