Abstract
Recently, various applications and services are used in the Internet. Load balancing the increasing network traffic in real time can improve the network quality. The flow control technologies become much more important than before. Our research proposes an intelligent network flow identifying method, which is based on the neural network algorithm, GHSOM. In this paper, we suggest to utilize the structural classification of GHSOM for training the properties of packets, such as timestamp, source and destination. Based on our proposed normalization, IP network flows can be formed autonomously during the learning process. The combination use of the new normalization with the GHSOM can divide a flow to several sub-IP flows. This paper indicates that a flow shall consist of several sub-IP flows, and sub-IP flow shall consist of several IP packets. The experiments show that IP packets can be divided to flow and sub-IP flow classes properly. Furthermore, those repeated jumbo sub-IP flows can be used to discover communicating errors or abnormal attacks.
Similar content being viewed by others
References
Mori T, Takine T, Pan J, Kawahara R, Uchida M, Goto S (2007) Identifying heavy-hitter flows from sampled flow statistics. IEICE Trans 90-B(11):3061-3072
Claise B (2008) Specification of the IP flow information export (IPFIX) protocol for the exchange of IP traffic flow information. RFC 5401, Internet Engineering Task Force
Sadasivan G, Brownlee N, Clasise B, Quittek J (2009) Architecture for IP flow information export. RFC 5470, Internet Engineering Task Force
Rauber A, Merkl D, Dittenbach M (2002) The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data. IEEE Trans Neural Netw 13(6):1331–1341
Nguyen TTT, Armitage G (2008) A Survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutorials 10(4):56–76
Moore AW, Zuev D (2005) Internet traffic classification using bayesian analysis techniques. In: Proc. of the 2005 ACM SIGMETRICS international conference on measurement and modeling of computer systems
Auld T, Moore AW, Gull SF (2007) Bayesian neural networks for internet traffic classification. IEEE Trans Neural Netw 18(1):223–239
Erman J, Arlitt M, Mahanti A (2006) Traffic classification using clustering algorithms. In: Proc. of the 2006 SIGCOMM workshop on mining network data
Cai J, Yu S-Z (2010) Internet traffic identification using community detecting algorithm. In: Proc. of the international conference on multimedia information networking and security
Zander S, Nguyen T, Armitage G (2005) Automated traffic classification and application identification using machine learning. In: Proc. of the IEEE conference on local computer networks
Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutorials 12(3):343–356
Kohonen T (2000) Self-organizing maps. Springer
SOM_PAK (2011–2012), http://www.cis.hut.fi/research/som_lvq_pak.shtml
IPv6 Specification (1998) Internet engineering task force. RFC 2460, Internet Engineering Task Force
Dittenbach M, Merki D, Rauber A (2000) The growing hierarchical self-organizing map. In: Proc. of the international joint conference on neural networks (IEEE IJCNN 2000)
Zhao J, Xi L, Gao Y (2010) A network abnormal flow analysis method based on improved SOM. In: Proceedings of 2010 international conference on computer application and system modeling, IEEE
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Shi, H., Hamagami, T., Xu, H. et al. A Method for Classifying Packets into Network Flows Based on GHSOM. Mobile Netw Appl 17, 730–739 (2012). https://doi.org/10.1007/s11036-012-0383-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-012-0383-1