Batch classifier with adaptive update for backbone traffic classification

Abstract

Network traffic analysis is an important method for ISPs to know the status of the network. However, the high speed and rapid evolution of backbone network traffic have brought new challenges to traffic analysis. Most existing traffic classifiers are based on full traffic, while processing all the large-scale backbone network traffic is time-intensive and resource-consuming. Moreover, the relationship between feature vectors and classification labels drifts with the rapid evolution of backbone network traffic, which leads to the degradation of the performance of the classification model. This paper presents a model that can implement real-time classification of sampled backbone network traffic and adaptively update the classification model when concept drift occurs. To accurately classify the backbone network traffic in real time, we propose the Multiple Counter Sketch (MC Sketch) to quickly extract feature vectors from the sampled traffic and design an Adaptive Batch Classifier based on Agglomerative Clustering (A-BCAC) to perform unsupervised batch clustering of feature vectors. Using the labels obtained from A-BCAC, we trained the classifier to classify the backbone traffic. In addition, we design an adaptive batch update model based on concept drift detection to solve the concept drift problem. The experimental results on sampled traffic collected on a 10Gbps link and the comparisons with state-of-the-art studies demonstrate the performance and efficiency of our method.