Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987428
T. Zinner, Stefan Geissler, Fabian Helmschrott, Valentin Burger
This paper details a measurement study on the impact of different HTTP-based application layer protocols, namely HTTP/1, HTTP/2 and QUIC, on video streaming performance. In this context we evaluate the influence on the initial delay until video playout is started using the live version of the YouTube platform. Furthermore, we evaluate how different network parameters, i.e. bandwidth, RTTs and packet loss influence the different protocols. This work presents an overview over the characteristics of the compared protocols and presents a detailed measurement methodology on how the data has been obtained. Finally, the observed data is evaluated in the context of YouTube video streaming.
{"title":"Comparison of the initial delay for video playout start for different HTTP-based transport protocols","authors":"T. Zinner, Stefan Geissler, Fabian Helmschrott, Valentin Burger","doi":"10.23919/INM.2017.7987428","DOIUrl":"https://doi.org/10.23919/INM.2017.7987428","url":null,"abstract":"This paper details a measurement study on the impact of different HTTP-based application layer protocols, namely HTTP/1, HTTP/2 and QUIC, on video streaming performance. In this context we evaluate the influence on the initial delay until video playout is started using the live version of the YouTube platform. Furthermore, we evaluate how different network parameters, i.e. bandwidth, RTTs and packet loss influence the different protocols. This work presents an overview over the characteristics of the compared protocols and presents a detailed measurement methodology on how the data has been obtained. Finally, the observed data is evaluated in the context of YouTube video streaming.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126069501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987314
L. C. Costa, A. Vieira, E. B. Silva, D. Macedo, Geraldo Gomes, L. H. A. Correia, L. Vieira
The decoupling of data and control planes of network switches is the main characteristic of Software Defined Networks. The OpenFlow (OF) protocol implements this concept and it is found today in various off-the-shelf equipment. Despite being widely employed in industry and research there is no systematic evaluation of OF data plane performance in the literature. In this paper we evaluate the performance and maturity of the main features of OF 1.0 on nine hardware and software switches. Results show that the performance varies significantly among implementations. For instance, packet delays vary by one order of magnitude among the evaluated switches, while the packet size does not impact the performance of OF switches.
{"title":"Performance evaluation of OpenFlow data planes","authors":"L. C. Costa, A. Vieira, E. B. Silva, D. Macedo, Geraldo Gomes, L. H. A. Correia, L. Vieira","doi":"10.23919/INM.2017.7987314","DOIUrl":"https://doi.org/10.23919/INM.2017.7987314","url":null,"abstract":"The decoupling of data and control planes of network switches is the main characteristic of Software Defined Networks. The OpenFlow (OF) protocol implements this concept and it is found today in various off-the-shelf equipment. Despite being widely employed in industry and research there is no systematic evaluation of OF data plane performance in the literature. In this paper we evaluate the performance and maturity of the main features of OF 1.0 on nine hardware and software switches. Results show that the performance varies significantly among implementations. For instance, packet delays vary by one order of magnitude among the evaluated switches, while the packet size does not impact the performance of OF switches.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129964370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987462
Christian Sieber, A. Obermair, W. Kellerer
Software Defined Networking (SDN) paved the way for a logically centralized entity, the SDN controller, to excerpt near real-time control over the forwarding state of a network. Network hypervisors are an in-between layer to allow multiple SDN controllers to share this control by slicing the network and giving each controller the power over a part of the network. This makes network hypervisors a critical component in terms of reliability and performance. At the same time, compute virtualization is ubiquitous and may not guarantee statically assigned resources to the network hypervisors. It is therefore important to understand the performance of network hypervisors in environments with varying compute resources. In this paper we propose an online machine learning pipeline to synthesize a performance model of a running hypervisor instance in the face of varying resources. The performance model allows precise estimations of the current capacity in terms of control message throughput without time-intensive offline benchmarks. We evaluate the pipeline in a virtual testbed with a popular network hypervisor implementation. The results show that the proposed pipeline is able to estimate the capacity of a hypervisor instance with a low error and furthermore is able to quickly detect and adapt to a change in available resources. By exploring the parameter space of the learning pipeline, we discuss its characteristics in terms of estimation accuracy and convergence time for different parameter choices and use cases. Although we evaluate the approach with network hypervisors, our work can be generalized to other latency-sensitive applications with similar characteristics and requirements as network hypervisors.
