Go to CONEXT 2019 homepageExplaining Class-of-Service Oriented Network Traffic Classification with Superfeatures
Abstract: Recent studies have demonstrated that machine learning can be useful for application-oriented network traffic classification. However, a network operator may not be able to infer the application of a traffic flow due to the frequent appearance of new applications or due to privacy and other constraints set by regulatory bodies. In this work, we consider traffic flow classification based on the class of service (CoS), using delay sensitivity as an example in this preliminary study. Our focus is on direct CoS classification without first inferring the application. Our experiments with real-world encrypted TCP flows show that this direct approach can be substantially more accurate than a two-step approach that first classifies the flows based on their applications. However, without invoking application labels, the direct approach is more opaque than the two-step approach. Therefore, to provide human understandable interpretation of the trained learning model, we further propose an explanation framework that utilizes groups of superfeatures defined using domain knowledge and their Shapley values in a cooperative game that mimics the learning model. Our experimental results further demonstrate that this explanation framework is consistent and provides important insights into the classification results.
0 Replies
Loading