Академический Документы
Профессиональный Документы
Культура Документы
Clustering
Abdulrahman Hijazi 1 , Hajime Inoue2 , Anil Somayaji 1
Abstract: We summarize our work with ADHIC (Approximate Divisive HIerarchical Clusterer),
a lightweight, online, divisive hierarchical clustering algorithm tailored to the domain of network
traffic clustering. We then briefly describe our implementation of ADHIC, NetADHICT, which
serves as a tool to system administrators. The key innovation is that it can identify and present
a hierarchical decomposition of traffic based upon the learned structure of whole packets without
prior knowledge of protocol structures. ADHIC needs only a small fraction of packets to generate
the cluster decision tree, and the generated tree can be used to cluster packets at wire speeds. Our
experiments show NetADHICT can appropriately segregate well-known protocols, cluster traffic of
the same protocol together even if it is running on multiple ports, and segregate p2p traffic that
uses non-standard ports. We believe that ADHIC and NetADHICT are a useful complement to
critical applications used for performance analysis, identification of worms and flash crowds, and
[ Denial-of-Service resistant bandwidth management. ]
References
[1] Duda, R. O., Hart, P. E., and Stork, D. G. Pattern Classification, 2 ed. Wiley, 2001, ch. Unsupervised
Learning and Clustering, pp. 517–599.
[2] Erman, J., Mahanti, A., and Arlitt, M. Internet traffic identification using machine. In Proceedings of
IEEE GlobeCom (2006).
[3] Hijazi, A., Inoue, H., Matrawy, A., van Oorschot, P., and Somayaji, A. Towards understanding
network traffic through whole packet analysis. Tech. Rep. TR-07-06, School of Computer Science, Carleton
University, 2007.
[4] Hijazi, A., Inoue, H., van Oorschot, P., and Somayaji, A. Diversity-based traffic traffic management.
Tech. rep., Carleton University - prepared for the Communications Security Establishment, 2006.
[5] Inoue, H., Jansens, D., Hijazi, A., and Somayaji, A. Netadhict: A tool for understanding network traffic.
In Proceedings of the 21st Large Installation System Administration Conference (LISA’07) (Nov 2007).
[6] Matrawy, A., van Oorschot, P., and Somayaji, A. Mitigating network denial-of-service through
diversity-based traffic management. In Applied Cryptography and Network Security (ACNS’05) (2005), Springer
Science+Business Media, pp. 104–121.
[7] Williams, N., Zander, S., and Armitage, G. A Preliminary Performance Comparison of Five Machine
Learning Algorithms for Practical IP Traffic Flow Classification. ACM SIGCOMM Computer Communications
Review (October 2006).