具有规模适应性的互联网流量识别方法研究
|
摘要
互联网流量识别是互联网流量测量领域的研究热点问题之一。以P2P流量为主要对象的流量识别、管理已经成为学术界、网络工程界、国家有关部门普遍关心的问题。高效、准确地识别互联网流量对于分析网络发展趋势、提供服务质量保证、动态访问控制、网络合法管理、异常行为检测等都有很重要的现实意义。
传统的以知名端口和应用层载荷特征码为基础的流量识别方法难以应对端口伪装、端口随机选择和应用层数据加密等反监测技术趋势。基于应用行为和流特征的方法已经受到研究人员关注,但识别准确率、实时处理能力、自动学习能力和新应用发现能力等都是需要面对的挑战。
具有规模适应性的互联网流量识别方法的研究目标是面向不同网络规模、不同宏观程度以及不同识别粒度的分析需求,研究在不同层次和不同范围内对互联网传输的内容进行区分,对互联网应用行为进行分析的有效方法和组织方式。并从智能学习特性、在线实时处理能力、混合分类实施方式以及不同范围内的分布式处理方法等方面提出了新的目标。
论文基于此研究面向单点、有限网络规模和互联网范围的流量识别和行为分析方法。针对上述关键性问题展开研究,主要贡献和创新包括以下几点:
(1)提出基于数据引力和细分识别空间理论的半监督学习(DGFDRS-SSL)模型,在此基础上研究基于流统计特征的机器学习流量识别方法。
把样本空间的数据点视为质量点,定义数据点之间的欧式距离为样本距离,借用万有引力定律提出数据空间中的数据引力(DG)理论,基于数据引力实施样本聚类。提出细分识别空间(FDRS)理论,对分类识别空间进行不同维度和细度的划分,采用染色的方法对划分后的识别空间进行区分,形成一个具有细分特征的识别空间。数据样本聚类后把聚类结果映射到细分识别空间,在染色原则指导下根据有“标记”样本对识别空间染色得到半监督学习分类训练模型。把模型用于面向单点的流统计特征流量识别,克服了传统有导师学习方法需要大量有分类“标记”样本缺点,具有较高的性能和新应用发现的能力。
(2)定义了互联网应用群体模型,提出面向有限网络规模的互联网应用群体发现和流量识别方法。
分析互联网应用的特性,定义互联网中不同应用行为的主机连接特征图。结合社会群体概念和有限网络范围内的行为主机之间聚集、共享和连接特征,研究基于行为特征图的动态互联网应用群体生成和发现方法。从不同层次和位置收集具有不同方向属性的节点行为信息用于分析有限规模的网络行为。借助宏观的群体特征发现实施微观粒度的流量识别、端口伪装和跨协议传输行为发现。适于有限规模内具有分布式和协同特征的应用行为分析,不受易变易伪装特征的影响。
(3)提出了面向互联网规模的自组织流量识别联盟模型。
结合DHT(分布式哈希表)的优点,研究利用虚拟存储和相同前缀Hash技术实现索引资源本地存储的方法,设计改进的Chord覆盖网络路由算法,并基于此设计无中心的自组织互联网流量识别和行为分析联盟模型。具有本地流量识别和行为分析功能的节点在遵守联盟协议的条件下可以加入联盟,并在联盟成员之间协助流量识别和行为分析,共享流量特征、数据样本和识别经验。克服了传统方法只能在有限组织机构之间通过固定设备和协议的协助,可扩展性差和开放性不足等缺点。
(4)提出并设计了一种获取有分类“标记”的真实网络流量数据样本的方法,结合网络处理器实现了流量样本采集平台。
设计客户端,利用静态过滤监测机制,采用Hook方式监视本地应用程序的网络调用。根据发起网络流量的应用程序或进程识别应用,并把对应程序分类信息标签嵌入相应数据包的TOS标志位,实现互联网流量的真实分类“标记”,同时具有流量分类验证功能。在网关出口利用网络处理器的快速硬件匹配能力检测数据包TOS标志位,采集带分类“标记”的流量样本,预处理后发布使用,实用有效。
(5)提出了一种基于机器学习的在线流量识别方法,并结合网络处理器实现1000Mbps有限线速处理目标。
研究互联网流量的时序相关性特征,获取行为节点之间的前序流量信息后进行分类识别,随后利用得到的前序流的识别结果指导后续流识别和分类,并随时根据获取流特征的变化进行调整和修正。发挥IXP-2400网络处理器的高速并行处理特性和软计算理论的智能特性,实现基于网络处理器和服务器相结合的软、硬件混合的流量识别平台,具备1000Mbps的有限线速处理能力。使基于机器学习的流量识别方法具有一定的在线实时识别能力。
Internet traffic identification is one of the hot research topics in Internet traffic measurement area. The P2P (Peer-to-Peer) traffic dominated Internet traffic identification and management have became general focused problems in the academia, network engineering area and various important departments of the nation. Classifying Internet traffic with high efficiency and accuracy is important for analyzing the network development, providing quality of service, dynamic access controlling, legally management and abnormal detection in reality.
Popular port and application payload signature based Internet traffic identification methods cannot cope with the port disguised, port randomly configured and application data encrypted anti-monitoring technology trends. Flow and activity based dynamic characters methods are becoming hot research methods recently, but the identification accuracy rate, the ability of real-time identification, self-learning and new application discovering are all still research challenges.
Facing the challenge of identifying Internet traffic in different networks, with different macroscopic level and granularity, the target of this thesis is to research and develop effective methods and organizing ways for Internet transmitted content identification and analyzing behavior from different levels or locations. The new framework with intelligent feature, online real-time processing ability, mixed classification and distributed processing methods in different scale are developed at the same time.
Single point, finite scale and Internet scale faced Internet traffic identification and behavior analyzing methods were researched in this thesis. Focusing on the proposed key problems the main contributions and innovations of this thesis are as follows:
(1) A novel Data Gravitation and Further Division Recognition Space (DGFDRS-SSL) theory based on Semi-supervised learning model was proposed. Based on this model, Internet traffic identification method was investigated on statistical feature of flow information.
In this model, the data points in sample space are seen as mass points and the Euclidean distance between two different points is defined as sample distance. Borrowing the law of gravity, Data Gravitation (DG) theory in data sample space is defined. The data gravitation theory was implemented on sample clustering. At the same time, a novel Further Division Recognition Space (FDRS) theory was proposed. In this theory, the class recognition space was divided in different dimensionality and fineness. The divided spaces were colored with different color to distinguish each other. Then a recognition space which with further division feature was created. After clustering, the clustered result can be mapped to the divided recognition space, and then the novel Semi-supervised learning model can be obtained after coloring the recognition space by the class signed mapping result according to the color rule. The novel model was applied to flow information statistical feature based Internet traffic identification at single point. It can overcome the defects that need much class signed train samples in traditional supervised machine learning method. It also showed high performance and good ability in new application detection.
(2) The Internet application community model was defined in this thesis. And then finite network scale based Internet application detection and Internet traffic identification methods were proposed.
Based on application feature, hosts connection graphs of different applications behaviors were defined. United with the conception of social community and the assembling, sharing, connecting feature among hosts in finite network scale, a behavior feature graph based Internet application community generation and detection method was investigated. Hosts behavior information on different direction were collected from different level and location, and then were applied to finite scale behavior analyzing. The macroscopic community feature was applied to help Internet traffic identification, port disguise and bestraddle protocols transmitting behavior detection in microcosmic level. This model is suitable for behavior analyzing of application with distributed and cooperation feature in finite scale.
(3) An Internet scale based self organization Internet traffic identification union model was proposed.
Due to the excellent characters of DHT(Distributed Hash Table), virtual storage and Hash in same prefix technology were investigated to store the DHT index resource native place. The Chord overlay route algorithm is improved to design a DHT based self organization Internet traffic identification and behavior analyzing federation model without management center. The node with Internet traffic identification and behavior analyzing function can join the union stand by the designed agreement. It can cooperate with other member on Internet traffic classification and behavior analyzing. It also can share traffic feature, data samples and identification experience among union members. It overcome the defect that traditional methods can only support fix equipments and fix protocol when cooperation between appointed research organizations, which with poor expansibility and openness for further development.
(4) An innovative method with the ability of collecting the class signed truly traffic samples was proposed and designed. United it with the Network Processor platform an Internet traffic samples collection system was designed.
