学术讲座【Robust Network Traffic Classification】

23.07.2014  17:34

时间:2014年07月27日(星期日) 下午15:30

地点:仓山校区 成功楼601

主讲:Deakin University, Australia    Professor Yang Xiang

主办:数学与计算机科学学院、福建省网络安全与密码技术重点实验室

专家简介:项阳,博士、教授、博士生导师、IEEE高级会员。澳大利亚迪肯大学信息技术学院副院长,网络安全与计算实验室主任。主要从事网络和系统安全、分布式系统安全等领域的研究,他领导团队开发的主动防御系统在解决大规模分布式网络攻击领域处于国际领先地位。近年来,作为项目负责人主持了6项澳大利亚政府ARC项目的研发。项阳博士已经在国际重要的期刊和会议发表高水平论文150余篇,其主要成果发表在《IEEE Transactions on Computers》、《IEEE Transactions on Parallel and Distributed Systems》、《IEEE Transactions on Information Security and Forensics》、《IEEE Journal on Selected Areas in Communications》等顶级期刊上,其中一篇文章获得ChinaCom2010最佳论文,两篇文章分别在2013年7月和2009年4月被《IEEE Transactions on Parallel and Distributed Systems》选为当月的特色文章。出版了《Software Similarity and Classification 》(Springer) 和 《Dynamic and Advanced Data Mining for Progressing Technological Development 》(IGI-Global)两部学术著作。他领导团队开发的软件相似性检测系统已经被目前主流Linux系统Fedora和Debian所使用。他曾应邀参加十多个知名国际会议的主题报告,如The 10th Information Security Practice and Experience Conference (ISPEC 2014),The 12th IEEE International Conference on Computer and Information Technology (IEEE CIT 2012),The 10th IEEE International Conference on Dependable, Autonomic and Secure Computing (IEEE DASC 2012)等。

报告摘要:As a fundamental tool for network management and security, traffic classification has attracted more and more attention in recent years. A big challenge to the robustness of classification performance comes from zero-day applications which were previously unknown in a traffic classification system. In this paper, we propose a new scheme of Robust statistical Traffic Classification (RTC) by combining supervised and unsupervised machine learning techniques to meet this challenge. The proposed RTC scheme has the capability of identifying the traffic of zero-day applications as well as accurately discriminating pre-defined application classes. In addition, we provide a new semi-supervised mechanism to achieve fine-grained zero-day traffic classification through labelling very few traffic flows. The empirical study on big real-world traffic data confirms the effectiveness of the proposed scheme. When zero-day applications are present, the classification performance of the new scheme is significantly better than four state-of-the-art methods: random forest, correlation-based classification, semi-supervised clustering, and one-class SVM.