Abstract:

The automatic detection of applications associated with network traffic is very important for network security and traffic management. Unfortunately, because of some of the applications like P2P, VOIP applications using dynamic port numbers, masquerading techniques, and encryption, it is difficult using simple portbased analysis to classify packet payloads in order to identify these applications. And many research works have proposed using the clustering algorithms to identify network traffic, but these algorithms have some defects in how to choose the cluster center and the number of clusters. In this paper, we first use the Weighting D2 algorithm to improve the selection of the initialized cluster centers, and use the value of NMI(Normalize Mutual Information)to ascertain the number of clusters, and then get an improved clustering algorithm, and finally propose a application level identification method based on this algorithm. The experimental results show that this method  reaches 90% accuracy or more, and gets lower False Positive Rate and False Rejection Rate.

Key words: traffic identification;clustering algorithm;center of cluster;number of cluster