A client with static filterable and monitor mechanism was designed and applied to monitor the local network program running status by Hook. The application can be identified by the Internet traffic generator of network program or system process. The related class tag was embedded in the TOS bits of generated packet to sign the class of Internet traffic. At the same time, it with the ability of traffic class verifying. The TOS bits signed packets can be captured by the Network Processor locate at the network gateway which with high performance of hardware matching ability. The collected samples can be published for using after pretreatment. It is utility and effective investigation.
(5)A novel online machine learning based Internet traffic identification method was proposed. Uniting with a Network Processor, it was designed with the ability of 1000Mbps finite line speed processing ability.
The time serial relativity feature of Internet traffic was investigated. The pre-order Internet traffic information was collected to identify traffic between two hosts and then the identified result can be applied as the guidance of identifying and analyzing the surf-order Internet traffic. The guidance will be adjusted and corrected when the features of collected samples changed. Due to the high speed parallel process ability of Network Processor IXP-2400 and the intelligent feature of soft computing theory, a Network Processor and server based hardware and software mixed Internet traffic identification platform was designed with finite 1000Mbps line speed process ability. This research makes the machine learning based Internet traffic identification method with the ability of online real-time identification in some degree.
传统的以知名端口和应用层载荷特征码为基础的流量识别方法难以应对端口伪装、端口随机选择和应用层数据加密等反监测技术趋势。基于应用行为和流特征的方法已经受到研究人员关注,但识别准确率、实时处理能力、自动学习能力和新应用发现能力等都是需要面对的挑战。
具有规模适应性的互联网流量识别方法的研究目标是面向不同网络规模、不同宏观程度以及不同识别粒度的分析需求,研究在不同层次和不同范围内对互联网传输的内容进行区分,对互联网应用行为进行分析的有效方法和组织方式。并从智能学习特性、在线实时处理能力、混合分类实施方式以及不同范围内的分布式处理方法等方面提出了新的目标。
论文基于此研究面向单点、有限网络规模和互联网范围的流量识别和行为分析方法。针对上述关键性问题展开研究,主要贡献和创新包括以下几点:
(1)提出基于数据引力和细分识别空间理论的半监督学习(DGFDRS-SSL)模型,在此基础上研究基于流统计特征的机器学习流量识别方法。
把样本空间的数据点视为质量点,定义数据点之间的欧式距离为样本距离,借用万有引力定律提出数据空间中的数据引力(DG)理论,基于数据引力实施样本聚类。提出细分识别空间(FDRS)理论,对分类识别空间进行不同维度和细度的划分,采用染色的方法对划分后的识别空间进行区分,形成一个具有细分特征的识别空间。数据样本聚类后把聚类结果映射到细分识别空间,在染色原则指导下根据有“标记”样本对识别空间染色得到半监督学习分类训练模型。把模型用于面向单点的流统计特征流量识别,克服了传统有导师学习方法需要大量有分类“标记”样本缺点,具有较高的性能和新应用发现的能力。
(2)定义了互联网应用群体模型,提出面向有限网络规模的互联网应用群体发现和流量识别方法。
分析互联网应用的特性,定义互联网中不同应用行为的主机连接特征图。结合社会群体概念和有限网络范围内的行为主机之间聚集、共享和连接特征,研究基于行为特征图的动态互联网应用群体生成和发现方法。从不同层次和位置收集具有不同方向属性的节点行为信息用于分析有限规模的网络行为。借助宏观的群体特征发现实施微观粒度的流量识别、端口伪装和跨协议传输行为发现。适于有限规模内具有分布式和协同特征的应用行为分析,不受易变易伪装特征的影响。
(3)提出了面向互联网规模的自组织流量识别联盟模型。
结合DHT(分布式哈希表)的优点,研究利用虚拟存储和相同前缀Hash技术实现索引资源本地存储的方法,设计改进的Chord覆盖网络路由算法,并基于此设计无中心的自组织互联网流量识别和行为分析联盟模型。具有本地流量识别和行为分析功能的节点在遵守联盟协议的条件下可以加入联盟,并在联盟成员之间协助流量识别和行为分析,共享流量特征、数据样本和识别经验。克服了传统方法只能在有限组织机构之间通过固定设备和协议的协助,可扩展性差和开放性不足等缺点。
(4)提出并设计了一种获取有分类“标记”的真实网络流量数据样本的方法,结合网络处理器实现了流量样本采集平台。
设计客户端,利用静态过滤监测机制,采用Hook方式监视本地应用程序的网络调用。根据发起网络流量的应用程序或进程识别应用,并把对应程序分类信息标签嵌入相应数据包的TOS标志位,实现互联网流量的真实分类“标记”,同时具有流量分类验证功能。在网关出口利用网络处理器的快速硬件匹配能力检测数据包TOS标志位,采集带分类“标记”的流量样本,预处理后发布使用,实用有效。
(5)提出了一种基于机器学习的在线流量识别方法,并结合网络处理器实现1000Mbps有限线速处理目标。
研究互联网流量的时序相关性特征,获取行为节点之间的前序流量信息后进行分类识别,随后利用得到的前序流的识别结果指导后续流识别和分类,并随时根据获取流特征的变化进行调整和修正。发挥IXP-2400网络处理器的高速并行处理特性和软计算理论的智能特性,实现基于网络处理器和服务器相结合的软、硬件混合的流量识别平台,具备1000Mbps的有限线速处理能力。使基于机器学习的流量识别方法具有一定的在线实时识别能力。
Internet traffic identification is one of the hot research topics in Internet traffic measurement area. The P2P (Peer-to-Peer) traffic dominated Internet traffic identification and management have became general focused problems in the academia, network engineering area and various important departments of the nation. Classifying Internet traffic with high efficiency and accuracy is important for analyzing the network development, providing quality of service, dynamic access controlling, legally management and abnormal detection in reality.
Popular port and application payload signature based Internet traffic identification methods cannot cope with the port disguised, port randomly configured and application data encrypted anti-monitoring technology trends. Flow and activity based dynamic characters methods are becoming hot research methods recently, but the identification accuracy rate, the ability of real-time identification, self-learning and new application discovering are all still research challenges.
Facing the challenge of identifying Internet traffic in different networks, with different macroscopic level and granularity, the target of this thesis is to research and develop effective methods and organizing ways for Internet transmitted content identification and analyzing behavior from different levels or locations. The new framework with intelligent feature, online real-time processing ability, mixed classification and distributed processing methods in different scale are developed at the same time.
Single point, finite scale and Internet scale faced Internet traffic identification and behavior analyzing methods were researched in this thesis. Focusing on the proposed key problems the main contributions and innovations of this thesis are as follows:
(1) A novel Data Gravitation and Further Division Recognition Space (DGFDRS-SSL) theory based on Semi-supervised learning model was proposed. Based on this model, Internet traffic identification method was investigated on statistical feature of flow information.
In this model, the data points in sample space are seen as mass points and the Euclidean distance between two different points is defined as sample distance. Borrowing the law of gravity, Data Gravitation (DG) theory in data sample space is defined. The data gravitation theory was implemented on sample clustering. At the same time, a novel Further Division Recognition Space (FDRS) theory was proposed. In this theory, the class recognition space was divided in different dimensionality and fineness. The divided spaces were colored with different color to distinguish each other. Then a recognition space which with further division feature was created. After clustering, the clustered result can be mapped to the divided recognition space, and then the novel Semi-supervised learning model can be obtained after coloring the recognition space by the class signed mapping result according to the color rule. The novel model was applied to flow information statistical feature based Internet traffic identification at single point. It can overcome the defects that need much class signed train samples in traditional supervised machine learning method. It also showed high performance and good ability in new application detection.
(2) The Internet application community model was defined in this thesis. And then finite network scale based Internet application detection and Internet traffic identification methods were proposed.
Based on application feature, hosts connection graphs of different applications behaviors were defined. United with the conception of social community and the assembling, sharing, connecting feature among hosts in finite network scale, a behavior feature graph based Internet application community generation and detection method was investigated. Hosts behavior information on different direction were collected from different level and location, and then were applied to finite scale behavior analyzing. The macroscopic community feature was applied to help Internet traffic identification, port disguise and bestraddle protocols transmitting behavior detection in microcosmic level. This model is suitable for behavior analyzing of application with distributed and cooperation feature in finite scale.
(3) An Internet scale based self organization Internet traffic identification union model was proposed.
