In order to control and manage highly aggregated Internet traffic flows efficiently, we need to be able to categorize flows into distinct classes and to be knowledgeable about the different behaviour of flows belonging to these classes. In this paper we consider the problem of classifying BGP level prefix flows into a small set of homogeneous classes. We argue that a simple two states Hidden Markov Model (HMM), even if not sufficient for describing a flow, is sufficient to distinguish between flows and to help in classifying them to homogeneous classes. We propose a classification method based on modelling windows of flows observations using Hidden Markov Model and classifying them based on parameters of the model. We use a classical EM algorithm for estimating all model parameters as well as the flow membership probabilities - the probability that a flow belongs to any given class. One of our key contributions is a new and relatively fast method for Internet flow classification. The ...
A. Oveissian, Kavé Salamatian, Augustin Sou