Impact of Asymmetric Routing on Statistical Traffic Classification

Statistical traffic classification techniques are often developed under the assumption that monitoring devices can observe the two half-flows composing each traffic session. However, the practice of asymmetric routing is rapidly moving from the Internet core to its edge. Forecasts [1] predict that in a few years even the last legs of Internet connectivity will experience some form of this practice. In this paper we study the effects that asymmetric routing can have on statistical traffic classifiers. We do so by comparing the capability of unidirectional classifiers with the ones of bidirectional classifiers in extracting information from the features of half-flows. Numerical results obtained by processing three heterogeneous traffic traces not only confirm the obvious assumption that bidirectional classifiers work better than unidirectional ones, but also shed some light on a few interesting facts. First, that the improvement introduced by bidirectional classifiers is not very significant in terms of increased true positives, while it is substantial in terms of decreased false positives. Furthermore, some protocols seem to exhibit, at least in some environments, the tendency to carry more information (relevant to traffic classification) in one direction than in the other.

[1]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[2]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[3]  Yin Zhang,et al.  On AS-level path inference , 2005, SIGMETRICS '05.

[4]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[5]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[6]  Maurizio Dusi,et al.  IP Traffic Classification for QoS Guarantees: The Independence of Packets , 2008, 2008 Proceedings of 17th International Conference on Computer Communications and Networks.

[7]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques with Java implementations , 2002, SGMD.

[8]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[9]  Carey L. Williamson,et al.  Identifying and discriminating between web and peer-to-peer traffic in the network core , 2007, WWW '07.

[10]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[11]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[12]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[13]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[14]  Michalis Faloutsos,et al.  Quantifying routing asymmetry in the Internet at the AS level , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[15]  Luca Salgarelli,et al.  Support Vector Machines for TCP traffic classification , 2009, Comput. Networks.

[16]  Michalis Faloutsos,et al.  Is P2P dying or just hiding? [P2P traffic measurement] , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[17]  Ian Witten,et al.  Data Mining , 2000 .

[18]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[19]  Grenville J. Armitage,et al.  Training on multiple sub-flows to optimise the use of Machine Learning classifiers in real-world IP networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[20]  Wolfgang John,et al.  On Measurement and Analysis of Internet Backbone Traffic , 2008 .

[21]  Fulvio Risso,et al.  Lightweight, Payload-Based Traffic Classification: An Experimental Evaluation , 2008, 2008 IEEE International Conference on Communications.

[22]  Vern Paxson,et al.  Measurements and analysis of end-to-end Internet dynamics , 1997 .

[23]  Grenville Armitage,et al.  Synthetic sub-flow pairs for timely and stable IP traffic identification , 2006 .

[24]  Luca Salgarelli,et al.  A statistical approach to IP-level classification of network traffic , 2006, 2006 IEEE International Conference on Communications.

[25]  Zihui Ge,et al.  Lightweight application classification for network management , 2007, INM '07.