1

A Network Traffic Classification based on Coupled Hidden Markov Models

Fei Zhang, Wenjun Wuzhangfei,wwj@nlsde.buaa.edu.cnNational Lab of Software Development EnvironmentBeihang University, Beijing, China

Packet-Level Properties

• Inter Packet Time• Payload Size

Two HMM chains

Take as example

• S ： discrete hidden state set• π ： represents the initial rate of state• A ： transition matrix • B ： continuous conditional distribution(GMM), which means

the observed variable’s conditional probability under state

Parameters Estimation • BIC

for GMM selection for each hidden state

:

Maintain the Assessing Formula

We propose a statistic model using (IPT, PS) sequences set as input and calculate the assessing value using joint Viterbi path and transition matrix. In order to avoid the problem that assessing value is too small, we compute sum of logs instead of doing multiplication.

6

Data Illustraion and Pro-precessing

7

summarized through a confusion matrix, the results of the classification performed on the test sets. Each row represents the classification correctness (in percentage) over a different application test set

Results show that our PLCHMMs based traffic classifier can achieve more than 90% accuracy, in classifying almost every test dataset, which outperforms other HMM based traffic classifiers using different probability distribution.

9

Thanks