Due to the excellent characters of DHT(Distributed Hash Table), virtual storage and Hash in same prefix technology were investigated to store the DHT index resource native place. The Chord overlay route algorithm is improved to design a DHT based self organization Internet traffic identification and behavior analyzing federation model without management center. The node with Internet traffic identification and behavior analyzing function can join the union stand by the designed agreement. It can cooperate with other member on Internet traffic classification and behavior analyzing. It also can share traffic feature, data samples and identification experience among union members. It overcome the defect that traditional methods can only support fix equipments and fix protocol when cooperation between appointed research organizations, which with poor expansibility and openness for further development.
(4) An innovative method with the ability of collecting the class signed truly traffic samples was proposed and designed. United it with the Network Processor platform an Internet traffic samples collection system was designed.
A client with static filterable and monitor mechanism was designed and applied to monitor the local network program running status by Hook. The application can be identified by the Internet traffic generator of network program or system process. The related class tag was embedded in the TOS bits of generated packet to sign the class of Internet traffic. At the same time, it with the ability of traffic class verifying. The TOS bits signed packets can be captured by the Network Processor locate at the network gateway which with high performance of hardware matching ability. The collected samples can be published for using after pretreatment. It is utility and effective investigation.
(5)A novel online machine learning based Internet traffic identification method was proposed. Uniting with a Network Processor, it was designed with the ability of 1000Mbps finite line speed processing ability.
The time serial relativity feature of Internet traffic was investigated. The pre-order Internet traffic information was collected to identify traffic between two hosts and then the identified result can be applied as the guidance of identifying and analyzing the surf-order Internet traffic. The guidance will be adjusted and corrected when the features of collected samples changed. Due to the high speed parallel process ability of Network Processor IXP-2400 and the intelligent feature of soft computing theory, a Network Processor and server based hardware and software mixed Internet traffic identification platform was designed with finite 1000Mbps line speed process ability. This research makes the machine learning based Internet traffic identification method with the ability of online real-time identification in some degree.
引文
[1].Karagiannis T,Broido A,Brownlee N,claffy kc,Faloutsos M.File-sharing in the Internet:A characterization of P2P traffic in the backbone.Technical report,2004.http://www.cs.ucr.edu/~tkarag.
[21.Sen S,Wang J.Analyzing Peer-to-Peer Traffic across Large Networks.IEEE/ACM Transactions on Networking.2004,12(2):219-232.
[3].Azuri,C.ipoque Internet Study 2007:P2P File Sharing Still Dominates the Worldwide Internet.online at Dec.2007.Available from:http://www.ipoque.com/.
[4].H¨ammerle L.P2P Population Tracking and Traffic Characterization of Current P2P File-sharing Systems[Master Thesis].Zurich:EHT.2004.
[5].Karagiannis T.Novel Techniques and Models for Network Traffic Profiling:Characterizing the Unknown[Ph.D.Thesis].California:University of California,2006.
[6].Liang J,Kumar R,Xi Y,Ross KW.Pollution in file sharing systems.In:Proc.of the IEEE Infocom 2005.2005.
[71.Karagiannis T,Broido A,Brownlee N,Claffy KC,Faloutsos M.Is P2P dying or just hiding.In:Proc.of the IEEE Globecom 2004.2004.1532-1538.
[8].Karagiannis T,Broido A,Faloutsos M,Claffy KC.Transport layer identification of P2P traffic.In:Proc.of the 4th ACM SIGCOMM Conf.on Internet Measurement.2004.121-134.
[9].陈华.Maze:一个P2P文件共享系统的设计与实现[硕士论文].北京:北京大学,2004.
[10].Tuotu.online at Dec.2007.Available from http://www.tuotu.com/.
[11].Smith R.Shareaza Technology report,2006,online at Aug.2007.Available from:http://shareaza.sourceforge.net/.
[12].刘琼,徐.鹏,杨海涛,彭芸.Peer-to-Peer文件共享系统的测量研究.软件学报,2006,17(10):2131-2140.
[13].IANA.Internet Assigned Numbers Authority(IANA).online at Dec.2007.Available from:http://www.iana.org/assignments/port-numbers.
[14].Plissonneau L.Costeux JL.Brown P.Detailed analysis of eDonkey transfers on ADSL.In:Proc.of 2nd Conference on Next Generation Internet Design and Engineering(NGI'06),2006.
[15].Pouwelse JP,Garbacki P,Epema DHJ,Sips HJ.The Bittorrent P2P file-sharing system:Measurements and analysis.In:Castro M,van Renesse R,eds.Peer-to-Peer Systems Ⅳ,4th Int'l Workshop,IPTPS 2005.LNCS 3640,Ithaca:Springer-Vedag,2005.205-216.
[16].Sen S,Spatscheck O,Wang DM.Accurate,scalable in-network identification of P2P traffic using application signatures.In:Proc of the 13th Int'l WWW Conf.2004.
[17].McGregor A,Hall M,Lorier P,Brunskill J."Flow Clustering,i.P.Using Machine Learning Techniques.In:Proc of the Passive & Active Measurement Workshop.2004.
[18].Gong,Y,Identifying P2P users using traffic analysis.2006.online Feb.2006.Available from:http://www.securityfocns.com/infocus/1843.
[19].Horng MF,Chen CW,Chnang CS,Lin CY.Identification and analysis of P2P traffic-an example of bit torrent.In:Proc.of ICICIC'06.2006.266-269
[20].Zhou LJ,Li ZT,Liu B.P2P traffic identification by TCP flflow analysis.In:Proc.of Proceedings of International Workshop on Networking,Architecture,and Storages 2006.2006.
[21].Constantinou F,Mavrommatis P.Identifying known and unknown peer-to-peer traffic.In:Proc.of.IEEE International Symposium on Network Computing and Applications(NCA).2006,93-102.
[22].Suh K,Figueiredo DR,Kurose J,Towsley D.Characterizing and detecting skype-relayed traffic.In:Proc.of INFOCOM 2006.25th IEEE International Conference on Computer Communications.2006.1-12.
[23].Baset SA,Schulzrinne H.An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol.In:Proc.of IEEE Infocom'06.2006.software Available from http://www.skype.com.
[24].Zander S,Nguyen T,Armitage G.Automated traffic classification and application identification using machine learning.In:Proc.of the IEEE 30th Conf.on Local Computer Networks(LCN 2005).2005.250-257.
[25].Cohen AM,Bhuptiraju RT,Hersh W.Feature generation,feature selection,classifiers,and conceptual drift for biomedical document triage.In:Proc.of.TREC'04.2004.
[26].S.Zander,TN.,and G.Armitage.Self-Learning IP Traffic Classification Based on Statistical Flflow Characteristics.In:Proc.of the Sixth Passive and Active Measurement Workshop(PAM 2005).2005.
[27].Kumar A,Raghavan P,Rajagopalan S,Tomkins A.The web and social networks.IEEE Computer,2002,25(11):32-36.
[28].Jin,Emily M,Michelle G,Newman M.E.J.The structure of growing social networks.Physics Review,2001,64(4):46-132.
[29].Kleinberg J.The small-world phenomenon:An algorithm perspective.In Proc.of 32nd ACM Symposium on Theory of Computing(STOC2000).2000.163-170.
[30].Kleinberg JM.Navigation in a small world.Nature,2000,406(6798):845.
[31].Tan G,Poletto M,Guttag J,Kaashoek F.Role Classiffication of Hosts within Enterprise Networks Based on Connection Patterns.In Prec.of 2003 USENIX Annual Technical Conference.2003.
[32].Aiello W,Kalmanek C,McDaniel P,Sen S,Spatscheck O,Van der Merwe J.Analysis of Communities of Interest in Data Networks.In Proc.of PAM Workshop'05.2005.
[33].Haffner P,Sen S,SpatscheckO.ACAS:Automated Construction of Application Signatures.In:Proc.of ACM SIGCOMM'05 MineNet Workshop.2005.
[34].Ma J,Levchenko K,Krebich C,Savage S,Voelker G.Unexpected Means of Protocol Inference.In:Proc.of IMC'06.2006.
[35].Moore AW,Papagiannaki D.Toward the Accurate Identiffication of Network Applications.In:Proc.of PAM'05.2005.
[36].Saroiu S,Gummadi PK,Gribble SD.A measurement study of peer-to-peer file sharing systems.In:Proc.of the Multimedia Computing and Networking 2002(MMCN 2002).2002.156-170.