{"title":"Online learning and adaptation of network hypervisor performance models","authors":"Christian Sieber, A. Obermair, W. Kellerer","doi":"10.23919/INM.2017.7987462","DOIUrl":"https://doi.org/10.23919/INM.2017.7987462","url":null,"abstract":"Software Defined Networking (SDN) paved the way for a logically centralized entity, the SDN controller, to excerpt near real-time control over the forwarding state of a network. Network hypervisors are an in-between layer to allow multiple SDN controllers to share this control by slicing the network and giving each controller the power over a part of the network. This makes network hypervisors a critical component in terms of reliability and performance. At the same time, compute virtualization is ubiquitous and may not guarantee statically assigned resources to the network hypervisors. It is therefore important to understand the performance of network hypervisors in environments with varying compute resources. In this paper we propose an online machine learning pipeline to synthesize a performance model of a running hypervisor instance in the face of varying resources. The performance model allows precise estimations of the current capacity in terms of control message throughput without time-intensive offline benchmarks. We evaluate the pipeline in a virtual testbed with a popular network hypervisor implementation. The results show that the proposed pipeline is able to estimate the capacity of a hypervisor instance with a low error and furthermore is able to quickly detect and adapt to a change in available resources. By exploring the parameter space of the learning pipeline, we discuss its characteristics in terms of estimation accuracy and convergence time for different parameter choices and use cases. Although we evaluate the approach with network hypervisors, our work can be generalized to other latency-sensitive applications with similar characteristics and requirements as network hypervisors.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130093070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987391
D. Tuncer, Tom Sherborne, M. Charalambides, G. Pavlou
Recent approaches have proposed to empower Internet Service Providers (ISPs) with caching capabilities that can allow them to implement their own cache management strategies and as such have better control over the utilization of their resources. In this demo paper, we present CacheMAsT (Cache Management Analysis and Visualization Tool), a decision support tool to visualize the configuration and performance of in-network cache management approaches. CacheMAsT is aimed at assisting researchers and engineers in analyzing and evaluating the different factors that can affect the performance of a cache management strategy and ultimately decide on the optimal approach to apply.
{"title":"CacheMAsT: Cache Management Analysis and Visualization Tool","authors":"D. Tuncer, Tom Sherborne, M. Charalambides, G. Pavlou","doi":"10.23919/INM.2017.7987391","DOIUrl":"https://doi.org/10.23919/INM.2017.7987391","url":null,"abstract":"Recent approaches have proposed to empower Internet Service Providers (ISPs) with caching capabilities that can allow them to implement their own cache management strategies and as such have better control over the utilization of their resources. In this demo paper, we present CacheMAsT (Cache Management Analysis and Visualization Tool), a decision support tool to visualize the configuration and performance of in-network cache management approaches. CacheMAsT is aimed at assisting researchers and engineers in analyzing and evaluating the different factors that can affect the performance of a cache management strategy and ultimately decide on the optimal approach to apply.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121766416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987336
Changyu Wang, X. Guan, Tao Qin
Recently, network traffic classification has attracted a great deal of attention among researchers. In this paper, we proposed a traffic classification approach based on characteristics of subflows and ensemble learning. Aiming at neutralization of unstable network environment as well as taking advantage of ensemble learning, we divided the traffic flows into different subflows in order to reduce the affection of time. Moreover, we develop truncation method on flows for real-time processing and an aggregation machine learning method based on accuracy of each classifier to different applications. Finally, the experimental results based on actual traffic traces collected from the campus network of Xian Jiaotong University verify the effectiveness of our methods.
{"title":"A traffic classification approach based on characteristics of subflows and ensemble learning","authors":"Changyu Wang, X. Guan, Tao Qin","doi":"10.23919/INM.2017.7987336","DOIUrl":"https://doi.org/10.23919/INM.2017.7987336","url":null,"abstract":"Recently, network traffic classification has attracted a great deal of attention among researchers. In this paper, we proposed a traffic classification approach based on characteristics of subflows and ensemble learning. Aiming at neutralization of unstable network environment as well as taking advantage of ensemble learning, we divided the traffic flows into different subflows in order to reduce the affection of time. Moreover, we develop truncation method on flows for real-time processing and an aggregation machine learning method based on accuracy of each classifier to different applications. Finally, the experimental results based on actual traffic traces collected from the campus network of Xian Jiaotong University verify the effectiveness of our methods.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"362 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115941334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987332
Qinglei Qi, Wendong Wang, Xiangyang Gong, Xirong Que
Recent studies have shown that the flow table size of hardware SDN switch cannot match the number of concurrent flows. Combined SDN Forwarding Element (CFE), which comprises software switch and hardware switch, becomes an alternative approach for tackling this problem. Because software switch has lower lookup speed than hardware switch, different proportions of traffic allocated to software switches in CFE have different effects on the delay bounds of all flows entering CFE. As delay-guarantee is a nontrivial task for network providers, especially with the increasing number of delay-sensitive applications, a model to analyze the delay bound given a flow allocation in CFE is important. With the one-to-one correspondence between flow allocation and rules placement solution, the analytical model can be used to evaluate and compare rules placement solutions and provide a basis for designing better rules placement solution in CFE. In this paper, we propose an analytical model for CFE based on network calculus, and then validate this model through simulations in NS-3.
