Early Identification of Peer-to-Peer Traffic

To manage and monitor their networks in a proper way, network operators are often interested in identifying the applications generating the traffic traveling through their networks, and doing it as fast (i.e., from as few packets) as possible. State-of-the-art packet-based traffic classification methods are either based on the costly inspection of the payload of several packets of each flow or on basic flow statistics that do not take into account the packet content. In this paper we consider the intermediate approach of analyzing only the first few bytes of the first (or first few) packets of each flow. We propose automatic, machine-learning-based methods achieving remarkably good early classification performance on real traffic traces generated from a diverse set of applications (including several versions of P2P TV and file sharing), while requiring only limited computational and memory resources.

[1]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[2]  Dario Rossi,et al.  Live Traffic Monitoring with Tstat: Capabilities and Experiences , 2010, WWIC.

[3]  Guillaume Urvoy-Keller,et al.  Challenging statistical classification for operational usage: the ADSL case , 2009, IMC '09.

[4]  Dario Rossi,et al.  KISS: Stochastic Packet Inspection , 2009, TMA.

[5]  Stefan Savage,et al.  Unexpected means of protocol inference , 2006, IMC '06.

[6]  Michalis Faloutsos,et al.  Link Homophily in the Application Layer and its Usage in Traffic Classification , 2010, 2010 Proceedings IEEE INFOCOM.

[7]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[8]  István Szabó,et al.  On the Validation of Traffic Classification Algorithms , 2008, PAM.

[9]  Dario Rossi,et al.  Fine-grained traffic classification with netflow data , 2010, IWCMC.

[10]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[11]  Raphail E. Krichevsky,et al.  The performance of universal encoding , 1981, IEEE Trans. Inf. Theory.

[12]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[13]  Michalis Faloutsos,et al.  Internet traffic classification demystified: myths, caveats, and the best practices , 2008, CoNEXT '08.

[14]  Frans M. J. Willems,et al.  The context-tree weighting method: basic properties , 1995, IEEE Trans. Inf. Theory.

[15]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.