[37].Wang R,Liu.Y.,YANG YX.Solving the app-level classification problem of P2P traffic via optimized support vector machines.In:Proc.of ISDA'06.2006.
[38].Madhukar A.Williamson C.A longitudinal study of P2P traffic classification.In:Proc.of 14th IEEE International Symposium on Modeling,Analysis,and Simulation of Computer and Telecommunication Systems(MASCOTS'06).2006.179-188
[39].Ohzahata S,Hagiwara Y,Terada M,KawashimaK.A traffic identification method and evaluations for a pure P2P application.In:Proc.of PAM'05.2005.
[40].KANG H J,Kim.MS,HONG JW.Streaming media and multimedia conferencing traffic analysis using payload examination.ETRI Journal,2004,26((3):203-217.
[41].Dewes C,Wichmann Arne,Feldmann A.An analysis of internet chat systems.In:Proc.of IMC'03.2003.
[42].Microsoft common application signatures,online at Aug.2007.Available from http://www.microsoft.com.
[43].Cisco Systems.Managing Peer-To-Peer Traffic with Cisco Service Control Technology.White Paper.online at May.2006.Available from:http://www.cisco.com/en/US/products/ps6150/products_white_paper0900aecd8023500d.shtml
[44].Cisco's PDML.online at Dec.2007.Available from http://www.cisco.com.
[45].Allot,Allot Communications Ltd.online at Dec.2007.Available from.2007.
[46].Verso Technologies,online at Dec.2007.Available from ttp://www.verso.com/.2007.
[47].Karagiannis T,Papagiannaki K,Faloutsos M.BLINC:Multilevel traffic classification in the dark.In:Proc.of the 2005 Conf.on Applications,Technologies,Architectures,and Protocols for Computer Communications.2005.229-240.
[48].Constantinou F,Mavrommatis P.Identifying know and unknown peer-to-peer traffic,in In:Proc.of Fifth IEEE International Symposium on Network Computing and Applications 2006.2006.
[49].Roughan M,Sen S,Spatscheck O.,et al.Class-of-Service Mapping for QoS:A Statistical Signature-based Approach to IP Traffic Classification.In:Proc.of ACM SIGCOMM IMC'04.2004.135-148.
[50].Liu H,Feng WF,Huang YF,Li X.A Peer-To-Peer Traffic Identification Method Using Machine Learning.In:Proc.of.Networking,Architecture,and Storage(NAS'07).2007.
[51].Duda RO,Hart PE,Stork DG,著;李宏东,译.模式分类.北京:机械工业出版社,2003.0-203.
[52].Moore AW,Zuev D.Internet Traffic Classification Using Bayesian Analysis Techniques.In:Proc.of ACM SIGMETRICS'05.2005.
[53].McGregor A,Hall M,Lorier P,Brunskill J.Flow Clustering Using Machine Learning Techniques.In:Prec.of PAM'04.2004.
[54].Dempster AP,Laird NM,Rubin DB,Maximum likelihood from incomeplete data via the EM algorithm.Journal of the Royal Statistical Society,1977,39(1):1-38.
[55].Cheeseman P,Stutz J.Bayesian Classification(AutoClass):Theory and Results.,In:Proc.of Advances in Knflowledge Discovery and Data Mining.1996.
[56].Erman J,Arlitt M,Mahanti A.Traffic Classification using Clustering Algorithms.In:Proc.of SIGCOMM'06.2006.
[57].Banerjee A.An Objective Evaluation of Criterion for Clustering.In:Prec.of KDD'04.2004.
[58].Erman J,Mahanti A,Arlitt M,Cohen I,Williamson C.Offliue/Realtime Traffic Classification Using Semi-Supervised Learning.In:Proc.of SIGMETRICS'07.2007.369-370.
[59].Olivier C,Bernhard S,Alexander Z.Semi-Supervised Learning.Cambridge:MIT Press,2006.
[60].Belkin M,Niyogi P.,Sindhwani V,Yonezawa A.Manifold Regularization:a Geometric Framework for Learning from Labeled and Unlabeled Examples.Journal of Machine Learning Research,2006,7:2399-2434.
[61].Basu S,Bilenko M,Moouey RJ.A probabilistic framework for semi-supervised clustering.In:Won K,Ron K,Johannes G,William D,eds.Proc.of the 10th ACM SIGKDD Int'l Conf.on Knowledge Discovery and Data Mining(KDD 2004).Seattle:ACM Press,2004.59-68.
[62].Riloff E,Wiebe J,Wilson T.Learning subjective nouns using extraction pattern bootstrapping.In:Proc.of Seventh Conference on Natural Language Learning(CoNLL-03).2003.25-32.
[63].郑海清,林琛,牛军钰.一种基于紧密度的半监督文本分类方法.中文信息学报,2007,21(3):54-150.
[64].Shi Y,Zhang A.A Shrinking-Based Dimension Reduction Approach for Multi-Dimensional Data Analysis.In:Proc.of 16th International Conference on Scientific and Statistical Database Management.2004.
[65].Indulska M,Orlowska M E Gravity Based Spatial Clustering.In:Proc.of ACM Symposium on GIS'02.2002.125-130.
[66].Peng LZ,Chen.YH.,Yang B,Chen ZX.A Novel Classification Method Based on Data Gravitation.In:Proc.of International Conference on Neural Networks and Brain (ICNN&B)'05.2005.
[67].陈贞翔,葛连升,王海洋,黄先芝,林金矫.普适环境中基于信任的服务评价和选择.软件学报,2006,17(Suppl):200-210.
[68].MacQueen J B.Some Methods for classification and Analysis of Multivariate Observations.In:Proc.of 5-th Berkeley Symposium on Mathematical Statistics and Probability.Berkeley,University of California Press.1967.281-297.
[69].Sander J,Ester M,Kricgcl PH,Xu X.Density-Based Clustering in Spatial Databascs:the algorithm GDBSCAN and its applications Data Mining and Knowledge Discovery,1998,2(2):169-194.
[70].Ghahramani Z,Jordan MI.Supervised learning from incomplete data via an EM approach.In:Jack DC,Gerald T,Joshua A,eds.Proc.of the Advances in Neural Information Processing Systems Vol.6 for the 7th NIPS Conf.Denver:Morgan Kaufmann Publishers,1994.120-127.
[71].Chen ZX,Wang.HY.,Abraham A,Yang B,Chen YH,Wang L.,A Novel Algorithm of Neural Network Classification Using Further Division of Recognition Space.Journal of Innovative Computing,Information and Control.2008,4(10)(In press)
[72].Wang L,Yang B,Chen ZX,Chen YH.Network Traffic Classification using Further Division of Partition Space.DCDIS Series B.2007,14(S2):63-68.
[73].Auld T,Moore AW,Gull SF.Bayesian Neural Networks for Internet Traffic Classification.IEEE Transactions on Neural Networks,2007,18(1):223-239.
[74].Langley P,Sage S.Selection of relevant features and examples in machine learning.Artificial Intelligence,1997,97(1-2):245-271.
[75].Liu,M.D.a.H.,Feature selection for classification.Intelligent Data Analysis.1997,1(3):131-156.
[76].Chebrolu S,Abraham A,Thomas JP.Feature deduction and ensemble design of intrusion detection systems.Computer & Security,2004,24(4):295-307.
[77].Chen YH,Yang B,Yang J,Abraham A.Feature Selection and Classification using Flexible Neural Tree.In:Proc.of.PAKDD'05.2005.
[78].Agrawal R,Gehrke JE,Gunopulos D,Raghavan P.Automatic Subspace Clustering of High dimensional Data for Data Mining Applications.In:Proc.of.ACM SIGMOD'98.1998.
[79].Kleinberg JM,Authoritative Sources in a Hyperlinked Environment.Journal of the ACM,1999,46(5):604-632.
[80].Azar Y,Fiat A,Karlin AR,McSherry F,Saia J.Spectral Analysis of Data,.In:Proc.of.ACM Symposium on Theory of Computing(STOC'01).2001.
[81].Guo L,Jiang S,Xiao L,Zhang XD.Exploiting content localities for efficient search in P2P systems.In:Proc.of.the 18th International Symposium on Distributed Computing (DISC).2004.
[82].Markatos EP.Tracing A Large-Scale Peer-to-Peer System:An Hour in the Life of Gnutella.In:Proc.of.Second IEEE/ACM Int'l Symp.Cluster Computing and the Grid.2002.
