基于高维特征降维聚类的实时流量分类方法

doi:10.3969/j.issn.1006-2475.2025.01.013

摘要/Abstract

摘要： 针对传统网络流量分类方法无法避免未知流量对分类的影响和难以实现实时流量分类的问题，本文提出一种基于高维特征降维聚类的实时流量分类模型。首先，搭建CNN网络模型对流量数据进行高维特征提取，并保存特征向量。然后使用UMAP对特征向量进行降维，并使用DBSCAN聚类算法对流量进行分类，在实现应用程序粒度分类的基础上，有效降低未知流量对模型的影响。同时，提出一种基于流一致性的时延控制机制，借鉴TCP拥塞控制机制的思想，大幅减少流量分类的时间，使得本文模型能够满足实时流量分类的要求。同时，在真实网络中采集一套应用程序粒度的流量数据集，并在公开数据集和本文数据集上进行实验验证。结果表明，本文方法在已知数据集中准确率约为98%，当未知流量接近50%时，准确率保持在80%左右，且能够满足实时分类的要求。

关键词: 实时流量分类, 特征降维, 未知流量聚类, 深度学习

Abstract: This paper proposes a real-time traffic classification model based on high-dimensional feature reduction clustering to address the problem of traditional network traffic classification methods being unable to avoid the impact of unknown traffic on classification and difficult to achieve real-time traffic classification. First， a CNN network model is built to extract high-dimensional features from traffic data， and save feature vectors. Then， UMAP is used to reduce the dimensionality of feature vectors， and the DBSCAN clustering algorithm is used to classify traffic， which effectively reduces the impact of unknown traffic on the model while achieving application-level classification. This paper proposes a time-delay control mechanism based on flow consistency， which borrows the idea of TCP congestion control mechanism and greatly reduces the time for traffic classification， making the model proposed in this paper able to meet the requirements of real-time traffic classification. At the same time， this paper collects a set of application-level traffic data sets in a real network. The experimental results on public data sets and the data set buiding by this paper show that the accuracy of this paper’s method is approximately 98% in the known data set， and when the unknown traffic is close to 50%， the accuracy remains at around 80%， and it can meet the requirements of real-time classification.

Key words: real-time traffic classification, feature dimensionality reduction, unknown traffic clustering, deep learning

中图分类号:

TP393

肖军弼, 傅天奇. 基于高维特征降维聚类的实时流量分类方法[J]. 计算机与现代化, 2025, 0(01): 80-85.

XIAO Junbi, FU Tianqi. Real-Time Traffic Classification Method Based on High-dimensional Feature#br# Dimensionality Reduction and Clustering[J]. Computer and Modernization, 2025, 0(01): 80-85.