最近的研究表明,硬件SDN交换机的流表大小不能匹配并发流的数量。组合式SDN转发单元(Combined SDN Forwarding Element, CFE)由软件交换机和硬件交换机组成,成为解决这一问题的另一种方法。由于软件交换机的查找速度比硬件交换机慢,所以在CFE中分配给软件交换机的流量的不同比例对所有进入CFE的流量的延迟界有不同的影响。对于网络提供商来说,延迟保证是一项非常重要的任务,特别是随着对延迟敏感的应用数量的增加,在CFE中分析给定流量分配的延迟边界模型是非常重要的。由于流分配与规则放置方案之间存在一一对应关系,该分析模型可用于评估和比较规则放置方案,为CFE中设计更好的规则放置方案提供依据。本文提出了一种基于网络演算的CFE分析模型,并在NS-3中进行了仿真验证。
{"title":"An analytical model for combined SDN Forwarding Element","authors":"Qinglei Qi, Wendong Wang, Xiangyang Gong, Xirong Que","doi":"10.23919/INM.2017.7987332","DOIUrl":"https://doi.org/10.23919/INM.2017.7987332","url":null,"abstract":"Recent studies have shown that the flow table size of hardware SDN switch cannot match the number of concurrent flows. Combined SDN Forwarding Element (CFE), which comprises software switch and hardware switch, becomes an alternative approach for tackling this problem. Because software switch has lower lookup speed than hardware switch, different proportions of traffic allocated to software switches in CFE have different effects on the delay bounds of all flows entering CFE. As delay-guarantee is a nontrivial task for network providers, especially with the increasing number of delay-sensitive applications, a model to analyze the delay bound given a flow allocation in CFE is important. With the one-to-one correspondence between flow allocation and rules placement solution, the analytical model can be used to evaluate and compare rules placement solutions and provide a basis for designing better rules placement solution in CFE. In this paper, we propose an analytical model for CFE based on network calculus, and then validate this model through simulations in NS-3.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126907608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987324
Satadal Sengupta, V. Yadav, Yash Saraf, Harshit Gupta, Niloy Ganguly, Sandip Chakraborty, Pradipta De
Among the mobile applications contributing to the surging Internet traffic, video applications are some of the biggest contributors. Most of these video applications use HTTP/HTTPS tunneling making it difficult to apply port based or packet data based identification of flows. This makes it challenging for network operators to enforce bandwidth regulation policies for app based service differentiation due to lack of flow identification mechanisms for mobile apps. We explore a packet data agnostic feature of video flows, namely packet-size, to identify the flows. We show that it is possible to train a classifier that can distinguish packets from streaming and interactive video apps with high accuracy. We design and implement a system, called MoViDiff, with this classifier at the core, that allows bandwidth regulation between video traffic of two different categories, streaming and interactive. We show that we can achieve an average accuracy of 96% in classifying the traffic, with the maximum accuracy reaching as high as 98%.
{"title":"MoViDiff: Enabling service differentiation for mobile video apps","authors":"Satadal Sengupta, V. Yadav, Yash Saraf, Harshit Gupta, Niloy Ganguly, Sandip Chakraborty, Pradipta De","doi":"10.23919/INM.2017.7987324","DOIUrl":"https://doi.org/10.23919/INM.2017.7987324","url":null,"abstract":"Among the mobile applications contributing to the surging Internet traffic, video applications are some of the biggest contributors. Most of these video applications use HTTP/HTTPS tunneling making it difficult to apply port based or packet data based identification of flows. This makes it challenging for network operators to enforce bandwidth regulation policies for app based service differentiation due to lack of flow identification mechanisms for mobile apps. We explore a packet data agnostic feature of video flows, namely packet-size, to identify the flows. We show that it is possible to train a classifier that can distinguish packets from streaming and interactive video apps with high accuracy. We design and implement a system, called MoViDiff, with this classifier at the core, that allows bandwidth regulation between video traffic of two different categories, streaming and interactive. We show that we can achieve an average accuracy of 96% in classifying the traffic, with the maximum accuracy reaching as high as 98%.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126806225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987322
Dries Pauwels, Jeroen van der Hooft, Stefano Petrangeli, T. Wauters, D. D. Vleeschauwer, F. Turck
The increased popularity of social media and mobile devices has radically changed the way people consume multimedia content online. As an example, users can experience the same event (e.g. a sports event or a concert) together using social media, even if they are not in the same physical location. Moreover, the introduction of the HTTP Adaptive Streaming principle has made it possible to deliver video over the best-effort Internet with consistent quality, even for mobile devices. One of the challenges within this context is the synchronization of multimedia playback among geographically distributed clients. To solve this issue, we propose a Web-based framework which allows to synchronize the playback of different clients. We also present a novel hybrid approach for adaptive streaming to allow fast synchronization among different clients, which relies on HTTP/2's server push feature in combination with sub-second video segments. In this paper, we detail the proposed framework and provide a comprehensive analysis of its performance. Experiments show that the novel hybrid approach can reduce synchronization time with 19.4% compared to standard adaptive streaming over HTTP/1.1 when bandwidth is limited to 2.5 Mb/s and an RTT of 150 ms. The gain increases even more when a higher throughput is available. The obtained results entail that the proposed framework can provide quality of experience for all users watching online video together.
