Skip to main content
SpringerLink
Log in

Active Probing for Improved Machine-Learned Recognition of Network Traffic

  • Conference paper
  • First Online:
Machine Learning for Networking (MLN 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12629))

Included in the following conference series:

Abstract

Information about the network protocols used by the background traffic can be important to the foreground traffic. Whether that knowledge is exploited via optimization through protocol selection (OPS) or through other forms of parameter tuning, a machine-learned classifier is one tool to identifying background traffic protocols. Unfortunately, global knowledge can be difficult to obtain in a dynamic distributed system like a shared, wide-area network (WAN).

Previous techniques for protocol identification have focused on passive or end-point signals for classification. For example, end-to-end round trip time (RTT) can, especially when gathered as a time series, reveal a lot about what is happening on the network. Other related signals, such as bandwidth, and the number of retransmissions can also be used for protocol classification. However, as noted, these signals are typically gathered by passive means, which may limit their usefulness.

We introduce and provide a proof-of-concept of active probing, which is the systematic and deliberate perturbation of traffic on a network for the purpose of gathering information. The time-series data generated by active probing improves our machine-learned classifiers because different network protocols react differently to the probing. Whereas passive probing might be limiting the time series observations to a period of steady state (e.g., saturated network), active probing forces the system out of that steady state. We show that active probing improves on prior work (with passive probing of RTT) by between 7% to 16% in additional accuracy (depending on the window size), and reaching 90% averages in precision, recall, and F1-scores.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    While BBR version 2 has been under development, at the time of writing this paper, BBR version 1 is still the only stable version publicly available; hence the one used in this study for all the experiments and evaluations.

  2. 2.

    http://software.es.net/iperf/.

  3. 3.

    In this paper we only present results conducted on the 1 Gb/s network.

References

  1. Afanasyev, A., Tilley, N., Reiher, P., Kleinrock, L.: Host-to-host congestion control for TCP. IEEE Commun. Surv. Tutor. 12(3), 304–342 (2010). https://doi.org/10.1109/SURV.2010.042710.00114

    Article  Google Scholar 

  2. Anvari, H., Lu, P.: Large transfers for data analytics on shared wide-area networks. In: Proceedings of the ACM International Conference on Computing Frontiers, CF 2016, pp. 418–423. ACM, New York (2016). https://doi.org/10.1145/2903150.2911718

  3. Anvari, H., Huard, J., Lu, P.: Machine-learned classifiers for protocol selection on a shared network. In: Renault, É., Mühlethaler, P., Boumerdassi, S. (eds.) MLN 2018. LNCS, vol. 11407, pp. 98–116. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-19945-6_7

    Chapter  Google Scholar 

  4. Anvari, H., Lu, P.: The impact of large-data transfers in shared wide-area networks: an empirical study. Procedia Comput. Sci. 108, 1702–1711 (2017). International Conference on Computational Science, ICCS 2017, 12–14 June 2017, Zurich, Switzerland. https://doi.org/10.1016/j.procs.2017.05.211. http://www.sciencedirect.com/science/article/pii/S1877050917308049

  5. Anvari, H., Lu, P.: Learning mixed traffic signatures in shared networks. In: Krzhizhanovskaya, W., et al. (eds.) ICCS 2020. LNCS, vol. 12137, pp. 524–537. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50371-0_39

    Chapter  Google Scholar 

  6. Carbone, M., Rizzo, L.: Dummynet revisited. SIGCOMM Comput. Commun. Rev. 40(2), 12–20 (2010). https://doi.org/10.1145/1764873.1764876

    Article  Google Scholar 

  7. Cardwell, N., Cheng, Y., Gunn, C.S., Yeganeh, S.H., Jacobson, V.: BBR: congestion-based congestion control. Queue 14(5), 50:20–50:53 (2016). https://doi.org/10.1145/3012426.3022184

    Article  Google Scholar 

  8. Dong, M., Li, Q., Zarchy, D., Godfrey, P.B., Schapira, M.: PCC: re-architecting congestion control for consistent high performance. In: 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2015), pp. 395–408. USENIX Association, Oakland (2015). https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/dong

  9. Dong, M., et al.: PCC Vivace: online-learning congestion control. In: 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2018), pp. 343–356. USENIX Association, Renton (2018). https://www.usenix.org/conference/nsdi18/presentation/dong