参考文献

［1］ ZHAO J J， JING X Y， YAN Z， et al. Network traffic classification for data fusion: A survey［J］. Information Fusion， 2021，72:22-47.
［2］ GRIMAUDO L， MELLIA M， BARALIS E. Hierarchical learning for fine grained internet traffic classification［C］// Proceedings of the 2012 8th International Wireless Communications and Mobile Computing Conference. IEEE， 2012:463-468.
［3］ DONG S， JAIN R. RETRACTED: Flow online identification method for the encrypted Skype［J］. Journal of Network and Computer Applications， 2019，132（C）:75-85.
［4］ DIVAKARAN D M， SU L， LIAU Y S， et al. SLIC: Self-learning intelligent classifier for network traffic［J］. Computer Networks， 2015，91:283-297.
［5］ BUJLOW T， CARELA-ESPAÑOL V， BARLET-ROS P. Independent comparison of popular DPI tools for traffic classification［J］. Computer Networks， 2015，75:75-89.
［6］ ALZOMAN R M， ALENAZI M J F. A comparative study of traffic classification techniques for smart city networks［J］. Sensors， 2021，21（46）. DOI: 10.3390/s21144677.
［7］ TAUNK K， DE S， VERMA S， et al， A brief review of nearest neighbor algorithm for learning and classification［C］// 2019 International Conference on Intelligent Computing and Control Systems （ICCS）. IEEE， 2019:1255-1260.
［8］ WANG W， ZHU M， WANG J L， et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks［C］// The 2017 15th IEEE International Conference on Intelligence and Security Informatics. IEEE， 2017:43-48.
［9］ JANG Y， KIM N， LEE B D. Traffic classification using distributions of latent space in software-defined networks: An experimental evaluation［J］. Engineering Applications of Artificial Intelligence， 2023，119. DOI: 10.1016/j.engappai.2022.105736.
［10］ D’ANGELO G， PALMIERI F. Network traffic classification using deep convolutional recurrent autoencoder neural networks for spatial-temporal features extraction［J］. Journal of Network and Computer Applications， 2021，173. DOI: 10.1016/j.jnca.2020.102890.
［11］ REZAEI S， LIU X. Multitask learning for network traffic classification［C］// 2020 29th International Conference on Computer Communications and Networks. IEEE， 2020:1-9.
［12］王一丰，郭渊博，陈庆礼，等. 基于对比学习的细粒度未知恶意流量分类方法［J］，通信学报， 2022，43（10）:12-25.
［13］ SCHUTZE H， HULL D A. PEDERSEN J O. A comparison of classifiers and document representations for the routing problem［C］// Proceedings of the 18th Annual International ACM SIGIR Conference on Research and Development in Information Retrieva. ACM， 1995:229-237.
［14］ PEARSON K. On line and planes of closest fit to systems of points in space［J］. The London， Edinburgh， and Dublin Philosophical Magazine and Journal of Science， 1901，2（11）:559-572.
［15］ FISHER R. The use of multiple measurements in taxonomic problems［J］. Annals of Eugenics， 1936，7（2）:179-188.
［16］ MAATEN L V D， HINTON G. Visualizing data using t-SNE［J］. Journal of Machine Learning Research， 2008，9（86）: 2579-2605.
［17］ MCINNES L， HEALY J， SAUL N. UMAP: Uniform manifold approximation and projection［J］. Journal of Open Source Software， 2018，3（29）. DOI: 10.21105/joss.00861.
［18］ PETRINI L. Breaking the curse of dimensionality in deep neural networks by learning invariant representations［J］. arXiv preprint arXiv:2310.16154， 2023.
［19］ JIA W K， SUN M， LIAN J， et al. Feature dimensionality reduction: A review［J］. Complex & Intelligent Systems， 2022，8:2663-2693.
［20］ JACOBSON V. Congestion avoidance and control［C］// Symposium Proceedings on Communications Architectures and Protocols. ACM， 1998，18（4）:314-329.
［21］ PACHECO F， EXPOSITO E， GINESTE M， et al. Towards the deployment of machine learning solutions in network traffic classification: A systematic survey［J］， IEEE Communications Surveys & Tutorials， 2019，21（2）:1988-2014.
［22］ BENGIO Y， COURVILLE A， VINCENT P. Representation learning: A review and new perspectives［J］. IEEE Transactions on Pattern Analysis and Machine Intelligence， 2013，35（8）:1798-1828.
［23］ ALAMI A E， BAHAJ M， KHOURDIFI Y. Supply of a key value database Redis in-memory by data from a relational database［C］// 2018 19th IEEE Mediterranean Electrotechnical Conference. IEEE， 2018:46-51.
［24］ ZHOU H Y， WANG Y， LEI X C， et al. A method of improved CNN traffic classification［C］// 2017 13th International Conference on Computational Intelligence and Security. IEEE， 2017:177-181.
［25］ ARLIA D， COPPOLA M. Experiments in parallel clustering with DBSCAN［C］// Proceedings of the 7th International Euro-Par Conference Manchester on Parallel Processing. Springer， 2001:326-331.
［26］王伟. 基于深度学习的网络流量分类及异常检测方法研究［D］. 安徽:中国科学技术大学， 2018.
［27］傅天奇. UPC-APPlev2023网络流量数据集［EB/OL］. （2023-11-21）［2023-11-21］. https://github.com/xwz0011
/UPCAPPlev2023.git.
［28］ LIU Y C， LI M， XIONG H， et al. Understanding of internal clustering validation measures［C］// 2010 IEEE International Conference on Data Mining. IEEE， 2010:911-916.

[1]	王梦溪, 李峻. 老年人跌倒检测技术研究综述[J]. 计算机与现代化, 2024, 0(08): 30-36.
[2]	黄文栋, 王怡凡. 基于模态类别的多模态信息处理与融合综述[J]. 计算机与现代化, 2024, 0(07): 47-62.
[3]	张可1, 艾中良2, 刘忠麟3, 顾平莉1, 刘学林4. 基于多元组匹配损失的司法论辩理解方法[J]. 计算机与现代化, 2024, 0(06): 115-120.
[4]	林威. 基于自监督学习和数据回放的新闻推荐模型增量学习方法[J]. 计算机与现代化, 2023, 0(12): 1-6.
[5]	王梦, 张鸿鑫, 刘庆华, 张东. 基于改进YOLOv5的幽门螺杆菌免疫印迹图像识别[J]. 计算机与现代化, 2022, 0(09): 78-84.
[6]	陈觉之;张贵荣;周宇欢. 基于CCA和PCA的说话人特征降维研究  [J]. 计算机与现代化, 2013, 1(6): 16-19.