A statistical blind technique for recognition of internet traffic with dependence enforcement

The increasing demand of network security, access control, and service differentiation over IP networks drives Internet Service Providers and network administrators to deploy ever more sophisticated and faster traffic recognition mechanisms. Unfortunately this is complicated by the continuous development of new application protocols, increasing network bandwidth, and spreading of complicated tunneling and encryption techniques. In this paper we describe a statistical technique for blind recognition and classification of application sessions amongst aggregated traffic. Packets are assigned to known applications/protocols on the basis of a restricted set of information extracted from each packet: packet addresses, sizes, and timestamps. We analyzed three modes with different degrees of correlation among packets belonging to the same session. Albeit its simplicity, the studied technique has demonstrated very good performances, also when used for real-time classification.

[1]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[2]  Luca Salgarelli,et al.  A statistical approach to IP-level classification of network traffic , 2006, 2006 IEEE International Conference on Communications.

[3]  Li Wei,et al.  Network Traffic Classification Using K-means Clustering , 2007 .

[4]  Bo Yang,et al.  Traffic classification using probabilistic neural networks , 2010, 2010 Sixth International Conference on Natural Computation.

[5]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[6]  Vern Paxson,et al.  Empirically derived analytic models of wide-area TCP connections , 1994, TNET.

[7]  Konstantina Papagiannaki,et al.  Flow classification by histograms: or how to go on safari in the internet , 2004, SIGMETRICS '04/Performance '04.

[8]  Antonio Pescapè,et al.  Classification of Network Traffic via Packet-Level Hidden Markov Models , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[9]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[10]  Chadi Barakat,et al.  Using host profiling to refine statistical application identification , 2012, 2012 Proceedings IEEE INFOCOM.

[11]  T. Okabe,et al.  Statistical traffic identification method based on flow-level behavior for fair VoIP service , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[12]  Paulo Salvador,et al.  A real-time traffic classification approach , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[13]  István Szabó,et al.  Accurate Traffic Classification , 2007, 2007 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[14]  Anja Feldmann,et al.  An analysis of Internet chat systems , 2003, IMC '03.

[15]  A. Mena,et al.  An empirical study of real audio traffic , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[16]  Anirban Mahanti,et al.  Traffic classification using clustering algorithms , 2006, MineNet '06.

[17]  James Won-Ki Hong,et al.  A Hybrid Approach for Accurate Application Traffic Identification , 2006, 2006 4th IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services.

[18]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[19]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.