[83].Sripanidkulchai K,Maggs B,Zhang H.Efficient Content Location Using Interest-Based Locality in Peer-to-Peer Systems.In:Proc.of.INFCOM'03.2003.
[84].Takada K,Watanabe H.System optimization of contents delivery network with information-zooming function.In:Proc.of.The 2004 IEEE Asia-Pacific Conference.2004.477-480.
[85].Ratnasamy S,Handley M,Karp R,Shenker S.Topologically-aware overlay construction and server selection.In:Proc.of.INFOCOM'02.2002.
[86].Chawathe Y.Scattercast:An Adaptable Broadcast Distribution Framework.Multimedia Systems,2003,9(1)104-118.
[87].Wang WJ,Helder DA,Jamin S.Zhang L.Overlay Optimizations for End-host Multicast.In:Proc.of.Fourth International Workshop on Networked Group Communication(NGC).2002.
[88].Ripeanu M,Foster I,Iamnitchi A.Mapping the gnutella network:properties of large-scale peer-to-peer systems and implications for system design.IEEE Internet Computing Journal,2002,6(1):50-57.
[89].Liu YH,Xiao L,Esfahanian A-H,Ni LM.Approaching Optimal Peer-to-Peer Overlays.In:Proc.of.13th Annual Meeting of the IEEE International Symposium on Modeling,Analysis,and Simulation of Computer and Telecommunication Systems(IEEE MASCOTS 2005).2005.
[90].Garetto M,Figneiredo DR,Gaeta R,Sereno M.A modeling framework to understand the tussle between ISPs and peer-to-peer file-sharing users.Performance Evaluaton,2007,33(2):3-5.
[91].Rosen E,Viswanathan A,Callon R.RFC3031:Multiprotocel Label Switching Architecture.online at Aug.2007.Available from:http://www.ietf.org/rfc/rfc3031.txt.
[92].Lazarevic A,Obradovic Z.The distributed boosting algorithm.In:Proc.of.KDD'01.2001.
[93].Montresor A,Jelasity M Babaoglu O.Gossip-based aggregation in large dynamic networks.ACM Transactions on Computer Systems,2005,23(3):219-252.
[94].Demrekler M,Altincay H.Plurality voting-based multiple classifier systems:statistically independent with respect to dependent classifier sets.Pattern Recognition Letters,2002,35(11):2365-2379.
[95].Todorovski L,Dzeroski S.Combining classifiers with meta decision trees.Machine Learning,2003,50(3):223-249.
[96].Bawa M,Gionis A,Garcia-Molina H,Motwani R.The price of validity in dynamic networks.In:Weikum G,Konig AC,DeBloch S,eds.Proc.of the ACM SIGMOD Int'l Conf.on the Management of Data.Paris:ACM,2004.515-526.
[97].Merz C J,Using correspondence analysis to combine classifiers.Machine Learning,1999,36(1-2):33-58.
[98].Chawla NV,Hall LO,Bowyer KW,Kegelmeyer WP,Learning ensembles from bites:A scalable and accurate approach.Journal of Machine Learning Research,2004,5(Apr):421-451.
[99].Masseglia F,Poncelet P,Teisseire M.Peer-to-Peer Usage Analysis:a Distributed Mining Approach.20th International Conference on Advanced Information Networking and Applications(AINA'06).2006.993-998.
[100].Wolff R,Schuster A,Association rule mining in peer-to-peer systems.IEEE Transactions on Systemsn,Man and Cybernetics-Part B,2004,34(6):2426-2438.
[101].Chan PK,Stolfo SJ.A comparative evaluation of voting and meta-learning on partitioned data.In:Proc.of.ICML'95.1995.90-98.
[102].Lin X,Yacoub S,Burns J,imske S,Performance analysis of pattern classifier combination by plurality voting.Pattern Recognition Letters,2003,24(12):1959-1969.
[103].Dzeroski S,Zenko B.Is combining classifiers with stacking better than selecting the best one?.Machine Learning,2004,54(3):255-273.
[104].Siersdorfer S,Sizov S.Automatic document organization in a p2p environment.In:Proc.of.ECIR.2006.265-276.
[105].Abraham A,ThomasJ.Distributed Intrusion Detection Systems:A Computational Intelligence Approach.Applications of Information Systems to Homeland Security and Defense.Abbass HA,and Essam D.(Eds.),Idea Group Inc.Publishers,USA,Chapter 5,pp.105-135,2005.
[106].Grance T,Teal DM,Mansur D.DIDS(Distributed Intrusion Detection System)—motivation architecture and an early prototype.In:Proc.of 14th national computer security conference.1999.
[107].Mouinji A,Le Charlier B,Zampunieris D,Habra N.Distributed audit trail analysis.In:Proc.of.symposium on network and distributed system security(.ISOC 95).1995.
[108].Porras P,Neumann P.EMERALD:event monitoring enabling response to anomalous live disturbances.In:Proc.of.the 20th national information security conference.1997.
[109].Kemmerer RA.NSTAT:a model-based real-time network intrusion detection system.Technical Report:TRCS97-18.1998.
[110].Spafford EH,Zamboni D.Intrusion detection using autonomous agents.Comput Networks,2000,34(5):47-70.
[111].Staniford-Chen S,Crawford R,Dilger M,Frank J,etc.GriDS:a large scale intrusion detection system for large networks.In:Proc.of.19th national information security conference.1996.
[112].Staniford-Chen S,Tung B,Schnackenberg D.The Common Intrusion Detection Framework(CIDF).Information Survivability Workshop,Orlando FL,1998.
[113].Vigna G,Kemmerer RA.NetSTAT:a network-based intrusion detection system.Comput Security,1999,7(1):37-71.
[114].张然,许大炜,张兴军,钱德沛,张文杰.分布式互联网流量监测模型的研究与实现.西安交通大学学报,2002,36(8):814-817.
[115].Datta S,Bhaduri K,Giannella C,Wolff R,Kargupta H.Distributed data mining in peer-to-peer networks.IEEE Internet Computing special issue on Distributed Data Mining,2006,10(4):18-26.
[116].Abraham I,Malkhi D,Dobzinski O.Land:Stretch(1+epsilon)locality aware networks for dhts.In:Proc.of.ACM-SIAM Symposium on Discrete Algorithms(SODA'04).2004.
[117].Stoica I,Morris R,David R.Karger,M.Kaashock F,Balakrishman Hari.Chord:A scalable peer-to-peer lookup protocol for internet applications.In:Proc.of.ACM SIGCOMM'01.2001.
[118].Rowstron A,Druschel P.Pastry:Scalable,decentralized object location and routing for large-scale peer-to-peer systems.In:Proc.of.18th IFIP/ACM Int'l Conf on Distributed Systems Plafforms(Middleware).2001.
[119].Ratnasamy S,Francis P,Handley M.,Karp R.,Shenker S.A scalable content addressable network.In:Proc.of.ACM SIGCOMM'01.2001.
[120].Zhao BY,Huang L,Stribling J,Rhea SC,Joseph AD,Kubiatowicz JD.Tapestry:A resilient global-scale overlay for service deployment.IEEE Journal on Selected Areas in Communications.2004,22(1):41-53.
[121].Malkhi D,Naor M,Ratajczak D.Viceroy:a scalable and dynamic emulation of the butterfly.In:Proc.of.ACM PODC'02.2002.
[122].Peterson L,Bavier A,Fiuczynski ME,MuirSteve.Experiences Building PlanetLab.In:Proc.of.OSDI'04,2004.351-366.Platform Available from:http://www.planet-lab.org.
[123].CAID.Available from:http://www.caida.org/data/passive/
[124].AUCKLAND4.Available from:http://pma.nlanr.net/Traces/long/auck4.html.
[125].WITS.Available from:http://wand.cs.waikato.ac.nz/wits/.
[126].刘轶,崔华力,田敏,刘晓彬.分布式网络流量生成与测量系统.小型微型计算机系统,2005,26(11):1894-1897.
[127].Keutzer K,Newton AR,Rabaey JM,Sangiovanui-Vincentelli A.System Level Design:Orthogonalization of Concerns and Platform-Based Design.IEEE Transactions on Computer-Aided Design of Circuits and Systems,2000,19(12):1523-1543.
[128].Johnson EJ,Kunze AR.IXP2400/2800 Programming.Intel Press,2003.1-238.
[129].About Hooks.http://msdn2.microsoft.com/en-us/library/ms644959(VS.85).aspx.
[130].谭丹,鲜继清.基于NDIS hook的Windows防火墙驱动程序设计.重庆邮电大学学报(自然科学版),2005,17(5):621-1524.
[131].Pietrek M.Peering Inside the PE:A Tour of the Win32 Portable Executable File Format.1994.online at Apr.2007.Available from:http://msdn2.microsoft.com/en-us/library/ms809762.aspx
[132].Paxson V.Bro:A System for Detecting Network Intruders in Real-Time.Comput.Networks,1999,31(23-24):2435-2463.
[133].RadiSys Inc.RadiSys ENP-2611 Data sheet.2004.online at May.2006.Available from:http://www.radisys.com.
[134].B.Claise,Ed.Cisco Systems NetFlow Services Export Version.online at Aug.2007.Available from http://www.ieff.org/rfc/rfc3954.txt.
[135].George L,Blume M.Taming the IXP Network Processor.ACM SIGPLAN Notices archive.2003,38(5):26-37.
[21.Sen S,Wang J.Analyzing Peer-to-Peer Traffic across Large Networks.IEEE/ACM Transactions on Networking.2004,12(2):219-232.
[3].Azuri,C.ipoque Internet Study 2007:P2P File Sharing Still Dominates the Worldwide Internet.online at Dec.2007.Available from:http://www.ipoque.com/.
[4].H¨ammerle L.P2P Population Tracking and Traffic Characterization of Current P2P File-sharing Systems[Master Thesis].Zurich:EHT.2004.
[5].Karagiannis T.Novel Techniques and Models for Network Traffic Profiling:Characterizing the Unknown[Ph.D.Thesis].California:University of California,2006.
[6].Liang J,Kumar R,Xi Y,Ross KW.Pollution in file sharing systems.In:Proc.of the IEEE Infocom 2005.2005.
[71.Karagiannis T,Broido A,Brownlee N,Claffy KC,Faloutsos M.Is P2P dying or just hiding.In:Proc.of the IEEE Globecom 2004.2004.1532-1538.
[8].Karagiannis T,Broido A,Faloutsos M,Claffy KC.Transport layer identification of P2P traffic.In:Proc.of the 4th ACM SIGCOMM Conf.on Internet Measurement.2004.121-134.
[9].陈华.Maze:一个P2P文件共享系统的设计与实现[硕士论文].北京:北京大学,2004.
[10].Tuotu.online at Dec.2007.Available from http://www.tuotu.com/.
[11].Smith R.Shareaza Technology report,2006,online at Aug.2007.Available from:http://shareaza.sourceforge.net/.
[12].刘琼,徐.鹏,杨海涛,彭芸.Peer-to-Peer文件共享系统的测量研究.软件学报,2006,17(10):2131-2140.
[13].IANA.Internet Assigned Numbers Authority(IANA).online at Dec.2007.Available from:http://www.iana.org/assignments/port-numbers.
[14].Plissonneau L.Costeux JL.Brown P.Detailed analysis of eDonkey transfers on ADSL.In:Proc.of 2nd Conference on Next Generation Internet Design and Engineering(NGI'06),2006.
[15].Pouwelse JP,Garbacki P,Epema DHJ,Sips HJ.The Bittorrent P2P file-sharing system:Measurements and analysis.In:Castro M,van Renesse R,eds.Peer-to-Peer Systems Ⅳ,4th Int'l Workshop,IPTPS 2005.LNCS 3640,Ithaca:Springer-Vedag,2005.205-216.
[16].Sen S,Spatscheck O,Wang DM.Accurate,scalable in-network identification of P2P traffic using application signatures.In:Proc of the 13th Int'l WWW Conf.2004.
[17].McGregor A,Hall M,Lorier P,Brunskill J."Flow Clustering,i.P.Using Machine Learning Techniques.In:Proc of the Passive & Active Measurement Workshop.2004.
[18].Gong,Y,Identifying P2P users using traffic analysis.2006.online Feb.2006.Available from:http://www.securityfocns.com/infocus/1843.
[19].Horng MF,Chen CW,Chnang CS,Lin CY.Identification and analysis of P2P traffic-an example of bit torrent.In:Proc.of ICICIC'06.2006.266-269
[20].Zhou LJ,Li ZT,Liu B.P2P traffic identification by TCP flflow analysis.In:Proc.of Proceedings of International Workshop on Networking,Architecture,and Storages 2006.2006.
[21].Constantinou F,Mavrommatis P.Identifying known and unknown peer-to-peer traffic.In:Proc.of.IEEE International Symposium on Network Computing and Applications(NCA).2006,93-102.
[22].Suh K,Figueiredo DR,Kurose J,Towsley D.Characterizing and detecting skype-relayed traffic.In:Proc.of INFOCOM 2006.25th IEEE International Conference on Computer Communications.2006.1-12.
[23].Baset SA,Schulzrinne H.An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol.In:Proc.of IEEE Infocom'06.2006.software Available from http://www.skype.com.
[24].Zander S,Nguyen T,Armitage G.Automated traffic classification and application identification using machine learning.In:Proc.of the IEEE 30th Conf.on Local Computer Networks(LCN 2005).2005.250-257.
[25].Cohen AM,Bhuptiraju RT,Hersh W.Feature generation,feature selection,classifiers,and conceptual drift for biomedical document triage.In:Proc.of.TREC'04.2004.
[26].S.Zander,TN.,and G.Armitage.Self-Learning IP Traffic Classification Based on Statistical Flflow Characteristics.In:Proc.of the Sixth Passive and Active Measurement Workshop(PAM 2005).2005.
[27].Kumar A,Raghavan P,Rajagopalan S,Tomkins A.The web and social networks.IEEE Computer,2002,25(11):32-36.
[28].Jin,Emily M,Michelle G,Newman M.E.J.The structure of growing social networks.Physics Review,2001,64(4):46-132.
[29].Kleinberg J.The small-world phenomenon:An algorithm perspective.In Proc.of 32nd ACM Symposium on Theory of Computing(STOC2000).2000.163-170.
[30].Kleinberg JM.Navigation in a small world.Nature,2000,406(6798):845.
[31].Tan G,Poletto M,Guttag J,Kaashoek F.Role Classiffication of Hosts within Enterprise Networks Based on Connection Patterns.In Prec.of 2003 USENIX Annual Technical Conference.2003.
[32].Aiello W,Kalmanek C,McDaniel P,Sen S,Spatscheck O,Van der Merwe J.Analysis of Communities of Interest in Data Networks.In Proc.of PAM Workshop'05.2005.
[33].Haffner P,Sen S,SpatscheckO.ACAS:Automated Construction of Application Signatures.In:Proc.of ACM SIGCOMM'05 MineNet Workshop.2005.
[34].Ma J,Levchenko K,Krebich C,Savage S,Voelker G.Unexpected Means of Protocol Inference.In:Proc.of IMC'06.2006.
[35].Moore AW,Papagiannaki D.Toward the Accurate Identiffication of Network Applications.In:Proc.of PAM'05.2005.
[36].Saroiu S,Gummadi PK,Gribble SD.A measurement study of peer-to-peer file sharing systems.In:Proc.of the Multimedia Computing and Networking 2002(MMCN 2002).2002.156-170.
[37].Wang R,Liu.Y.,YANG YX.Solving the app-level classification problem of P2P traffic via optimized support vector machines.In:Proc.of ISDA'06.2006.
[38].Madhukar A.Williamson C.A longitudinal study of P2P traffic classification.In:Proc.of 14th IEEE International Symposium on Modeling,Analysis,and Simulation of Computer and Telecommunication Systems(MASCOTS'06).2006.179-188
[39].Ohzahata S,Hagiwara Y,Terada M,KawashimaK.A traffic identification method and evaluations for a pure P2P application.In:Proc.of PAM'05.2005.
[40].KANG H J,Kim.MS,HONG JW.Streaming media and multimedia conferencing traffic analysis using payload examination.ETRI Journal,2004,26((3):203-217.
[41].Dewes C,Wichmann Arne,Feldmann A.An analysis of internet chat systems.In:Proc.of IMC'03.2003.
[42].Microsoft common application signatures,online at Aug.2007.Available from http://www.microsoft.com.