{"title":"A Web-based framework for fast synchronization of live video players","authors":"Dries Pauwels, Jeroen van der Hooft, Stefano Petrangeli, T. Wauters, D. D. Vleeschauwer, F. Turck","doi":"10.23919/INM.2017.7987322","DOIUrl":"https://doi.org/10.23919/INM.2017.7987322","url":null,"abstract":"The increased popularity of social media and mobile devices has radically changed the way people consume multimedia content online. As an example, users can experience the same event (e.g. a sports event or a concert) together using social media, even if they are not in the same physical location. Moreover, the introduction of the HTTP Adaptive Streaming principle has made it possible to deliver video over the best-effort Internet with consistent quality, even for mobile devices. One of the challenges within this context is the synchronization of multimedia playback among geographically distributed clients. To solve this issue, we propose a Web-based framework which allows to synchronize the playback of different clients. We also present a novel hybrid approach for adaptive streaming to allow fast synchronization among different clients, which relies on HTTP/2's server push feature in combination with sub-second video segments. In this paper, we detail the proposed framework and provide a comprehensive analysis of its performance. Experiments show that the novel hybrid approach can reduce synchronization time with 19.4% compared to standard adaptive streaming over HTTP/1.1 when bandwidth is limited to 2.5 Mb/s and an RTT of 150 ms. The gain increases even more when a higher throughput is available. The obtained results entail that the proposed framework can provide quality of experience for all users watching online video together.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126353478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987403
A. Jacobs, R. Santos, M. Franco, E. Scheid, R. Pfitscher, L. Granville
AMNESiA is an affinity measurement platform for NFV-enabled networks, designed to consolidate and interpret existing monitoring data into an affinity metric, aiding operators to identify affinity and anti-affinity relations in the network. AMNESiA uses the latest snapshot of usage data, collected through a generic monitoring solution, from the database to measure affinity between VNFs.
{"title":"AMNESiA: Affinity measurement platform for NFV-enabled networks","authors":"A. Jacobs, R. Santos, M. Franco, E. Scheid, R. Pfitscher, L. Granville","doi":"10.23919/INM.2017.7987403","DOIUrl":"https://doi.org/10.23919/INM.2017.7987403","url":null,"abstract":"AMNESiA is an affinity measurement platform for NFV-enabled networks, designed to consolidate and interpret existing monitoring data into an affinity metric, aiding operators to identify affinity and anti-affinity relations in the network. AMNESiA uses the latest snapshot of usage data, collected through a generic monitoring solution, from the database to measure affinity between VNFs.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127346344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-05-01DOI: 10.23919/INM.2017.7987417
Wei-ke Chen, Xiao Luo, A. N. Zincir-Heywood
Effective detection of botnet traffic becomes difficult as the attackers use encrypted payload and dynamically changing port numbers (protocols) to bypass signature based detection and deep packet inspection. In this paper, we build a normal profiling-based botnet detection system using three unsupervised learning algorithms on service-based flow-based data, including self-organizing map, local outlier, and k-NN outlier factors. Evaluations on publicly available botnet data sets show that the proposed system could reach up to 91% detection rate with a false alarm rate of 5%.
{"title":"Exploring a service-based normal behaviour profiling system for botnet detection","authors":"Wei-ke Chen, Xiao Luo, A. N. Zincir-Heywood","doi":"10.23919/INM.2017.7987417","DOIUrl":"https://doi.org/10.23919/INM.2017.7987417","url":null,"abstract":"Effective detection of botnet traffic becomes difficult as the attackers use encrypted payload and dynamically changing port numbers (protocols) to bypass signature based detection and deep packet inspection. In this paper, we build a normal profiling-based botnet detection system using three unsupervised learning algorithms on service-based flow-based data, including self-organizing map, local outlier, and k-NN outlier factors. Evaluations on publicly available botnet data sets show that the proposed system could reach up to 91% detection rate with a false alarm rate of 5%.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132648023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: