×

Internet traffic classification via time-frequency analysis

  • US 10,447,713 B2
  • Filed: 04/26/2017
  • Issued: 10/15/2019
  • Est. Priority Date: 04/26/2017
  • Status: Active Grant
First Claim
Patent Images

1. An Internet traffic classification system comprising:

  • a processor; and

    a memory comprising instructions that, when executed by the processor, cause the processor to perform operations comprisingreceiving an internet traffic sequence comprising non-malicious data packets and malicious data packets,extracting, from the internet traffic sequence, a plurality of consecutive samples to be used for classification of the internet traffic sequence,converting the plurality of consecutive samples of the internet traffic sequence from a time domain to a frequency domain via a recursive discrete Fourier transform,determining whether a largest power spectrum in the plurality of consecutive samples of the internet traffic sequence is greater than a threshold portion of a total power spectra of the plurality of consecutive samples of the internet traffic sequence,when the largest power spectrum in the plurality of consecutive samples of the internet traffic sequence is greater than the threshold portion of the total power spectra,determining that the plurality of consecutive samples of the internet traffic sequence comprises a consumer traffic component, andremoving, from the plurality of consecutive samples of the internet traffic sequence, any samples of the plurality of consecutive samples corresponding to the consumer traffic component,calculating a mean and a variance of a remaining portion of the internet traffic sequence, wherein the remaining portion of the internet traffic sequence comprising the plurality of consecutive samples without any samples corresponding to the consumer traffic component,setting, based upon the mean and the variance of the remaining portion of the internet traffic sequence, a threshold for detection of machine-to-machine traffic,recording a series of time indices for samples in the remaining portion of the internet traffic sequence that are greater than the threshold for detection of machine-to-machine traffic,computing time differences between adjacent time indices within the series of time indices,creating a histogram using the time differences,counting the histogram, andwhen most occurrences in the histogram are in association with a specific time difference, determining that the remaining portion of the internet traffic sequence comprises a machine-to-machine-traffic component.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×