[43].Cisco Systems.Managing Peer-To-Peer Traffic with Cisco Service Control Technology.White Paper.online at May.2006.Available from:http://www.cisco.com/en/US/products/ps6150/products_white_paper0900aecd8023500d.shtml
[44].Cisco's PDML.online at Dec.2007.Available from http://www.cisco.com.
[45].Allot,Allot Communications Ltd.online at Dec.2007.Available from.2007.
[46].Verso Technologies,online at Dec.2007.Available from ttp://www.verso.com/.2007.
[47].Karagiannis T,Papagiannaki K,Faloutsos M.BLINC:Multilevel traffic classification in the dark.In:Proc.of the 2005 Conf.on Applications,Technologies,Architectures,and Protocols for Computer Communications.2005.229-240.
[48].Constantinou F,Mavrommatis P.Identifying know and unknown peer-to-peer traffic,in In:Proc.of Fifth IEEE International Symposium on Network Computing and Applications 2006.2006.
[49].Roughan M,Sen S,Spatscheck O.,et al.Class-of-Service Mapping for QoS:A Statistical Signature-based Approach to IP Traffic Classification.In:Proc.of ACM SIGCOMM IMC'04.2004.135-148.
[50].Liu H,Feng WF,Huang YF,Li X.A Peer-To-Peer Traffic Identification Method Using Machine Learning.In:Proc.of.Networking,Architecture,and Storage(NAS'07).2007.
[51].Duda RO,Hart PE,Stork DG,著;李宏东,译.模式分类.北京:机械工业出版社,2003.0-203.
[52].Moore AW,Zuev D.Internet Traffic Classification Using Bayesian Analysis Techniques.In:Proc.of ACM SIGMETRICS'05.2005.
[53].McGregor A,Hall M,Lorier P,Brunskill J.Flow Clustering Using Machine Learning Techniques.In:Prec.of PAM'04.2004.
[54].Dempster AP,Laird NM,Rubin DB,Maximum likelihood from incomeplete data via the EM algorithm.Journal of the Royal Statistical Society,1977,39(1):1-38.
[55].Cheeseman P,Stutz J.Bayesian Classification(AutoClass):Theory and Results.,In:Proc.of Advances in Knflowledge Discovery and Data Mining.1996.
[56].Erman J,Arlitt M,Mahanti A.Traffic Classification using Clustering Algorithms.In:Proc.of SIGCOMM'06.2006.
[57].Banerjee A.An Objective Evaluation of Criterion for Clustering.In:Prec.of KDD'04.2004.
[58].Erman J,Mahanti A,Arlitt M,Cohen I,Williamson C.Offliue/Realtime Traffic Classification Using Semi-Supervised Learning.In:Proc.of SIGMETRICS'07.2007.369-370.
[59].Olivier C,Bernhard S,Alexander Z.Semi-Supervised Learning.Cambridge:MIT Press,2006.
[60].Belkin M,Niyogi P.,Sindhwani V,Yonezawa A.Manifold Regularization:a Geometric Framework for Learning from Labeled and Unlabeled Examples.Journal of Machine Learning Research,2006,7:2399-2434.
[61].Basu S,Bilenko M,Moouey RJ.A probabilistic framework for semi-supervised clustering.In:Won K,Ron K,Johannes G,William D,eds.Proc.of the 10th ACM SIGKDD Int'l Conf.on Knowledge Discovery and Data Mining(KDD 2004).Seattle:ACM Press,2004.59-68.
[62].Riloff E,Wiebe J,Wilson T.Learning subjective nouns using extraction pattern bootstrapping.In:Proc.of Seventh Conference on Natural Language Learning(CoNLL-03).2003.25-32.
[63].郑海清,林琛,牛军钰.一种基于紧密度的半监督文本分类方法.中文信息学报,2007,21(3):54-150.
[64].Shi Y,Zhang A.A Shrinking-Based Dimension Reduction Approach for Multi-Dimensional Data Analysis.In:Proc.of 16th International Conference on Scientific and Statistical Database Management.2004.
[65].Indulska M,Orlowska M E Gravity Based Spatial Clustering.In:Proc.of ACM Symposium on GIS'02.2002.125-130.
[66].Peng LZ,Chen.YH.,Yang B,Chen ZX.A Novel Classification Method Based on Data Gravitation.In:Proc.of International Conference on Neural Networks and Brain (ICNN&B)'05.2005.
[67].陈贞翔,葛连升,王海洋,黄先芝,林金矫.普适环境中基于信任的服务评价和选择.软件学报,2006,17(Suppl):200-210.
[68].MacQueen J B.Some Methods for classification and Analysis of Multivariate Observations.In:Proc.of 5-th Berkeley Symposium on Mathematical Statistics and Probability.Berkeley,University of California Press.1967.281-297.
[69].Sander J,Ester M,Kricgcl PH,Xu X.Density-Based Clustering in Spatial Databascs:the algorithm GDBSCAN and its applications Data Mining and Knowledge Discovery,1998,2(2):169-194.
[70].Ghahramani Z,Jordan MI.Supervised learning from incomplete data via an EM approach.In:Jack DC,Gerald T,Joshua A,eds.Proc.of the Advances in Neural Information Processing Systems Vol.6 for the 7th NIPS Conf.Denver:Morgan Kaufmann Publishers,1994.120-127.
[71].Chen ZX,Wang.HY.,Abraham A,Yang B,Chen YH,Wang L.,A Novel Algorithm of Neural Network Classification Using Further Division of Recognition Space.Journal of Innovative Computing,Information and Control.2008,4(10)(In press)
[72].Wang L,Yang B,Chen ZX,Chen YH.Network Traffic Classification using Further Division of Partition Space.DCDIS Series B.2007,14(S2):63-68.
[73].Auld T,Moore AW,Gull SF.Bayesian Neural Networks for Internet Traffic Classification.IEEE Transactions on Neural Networks,2007,18(1):223-239.
[74].Langley P,Sage S.Selection of relevant features and examples in machine learning.Artificial Intelligence,1997,97(1-2):245-271.
[75].Liu,M.D.a.H.,Feature selection for classification.Intelligent Data Analysis.1997,1(3):131-156.
[76].Chebrolu S,Abraham A,Thomas JP.Feature deduction and ensemble design of intrusion detection systems.Computer & Security,2004,24(4):295-307.
[77].Chen YH,Yang B,Yang J,Abraham A.Feature Selection and Classification using Flexible Neural Tree.In:Proc.of.PAKDD'05.2005.
[78].Agrawal R,Gehrke JE,Gunopulos D,Raghavan P.Automatic Subspace Clustering of High dimensional Data for Data Mining Applications.In:Proc.of.ACM SIGMOD'98.1998.
[79].Kleinberg JM,Authoritative Sources in a Hyperlinked Environment.Journal of the ACM,1999,46(5):604-632.
[80].Azar Y,Fiat A,Karlin AR,McSherry F,Saia J.Spectral Analysis of Data,.In:Proc.of.ACM Symposium on Theory of Computing(STOC'01).2001.
[81].Guo L,Jiang S,Xiao L,Zhang XD.Exploiting content localities for efficient search in P2P systems.In:Proc.of.the 18th International Symposium on Distributed Computing (DISC).2004.
[82].Markatos EP.Tracing A Large-Scale Peer-to-Peer System:An Hour in the Life of Gnutella.In:Proc.of.Second IEEE/ACM Int'l Symp.Cluster Computing and the Grid.2002.
[83].Sripanidkulchai K,Maggs B,Zhang H.Efficient Content Location Using Interest-Based Locality in Peer-to-Peer Systems.In:Proc.of.INFCOM'03.2003.
[84].Takada K,Watanabe H.System optimization of contents delivery network with information-zooming function.In:Proc.of.The 2004 IEEE Asia-Pacific Conference.2004.477-480.
[85].Ratnasamy S,Handley M,Karp R,Shenker S.Topologically-aware overlay construction and server selection.In:Proc.of.INFOCOM'02.2002.
[86].Chawathe Y.Scattercast:An Adaptable Broadcast Distribution Framework.Multimedia Systems,2003,9(1)104-118.
[87].Wang WJ,Helder DA,Jamin S.Zhang L.Overlay Optimizations for End-host Multicast.In:Proc.of.Fourth International Workshop on Networked Group Communication(NGC).2002.
[88].Ripeanu M,Foster I,Iamnitchi A.Mapping the gnutella network:properties of large-scale peer-to-peer systems and implications for system design.IEEE Internet Computing Journal,2002,6(1):50-57.
