Abstract:Application identification plays an essential role in network management such as intrusion detection and security monitoring. But the continuous growth of bandwidth and massive amount of packets pose serious challenges for efficacious and accurate application identification. In this paper, we develop a new method to reduce the number of packets being processed while achieving the goal of accurate P2P and VoIP application identification. Firstly, we employ the Bi-flow model to aggregate traffic packets into Bi-flow, which can capture the exchange behavior characteristics between different terminals. Then we employ the signature of Packet Size Distribution (PSD) to capture flow dynamics, which is defined as the payload length distribution probability of the packets in one Bi-flow. Secondly, we collect PSD of several different P2P and VoIP applications and the analysis results show that PSD of different applications are different with each other, which can be used as features to perform traffic identification. We also find the PSD characteristics of one Bi-flow can be captured by its first few packets, which demonstrate our methods can identify the Bi-flow quickly after its establishment. We employ the Renyi cross entropy to perform identification by calculating the similarity between PSD of the Bi-flow being identified and that of specific application. If the similarity is higher than a selected threshold, the Bi-flow being identified is classified to the specific application. Finally, as the PSD is a type of probability feature which is not sensitive to packet lose, we integrate the Poisson sampling method into our framework to process the massive data in backbone networks. Experimental results using the artificial and actual traces collected from monitoring platform in the Northwest Center of CERNET (China Education and Research Network) verify the accuracy and robustness of our method.

Robust Application Identification Methods for P2P and VoIP Traffic Classification in Backbone Networks

A Design and Implementation of P2p Network Traffic Identification System

Characterizing Application Behaviors for Classifying P2p Traffic

P2P Traffic Identification Based on the Signatures of Key Packets

Application traffic classification based on command exchange mode of TCP flows

A Novel Method Of P2p Traffic Classification Based On Tcp Flow Analysis

Robust network traffic identification with unknown applications.

Method for P2P traffic identification based on twofold features

Real-Time P2P Traffic Identification

P2P Traffic Identification Based on Host and Flow Behaviour Characteristics

Identify P2P Traffic by Inspecting Data Transfer Behavior

An Efficient Method of P2P Traffic Identification Based on Wavelet Packet Decomposition and Kernel Principal Component Analysis

Identification and Analysis of P2P Traffic

Packet-Sequence and Byte-Distribution is Enough for Real-Time Identification of Application Traffic.

Identification Of P2p Traffic Based On The Content Redistribution Characteristic

Packet-analysis based flow identification system for Peer-to-Peer application

A New Method of P2P Traffic Identification Based on Support Vector Machine at the Host Level

An Efficient P2P Traffic Identification Scheme

RESEARCH ON EFFICIENT CLASSIFICATION METHOD OF P2P APPLICATION TRAFFIC

P2P Traffic Identification Based on Transfer Learning

Identification peer-to-peer traffic for high speed networks using packet sampling and application signatures