Author: | Liu, Dejian James |
Title: | HTTP-tunnel traffic classification |
Degree: | M.Sc. |
Year: | 2007 |
Subject: | Hong Kong Polytechnic University -- Dissertations. HTTP (Computer network protocol) Machine learning. Hypertext systems. |
Department: | Department of Computing |
Pages: | viii, 90 leaves : ill. ; 30 cm. |
Language: | English |
Abstract: | There is a growing need for accurate and timely classification of network traffic flows. The focus of the dissertation is to classify the different application traffics that are tunnelled inside HTTP. Application after tunnelled generally show similar statistical behaviour as HTTP traffics and become difficult to identify statistically. Overheads caused by HTTP-tunnel such as 'probe packets' are generated differently based on different application being tunnelled and are useful to identify a tunnel application. For applications that have similar HTTP-Tunnel overhead pattern, they can be classified with dynamics of big messages that span across several TCP packets. Total 30 Directional and bidirectional flow metrics are used in this work to describe the HTTP-tunnel traffics. With these flow metrics, a classifier is trained by machine learning algorithms using a clean data set. The classifier is then used to classify HTTP related traffics including HTTP Web Browsing, File Transferring, Game, Instant Messages, Real Streaming, TELNET, Covert Channel etc. The result shows 88% overall accuracy and 78-96% individual class accuracy. Machine learning algorithm C4.5 Decision Tree and k Nearest Neighbour have notable accuracy result (94.1% and 93.2% respectively). The best mean recall rate is 0.89. Flow based and Volume based results are similar. Volume based result is generally better. |
Rights: | All rights reserved |
Access: | restricted access |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
b2148062x.pdf | For All Users (off-campus access for PolyU Staff & Students only) | 1.98 MB | Adobe PDF | View/Open |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/529