  10. Guok, C., Robertson, D., Thompson, M., Lee, J., Tierney, B., Johnston, W.: Intra and interdomain circuit provisioning using the OSCARS reservation system. In: 2006 3rd International Conference on Broadband Communications, Networks and Systems, BROADNETS 2006, pp. 1–8, October 2006. https://doi.org/10.1109/BROADNETS.2006.4374316

  11. Ha, S., Rhee, I., Xu, L.: CUBIC: a new TCP-friendly high-speed TCP variant. SIGOPS Oper. Syst. Rev. 42(5), 64–74 (2008). https://doi.org/10.1145/1400097.1400105

    Article  Google Scholar 

  12. Hock, M., Bless, R., Zitterbart, M.: Experimental evaluation of BBR congestion control. In: 2017 IEEE 25th International Conference on Network Protocols (ICNP), pp. 1–10 (2017). https://doi.org/10.1109/ICNP.2017.8117540

  13. Hong, C., et al.: Achieving high utilization with software-driven WAN. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM 2013, pp. 15–26. ACM, New York (2013). https://doi.org/10.1145/2486001.2486012

  14. Jain, R., Chiu, D.M., Hawe, W.R.: A quantitative measure of fairness and discrimination for resource allocation in shared computer system, vol. 38. Eastern Research Laboratory, Digital Equipment Corporation Hudson, MA (1984)

    Google Scholar 

  15. Jain, S., et al.: B4: experience with a globally-deployed software defined WAN. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM 2013, pp. 3–14. ACM, New York (2013). https://doi.org/10.1145/2486001.2486019

  16. Jiang, H., Dovrolis, C.: Why is the internet traffic bursty in short time scales? In: Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2005, pp. 241–252. ACM, New York (2005). https://doi.org/10.1145/1064212.1064240

  17. Kozu, T., Akiyama, Y., Yamaguchi, S.: Improving RTT fairness on cubic TCP. In: 2013 First International Symposium on Computing and Networking, pp. 162–167, December 2013. https://doi.org/10.1109/CANDAR.2013.30

  18. Liu, H.H., et al.: Efficiently delivering online services over integrated infrastructure. In: 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2016), pp. 77–90. USENIX Association, Santa Clara (2016). https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/liu

  19. Ma, S., Jiang, J., Wang, W., Li, B.: Towards RTT fairness of congestion-based congestion control. CoRR abs/1706.09115 (2017). http://arxiv.org/abs/1706.09115

  20. Meng, T., Schiff, N.R., Godfrey, P.B., Schapira, M.: PCC proteus: scavenger transport and beyond. In: Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 2020, pp. 615–631. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3387514.3405891

  21. Mirza, M., Sommers, J., Barford, P., Zhu, X.: A machine learning approach to TCP throughput prediction. IEEE/ACM Trans. Netw. 18(4), 1026–1039 (2010). https://doi.org/10.1109/TNET.2009.2037812

    Article  Google Scholar 

  22. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  23. Vishwanath, K.V., Vahdat, A.: Evaluating distributed systems: does background traffic matter? In: USENIX 2008 Annual Technical Conference, ATC 2008, pp. 227–240. USENIX Association, Berkeley (2008). http://dl.acm.org/citation.cfm?id=1404014.1404031

  24. Winstein, K., Balakrishnan, H.: TCP ex Machina: computer-generated congestion control. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM 2013, pp. 123–134. ACM, New York (2013). https://doi.org/10.1145/2486001.2486020

  25. Yin, Q., Kaur, J.: Can machine learning benefit bandwidth estimation at ultra-high speeds? In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 397–411. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30505-9_30

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing Science, University of Alberta, Edmonton, AB, Canada

    Hamidreza Anvari & Paul Lu

Authors
  1. Hamidreza Anvari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamidreza Anvari .

Editor information

Editors and Affiliations

  1. Laboratoire LIGM UMR 8049 CNRS, ESIEE Paris, Noisy-le-Grand, France

    Éric Renault

  2. CNAM/CEDRIC, Paris, France

    Selma Boumerdassi

  3. Inria/EVA Project, Paris, France

    Paul Mühlethaler

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Anvari, H., Lu, P. (2021). Active Probing for Improved Machine-Learned Recognition of Network Traffic. In: Renault, É., Boumerdassi, S., Mühlethaler, P. (eds) Machine Learning for Networking. MLN 2020. Lecture Notes in Computer Science(), vol 12629. Springer, Cham. https://doi.org/10.1007/978-3-030-70866-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-70866-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-70865-8

  • Online ISBN: 978-3-030-70866-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation