ACK utilization for traffic classification

Network traffic classification is an essential feature for network users and administrators. It allows detailed information about the various applications traversing the network, thus enabling traffic shaping, accounting, anomaly detection, etc. In this paper, we suggest a novel fingerprinting technique to automatically classify ongoing TCP and UDP flows according to the various applications which created them, thus allowing classification with high accuracy. Specifically, for TCP flows, we suggest a fingerprint based on zero-length packets, which enables efficiently classifying flows based on a single Content-Addressable Memory (CAM) rule and a limited sample set, yet with very high accuracy. Moreover, our fingerprint is robust to network conditions such as congestion, fragmentation, delay, retransmissions, duplications and losses. For UDP flows, we utilize a similar approach based on the UDP length field. The fingerprinting schemes are evaluated on a variety of real traffic traces. Results show that the schemes attain very high accuracy. In particular, our scheme attains about 97% overall accuracy for a large variety of applications, by sampling small fraction of the trafik'. The UDP scheme attains over 98% accuracy, by sampling all the UDP traffic.

[1]  Guochu Shou,et al.  Online automatic traffic classification architecture in access network , 2009, 2009 9th International Conference on Electronic Measurement & Instruments.

[2]  Lizhi Peng,et al.  A Novel Online Traffic Classification Method Based on Few Packets , 2012, 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing.

[3]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[4]  Andrea Baiocchi,et al.  Low complexity, high performance neuro-fuzzy system for Internet traffic flows early classification , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[5]  Yan Ma,et al.  Real-time feature selection in traffic classification , 2008 .

[6]  Baohua Yang,et al.  SMILER: Towards Practical Online Traffic Classification , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[7]  Augustin Soule,et al.  Blind application recognition through behavioral classification , 2006 .

[8]  Luca Salgarelli,et al.  Support Vector Machines for TCP traffic classification , 2009, Comput. Networks.