Professional Documents
Culture Documents
NETWORK TRAFFIC ANALYSIS OF BACKGROUND AND FOREGROUND - Final - August26th2023 - For - Publishing - Finally
NETWORK TRAFFIC ANALYSIS OF BACKGROUND AND FOREGROUND - Final - August26th2023 - For - Publishing - Finally
AND FOREGROUND
Bui Tien Duc1,*, Vuong Xuan Chi1, Nguyen Van Thanh1,
Nguyen Tran Ai Duy2, Do Thanh Thai3, 4, Quang Tran Minh3, 4
1
Department of Information Systems, Faculty of Information Technology, Nguyen Tat Thanh University (NTTU),
300A, Nguyen Tat Thanh Street, Ward 13, District 4, HCMC, Vietnam
2
Facculty of Foreign Languages, Ho Chi Minh City Open University, 97 Vo Van Tan Street, Ward 6, District 3,
HCMC, Vietnam
3
Department of Information Systems, Faculty of Computer Science and Engineering, Ho Chi Minh City
University of Technology (HCMUT), 268 Ly Thuong Kiet, District 10, Ho Chi Minh City, Vietnam.
4
Vietnam National University Ho Chi Minh City (VNU-HCM), Linh Trung Ward, Thu Duc District, Ho Chi Minh
City, Vietnam.
Received xx xx xx
Revised xx xx xx; Accepted xx xx xx
Abstract: This paper aims at separating background (BG) and foreground (FG) network traffic
based on statistical information of distinct frequency of transmission control protocol (TCP) traffic
flows. BG traffic is silently generated by running applications without user awareness, while FG
traffic is intentionally generated by users with different purposes such as web-browsers and
applications. By statistically analyzing the distinct frequency of TCP traffic flows, this research
proved that using only from the 6th packet up to 24th packet in each TCP session can successfully
classify FG or BG traffic. The main contribution of this research is early traffic classification of
the TCP session from the first packets, based on statistical information of distinct frequency of
TCP traffic flows. Accordingly, if the frequency of the latent attributes of the FG traffic exceeds
that of the BG, our model of early traffic classification assigns the “FG” tag to that TCP session,
and vice-versa. Our study analyzes Packets (Packet= Segment + IP) in the Transport layer, based
on the frequency of the latent attributes of each TCP session to map our TCP Early Classification
Model. Our new contribution to the field of Computer Science - our TCP Early Classification
Model, provides effective, universal early classifications of TCP sessions, achievable from the 6th
packet to the 24th packet. This is a great contribution to the science of computer networks, and can
be the foundation for further studies.
________
*Corresponding author.
Email address: ducbt@ntt.edu.vn
https://doi.org/10.25073/2588-1140/vnunst.xxxx
1
1. Introduction
of packets belonging to background and to collect before they are used for analysis. And
foreground traffic when the screen is turned off [8] unusual flows were detected when analyzed
or on, power consumption has been reduced for "short duration". The discovery of the
based on analysis of smartphone traffic from "collision" of background traffic with
twenty users over five months. From port foreground traffic[9] is a discovery in the
number and address (IP), it is difficult to problem of network traffic analysis. When the
classify network traffic. By using a support data used for the analysis is too small, the
vector machine [4] to analyze the randomness results of the analysis are often skewed. Thus,
of foreground traffic, computational costs have network traffic analysis using homologous
been significantly reduced. Sharing files in a information [10] was born to solve part of this
peer-to-peer network model will generate a problem. Currently, in the field of network
large amount of traffic competing with each traffic classification, statistics[11] and data
other. And [5] analyzed procrastination to mining for classification[12] have been actively
address this issue. Machine learning and used as the best analytical aids. But in general,
statistical probability tools have also been the above methods are quite expensive from
introduced into the field of computer network O(nlogn).
classification [6], [7] to solve network
classification problems when analyzing large
amounts of data collected during experiments.
There are also very "unusual" network traffic.
They always change over time, making difficult
3. Proposed approaches
3.2. Procedure
3.2.1. Data collection
The open-source software Wireshark session packets exchanged between computers
version 2.2.2 was employed to collect TCP in the Transport layer as illustrated in Figure 2.
3.2.5. Results:
The result of our study classifies TCP
sessions as foreground traffic or background
traffic, as in Figure 4.
3.3. Results
Our new TCP early classification model
classifies TCP sessions as foreground or
background traffic from packet 6th to 24th as
follows:
5. References
[1] Q. T. Minh, H. Koto, T. Kitahara, L. Chen, S. I. Arakawa, S. Ano, et al., "Separation of Background and
Foreground Traffic Based on Periodicity Analysis," 2015 IEEE Global Communications Conference
(GLOBECOM), 2015, pp. 1-7.
[2] Z. Kenesi, Z. Szabo, Z. Belicza, and S. Molnár, "On the effect of the background traffic on TCP's
throughput," 10th IEEE Symposium on Computers and Communications (ISCC'05), 2005, pp. 631-636.
[3] J. Huang, F. Qian, Z. M. Mao, S. Sen, and O. Spatscheck, "Screen-off traffic characterization and
optimization in 3G/4G networks," Proceedings of the 2012 ACM Conference on Internet Measurement
Conference, 2012, pp. 357-364.
[4] M. Suzuki, M. Watari, S. Ano, and M. Tsuru, "Traffic classification on mobile core network considering
regularity of background traffic," 2015 IEEE International Workshop Technical Committee on
Communications Quality and Reliability (CQR), 2015, pp. 1-6.
[5] M. Arumaithurai, X. Fu, and K. Ramakrishnan, "NF-TCP: a network friendly TCP variant for background
delay-insensitive applications," International Conference on Research in Networking, 2011, pp. 342-355.
[6] K. V. Vishwanath and A. Vahdat, "Evaluating distributed systems: Does background traffic matter?,"
USENIX Annual Technical Conference, 2008, pp. 227-240.
[7] T. T. Nguyen and G. Armitage, "A survey of techniques for internet traffic classification using machine
learning," IEEE Communications Surveys & Tutorials, vol. 10, no. 4, 2008, pp. 56-76.
[8] F. Silveira, C. Diot, N. Taft, and R. Govindan, "ASTUTE: Detecting a different class of traffic anomalies,"
ACM SIGCOMM Computer Communication Review, vol. 40, no. 4, 2010, pp. 267-278.
[9] G. Nychis and D. R. Licata, "The impact of background Network traffic on foreground network traffic," The
Proceeding of the IEEE Global Telecommunications Conference, GLOBECOM, 2001, pp. 1-16.
[10] J. Zhang, Y. Xiang, Y. Wang, W. Zhou, Y. Xiang, and Y. Guan, "Network traffic classification using
correlation information," IEEE Transactions on Parallel and Distributed Systems, vol. 24, no. 1, 2013, pp.
104-117.
[11] J. Zhang, Y. Xiang, W. Zhou, and Y. Wang, "Unsupervised traffic classification using flow statistical
properties and IP packet payload," Journal of Computer and System Sciences, vol. 79, no. 5, 2013, pp. 573-
585.
[12] J. Zhang, C. Chen, Y. Xiang, W. Zhou, and A. V. Vasilakos, "An effective network traffic classification
method with unknown flow detection," IEEE Transactions on Network and Service Management, vol. 10,
no. 2, 2013, pp. 133-147.
[13] G. G. Sena, and P. Belzarena, "Early traffic classification using support vector machines," The Proceedings of
the 5th International Latin American Networking Conference, ACM, 2009, pp. 60-66.