[89].Liu YH,Xiao L,Esfahanian A-H,Ni LM.Approaching Optimal Peer-to-Peer Overlays.In:Proc.of.13th Annual Meeting of the IEEE International Symposium on Modeling,Analysis,and Simulation of Computer and Telecommunication Systems(IEEE MASCOTS 2005).2005.
[90].Garetto M,Figneiredo DR,Gaeta R,Sereno M.A modeling framework to understand the tussle between ISPs and peer-to-peer file-sharing users.Performance Evaluaton,2007,33(2):3-5.
[91].Rosen E,Viswanathan A,Callon R.RFC3031:Multiprotocel Label Switching Architecture.online at Aug.2007.Available from:http://www.ietf.org/rfc/rfc3031.txt.
[92].Lazarevic A,Obradovic Z.The distributed boosting algorithm.In:Proc.of.KDD'01.2001.
[93].Montresor A,Jelasity M Babaoglu O.Gossip-based aggregation in large dynamic networks.ACM Transactions on Computer Systems,2005,23(3):219-252.
[94].Demrekler M,Altincay H.Plurality voting-based multiple classifier systems:statistically independent with respect to dependent classifier sets.Pattern Recognition Letters,2002,35(11):2365-2379.
[95].Todorovski L,Dzeroski S.Combining classifiers with meta decision trees.Machine Learning,2003,50(3):223-249.
[96].Bawa M,Gionis A,Garcia-Molina H,Motwani R.The price of validity in dynamic networks.In:Weikum G,Konig AC,DeBloch S,eds.Proc.of the ACM SIGMOD Int'l Conf.on the Management of Data.Paris:ACM,2004.515-526.
[97].Merz C J,Using correspondence analysis to combine classifiers.Machine Learning,1999,36(1-2):33-58.
[98].Chawla NV,Hall LO,Bowyer KW,Kegelmeyer WP,Learning ensembles from bites:A scalable and accurate approach.Journal of Machine Learning Research,2004,5(Apr):421-451.
[99].Masseglia F,Poncelet P,Teisseire M.Peer-to-Peer Usage Analysis:a Distributed Mining Approach.20th International Conference on Advanced Information Networking and Applications(AINA'06).2006.993-998.
[100].Wolff R,Schuster A,Association rule mining in peer-to-peer systems.IEEE Transactions on Systemsn,Man and Cybernetics-Part B,2004,34(6):2426-2438.
[101].Chan PK,Stolfo SJ.A comparative evaluation of voting and meta-learning on partitioned data.In:Proc.of.ICML'95.1995.90-98.
[102].Lin X,Yacoub S,Burns J,imske S,Performance analysis of pattern classifier combination by plurality voting.Pattern Recognition Letters,2003,24(12):1959-1969.
[103].Dzeroski S,Zenko B.Is combining classifiers with stacking better than selecting the best one?.Machine Learning,2004,54(3):255-273.
[104].Siersdorfer S,Sizov S.Automatic document organization in a p2p environment.In:Proc.of.ECIR.2006.265-276.
[105].Abraham A,ThomasJ.Distributed Intrusion Detection Systems:A Computational Intelligence Approach.Applications of Information Systems to Homeland Security and Defense.Abbass HA,and Essam D.(Eds.),Idea Group Inc.Publishers,USA,Chapter 5,pp.105-135,2005.
[106].Grance T,Teal DM,Mansur D.DIDS(Distributed Intrusion Detection System)—motivation architecture and an early prototype.In:Proc.of 14th national computer security conference.1999.
[107].Mouinji A,Le Charlier B,Zampunieris D,Habra N.Distributed audit trail analysis.In:Proc.of.symposium on network and distributed system security(.ISOC 95).1995.
[108].Porras P,Neumann P.EMERALD:event monitoring enabling response to anomalous live disturbances.In:Proc.of.the 20th national information security conference.1997.
[109].Kemmerer RA.NSTAT:a model-based real-time network intrusion detection system.Technical Report:TRCS97-18.1998.
[110].Spafford EH,Zamboni D.Intrusion detection using autonomous agents.Comput Networks,2000,34(5):47-70.
[111].Staniford-Chen S,Crawford R,Dilger M,Frank J,etc.GriDS:a large scale intrusion detection system for large networks.In:Proc.of.19th national information security conference.1996.
[112].Staniford-Chen S,Tung B,Schnackenberg D.The Common Intrusion Detection Framework(CIDF).Information Survivability Workshop,Orlando FL,1998.
[113].Vigna G,Kemmerer RA.NetSTAT:a network-based intrusion detection system.Comput Security,1999,7(1):37-71.
[114].张然,许大炜,张兴军,钱德沛,张文杰.分布式互联网流量监测模型的研究与实现.西安交通大学学报,2002,36(8):814-817.
[115].Datta S,Bhaduri K,Giannella C,Wolff R,Kargupta H.Distributed data mining in peer-to-peer networks.IEEE Internet Computing special issue on Distributed Data Mining,2006,10(4):18-26.
[116].Abraham I,Malkhi D,Dobzinski O.Land:Stretch(1+epsilon)locality aware networks for dhts.In:Proc.of.ACM-SIAM Symposium on Discrete Algorithms(SODA'04).2004.
[117].Stoica I,Morris R,David R.Karger,M.Kaashock F,Balakrishman Hari.Chord:A scalable peer-to-peer lookup protocol for internet applications.In:Proc.of.ACM SIGCOMM'01.2001.
[118].Rowstron A,Druschel P.Pastry:Scalable,decentralized object location and routing for large-scale peer-to-peer systems.In:Proc.of.18th IFIP/ACM Int'l Conf on Distributed Systems Plafforms(Middleware).2001.
[119].Ratnasamy S,Francis P,Handley M.,Karp R.,Shenker S.A scalable content addressable network.In:Proc.of.ACM SIGCOMM'01.2001.
[120].Zhao BY,Huang L,Stribling J,Rhea SC,Joseph AD,Kubiatowicz JD.Tapestry:A resilient global-scale overlay for service deployment.IEEE Journal on Selected Areas in Communications.2004,22(1):41-53.
[121].Malkhi D,Naor M,Ratajczak D.Viceroy:a scalable and dynamic emulation of the butterfly.In:Proc.of.ACM PODC'02.2002.
[122].Peterson L,Bavier A,Fiuczynski ME,MuirSteve.Experiences Building PlanetLab.In:Proc.of.OSDI'04,2004.351-366.Platform Available from:http://www.planet-lab.org.
[123].CAID.Available from:http://www.caida.org/data/passive/
[124].AUCKLAND4.Available from:http://pma.nlanr.net/Traces/long/auck4.html.
[125].WITS.Available from:http://wand.cs.waikato.ac.nz/wits/.
[126].刘轶,崔华力,田敏,刘晓彬.分布式网络流量生成与测量系统.小型微型计算机系统,2005,26(11):1894-1897.
[127].Keutzer K,Newton AR,Rabaey JM,Sangiovanui-Vincentelli A.System Level Design:Orthogonalization of Concerns and Platform-Based Design.IEEE Transactions on Computer-Aided Design of Circuits and Systems,2000,19(12):1523-1543.
[128].Johnson EJ,Kunze AR.IXP2400/2800 Programming.Intel Press,2003.1-238.
[129].About Hooks.http://msdn2.microsoft.com/en-us/library/ms644959(VS.85).aspx.
[130].谭丹,鲜继清.基于NDIS hook的Windows防火墙驱动程序设计.重庆邮电大学学报(自然科学版),2005,17(5):621-1524.
[131].Pietrek M.Peering Inside the PE:A Tour of the Win32 Portable Executable File Format.1994.online at Apr.2007.Available from:http://msdn2.microsoft.com/en-us/library/ms809762.aspx
[132].Paxson V.Bro:A System for Detecting Network Intruders in Real-Time.Comput.Networks,1999,31(23-24):2435-2463.
[133].RadiSys Inc.RadiSys ENP-2611 Data sheet.2004.online at May.2006.Available from:http://www.radisys.com.
[134].B.Claise,Ed.Cisco Systems NetFlow Services Export Version.online at Aug.2007.Available from http://www.ieff.org/rfc/rfc3954.txt.
[135].George L,Blume M.Taming the IXP Network Processor.ACM SIGPLAN Notices archive.2003,38(5):26-37.