Using packet interarrival times for Internet traffic classification

There are several techniques for classifying internet traffic, i.e. associating a flow of packets to the application that generated it. Among these techniques, Shallow Packet Inspection makes a decision by considering only the outermost packet header and other statistical characteristics of the packet process and, therefore, is well suited to perform classification of obfuscated or encrypted traffic. In particular, the packet arrival process is an interesting feature for traffic classification because cannot be easily obfuscated or manipulated. In this paper, we propose a novel technique using the measured burstiness of the packet sources over different time scales to distinguish among different internet applications. The effectiveness of this technique is experimentally evaluated with both synthetic data and real traffic traces. Synthetic traffic traces make it possible to give an estimation of the classification error rate that the algorithm can achieve, while experiments with real traffic data show that the most common Internet applications are identified with an error rate similar to the more intrusive Deep Packet Inspection.

[1]  Keinosuke Fukunaga,et al.  Introduction to Statistical Pattern Recognition , 1972 .

[2]  Maurizio Dusi,et al.  Coarse Classification of Internet Traffic Aggregates , 2010, 2010 IEEE International Conference on Communications.

[3]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[4]  Michalis Faloutsos,et al.  Internet traffic classification demystified: myths, caveats, and the best practices , 2008, CoNEXT '08.

[5]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[6]  Mark Coates,et al.  Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification , 2009, IEEE INFOCOM 2009.

[7]  Marco Canini,et al.  Efficient application identification and the temporal and spatial stability of classification schema , 2009, Comput. Networks.

[8]  Giacomo Verticale,et al.  Using per-Source measurements to improve performance of Internet traffic classification , 2010, 2010 IEEE Latin-American Conference on Communications.

[9]  Ece Guran Schmidt,et al.  Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison , 2010, Perform. Evaluation.

[10]  Chao Liu,et al.  A statistical-feature-based approach to internet traffic classification using Machine Learning , 2009, 2009 International Conference on Ultra Modern Telecommunications & Workshops.

[11]  J.B. Evans,et al.  Describing Network Traffic Using the Index of Variability , 2009, IEEE/ACM Transactions on Networking.

[12]  Niccolo Cascarano,et al.  GT: picking up the truth from the ground for internet traffic , 2009, CCRV.

[13]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[14]  Giacomo Verticale,et al.  Performance evaluation of a machine learning algorithm for early application identification , 2008, 2008 International Multiconference on Computer Science and Information Technology.

[15]  Jing Yuan,et al.  Information Entropy Based Clustering Method for Unsupervised Internet Traffic Classification , 2008, 2008 IEEE International Conference on Communications.