Classification of P2P and HTTP Using Specific Protocol Characteristics

A key aspect of traffic classification is the early identification of individual flows which may utilise strategies such as ephemeral ports and transport later encryption to `hide' on the network. This paper focuses on P2P and HTTP - the two main producers of network traffic - to determine the characteristics of their individual flows. We propose a heuristic based classification system to distinguish HTTP and P2P flows using only the structure of how packets are passed and the lengths of the individual packets. The classification system is then tested on real network traffic and results presented to show it can accurately detect P2P and HTTP within the early part of a TCP flow.

[1]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[2]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[3]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[4]  B. Raahemi,et al.  Classification of Peer-to-Peer traffic using incremental neural networks (Fuzzy ARTMAP) , 2008, 2008 Canadian Conference on Electrical and Computer Engineering.

[5]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[6]  Carey L. Williamson,et al.  A comparative analysis of web and peer-to-peer traffic , 2008, WWW.

[7]  Michalis Faloutsos,et al.  Is P2P dying or just hiding? [P2P traffic measurement] , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[8]  Mohamed G. Gouda,et al.  A model of stateful firewalls and its properties , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[9]  Hermann de Meer,et al.  Towards Context-Based Flow Classification , 2006, International Conference on Autonomic and Autonomous Systems (ICAS'06).

[10]  G.P.S. Junior,et al.  P2P Traffic Identification using Cluster Analysis , 2007, 2007 First International Global Information Infrastructure Symposium.

[11]  Renata Teixeira,et al.  Early Recognition of Encrypted Applications , 2007, PAM.

[12]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[13]  Michalis Faloutsos,et al.  File-sharing in the Internet: A characterization of P2P traffic in the backbone , 2003 .

[14]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[15]  Satoshi Ohzahata,et al.  A Traffic Identification Method and Evaluations for a Pure P2P Application , 2005, PAM.