Skip to main content

Table 4 Summary of Payload and Host Behavior -based Traffic Classification

From: A comprehensive survey on machine learning for networking: evolution, applications and research opportunities

Ref. ML Technique Dataset Features Classes Evaluation
      Settings Results
Haffner et al. [176] Supervised NB, AdaBoost, MaxEnt Proprietary Discrete byte encoding for first n bytes of unidirectional flow FTP, SMTP, POP3, IMAP, HTTPS, HTTP, SSH n=64−256 bytes Overall error rate <0.51%, precision > 99%, recall > 94%
Ma et al. [286] Unsupervised HCA Proprietary: U. Cambridge, UCSD Discrete byte encoding for first n bytes of unidirectional flow FTP, SMTP, HTTP, HTTPS, DNS, NTP, NetBIOS, SrvLoc n=64 bytes, distance metric: PD = 250, MP = 150, CSG = 12% Error rate: PD ≤ 4.15%, MP ≤ 9.97%, CSG ≤ 6.19%
Finamore et al. [146] Supervised SVM Tstat [439]; NAPA-WINE [268]; Proprietary: ISP network Statistical characterization of first N bytes of each packet a window of size C, divided into G groups of b consecutive bits eMule, BitTorrent, RTP, RTCP, DNS, P2P-TV (PPLive, Joost, SopCast, TVAnts), Skype, Background C=80,N=12,G=24,b=4 Average TP = 99.6%, FP < 1%
Schatzmann et al. [404] Supervised SVM Proprietary: ISP network Service proximity, activity profiles, session duration, periodicity Mail, Non-Mail N/A Average accuracy = 93.2%, precision = 79.2%
Bermolan et al. [53] Supervised SVM Proprietary: campus network, ISP network Packet count exchanged between peers in duration T PPLive, TVAnts, SopCast, Joost T=5 s, SVM distance metric R=0.5 Worst-case TPR ≈95%, FPR < 0.1%
  1. N/A: Not available