Towards the On-line Identification of Peer-to-peer Flow Patterns

The number and variety of IP applications have hugely increased in the last few years. Among them, peer-to-peer (P2P) file-sharing applications have become very popular: more users are continuously joining such systems and more objects are being made available, seducing even more users to join. An accurate mapping of traffic to applications is important for a wide range of network management tasks. Besides, traditional mapping approaches have become increasingly inaccurate because many applications use non-default or ephemeral port numbers, use well-known port numbers associated with other applications, change application signatures or use traffic encryption. This paper proposes a framework to identify Internet applications that can be mainly used in situations where existing identification frameworks are not efficient or can not be used at all. The core block of the identification tool is based on neural networks and is able to identify different flow patterns generated by various Internet applications. Neural network based identification relies on a previous identification of the different IP applications that can be obtained offline using any reliable method. In this way, the paper also presents a module to process IP traffic flows and identify the underlying applications using payload analysis techniques. The identification results obtained from this tool are used in the training phase of the neural network identification framework. The accuracy of the identification framework was evaluated by performing a set of intensive tests and the results obtained show that, when conveniently trained, neural networks constitute a valuable tool to identify Internet applications while being, at the same time, immune to the most important disadvantages presented by other identification methods.

[1]  Jia Wang,et al.  Analyzing peer-to-peer traffic across large networks , 2002, IMW '02.

[2]  Carl G. Looney,et al.  Pattern recognition using neural networks: theory and algorithms for engineers and scientists , 1997 .

[3]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4]  Patrick van der Smagt,et al.  Introduction to neural networks , 1995, The Lancet.

[5]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[6]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[7]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[8]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[9]  Renata Teixeira,et al.  Early Recognition of Encrypted Applications , 2007, PAM.

[10]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[11]  Michalis Faloutsos,et al.  Is P2P dying or just hiding? [P2P traffic measurement] , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[12]  António Pacheco,et al.  Using neural networks to classify Internet users , 2005, Advanced Industrial Conference on Telecommunications/Service Assurance with Partial and Intermittent Resources Conference/E-Learning on Telecommunications Workshop (AICT/SAPIR/ELETE'05).

[13]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[14]  Andrew H. Sung,et al.  Identifying key features for intrusion detection using neural networks , 2002 .

[15]  R. Tervo,et al.  Traffic identification using artificial neural network [Internet traffic] , 2001, Canadian Conference on Electrical and Computer Engineering 2001. Conference Proceedings (Cat. No.01TH8555).

[16]  Ali Zilouchian,et al.  FUNDAMENTALS OF NEURAL NETWORKS , 2001 .

[17]  Yoshua Bengio,et al.  Pattern Recognition and Neural Networks , 1995 .

[18]  P. Salvador,et al.  Identification of Peer-to-Peer Applications' Flow Patterns , 2008, 2008 Next Generation Internet Networks.

[19]  David Moore,et al.  The CoralReef Software Suite as a Tool for System and Network Administrators , 2001, LISA.

[20]  Martin T. Hagan,et al.  Gauss-Newton approximation to Bayesian learning , 1997, Proceedings of International Conference on Neural Networks (ICNN'97).

[21]  Taskin Koçak,et al.  Low-power bloom filter architecture for deep packet inspection , 2006, IEEE Communications Letters.

[22]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[23]  Hui Liu,et al.  A Peer-To-Peer Traffic Identification Method Using Machine Learning , 2007, 2007 International Conference on Networking, Architecture, and Storage (NAS 2007).

[24]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[25]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[26]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[27]  R. Valadas,et al.  Classification of Internet users using discriminant analysis and neural networks , 2005, Next Generation Internet Networks, 2005.

[28]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[29]  Xiaohong Guan,et al.  Accurate Classification of the Internet Traffic Based on the SVM Method , 2007, 2007 IEEE International Conference on Communications.

[30]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[31]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[32]  Fuke Shen,et al.  Research of P2P Traffic Identification Based on BP Neural Network , 2007, Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007).

[33]  Krishna P. Gummadi,et al.  Measurement, modeling, and analysis of a peer-to-peer file-sharing workload , 2003, SOSP '03.

[34]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[35]  Panayiotis Mavrommatis,et al.  Identifying Known and Unknown Peer-to-Peer Traffic , 2006, Fifth IEEE International Symposium on Network Computing and Applications (NCA'06).