Discriminating Internet Applications based on Multiscale Analysis

In the last few years, several new IP applications and protocols emerged as the capability of the networks to provide new services increased. The rapid increase in the number of users of Peer-to-Peer (P2P) network applications, due to the fact that users are easily able to use network resources over these overlay networks, also lead to a drastic increase in the overall Internet traffic volume. An accurate mapping of Internet traffic to applications can be important for a broad range of network management and measurement tasks, including traffic engineering, service differentiation, performance/failure monitoring and security. Traditional mapping approaches have become increasingly inaccurate because many applications use non-default or ephemeral port numbers, use well-known port numbers associated with other applications, change application signatures or use traffic encryption. This paper presents a novel framework for identifying IP applications based on the multiscale behavior of the generated traffic: by performing clustering analysis over the multiscale parameters that are inferred from the measured traffic, we are able to efficiently differentiate different IP applications. Besides achieving accurate identification results, this approach also avoids some of the limitations of existing identification techniques, namely their inability do deal with stringent confidentiality requirements.

[1]  Anirban Mahanti,et al.  Traffic classification using clustering algorithms , 2006, MineNet '06.

[2]  tcpdump Tcpdump/Libpcap public repository , 2010 .

[3]  Carey L. Williamson,et al.  A Longitudinal Study of P2P Traffic Classification , 2006, 14th IEEE International Symposium on Modeling, Analysis, and Simulation.

[4]  Zbigniew R. Struzik,et al.  WAVELET-BASED MULTIFRACTAL ANALYSIS OF REAL AND SIMULATED TIME SERIES OF EARTHQUAKES , 2004 .

[5]  Rudolf H. Riedi,et al.  Multifractal Properties of TCP Traffic: a Numerical Study , 1997 .

[6]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[7]  R. Valadas,et al.  Classification of Internet users using discriminant analysis and neural networks , 2005, Next Generation Internet Networks, 2005.

[8]  John C. S. Lui,et al.  Application Identification Based on Network Behavioral Profiles , 2008, 2008 16th Interntional Workshop on Quality of Service.

[9]  V. Alarcón-Aquino,et al.  Anomaly detection in communication networks using wavelets , 2001 .

[10]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[11]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[12]  Anu Ramanathan,et al.  WADeS: a tool for Distributed Denial of Service Attack detection , 2002 .

[13]  Paulo Salvador,et al.  MODULE FOR IDENTIFYING INTERNET APPLICATIONS AND ITS INTEGRATION IN A PEER-TO-PEER MEASUREMENT TOOL , 2007 .

[14]  Patrice Abry,et al.  Wavelets for the Analysis, Estimation, and Synthesis of Scaling Data , 2002 .

[15]  D. Cochran A consequence of signal normalization in spectrum analysis , 1988, ICASSP-88., International Conference on Acoustics, Speech, and Signal Processing.

[16]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[17]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[18]  Anja Feldmann,et al.  Data networks as cascades: investigating the multifractal nature of Internet WAN traffic , 1998, SIGCOMM '98.

[19]  Anja Feldmann,et al.  Dynamics of IP traffic: a study of the role of variability and the impact of control , 1999, SIGCOMM '99.

[20]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[21]  Michalis Faloutsos,et al.  Is P2P dying or just hiding? [P2P traffic measurement] , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[22]  D. Veitch,et al.  Infinitely divisible cascade analysis of network traffic data , 2000, 2000 IEEE International Conference on Acoustics, Speech, and Signal Processing. Proceedings (Cat. No.00CH37100).

[23]  Ali S. Hadi,et al.  Finding Groups in Data: An Introduction to Chster Analysis , 1991 .

[24]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[25]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[26]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.