Abstract
The early detection of applications associated with TCP flows is an essential step for network security and traffic engineering. The classic way to identify flows, i.e. looking at port numbers, is not effective anymore. On the other hand, state-of-the-art techniques cannot determine the application before the end of the TCP flow. In this editorial, we propose a technique that relies on the observation of the first five packets of a TCP connection to identify the application. This result opens a range of new possibilities for online traffic classification.
- T. Karagiannis, A. Broido, N. Brownlee, K. Claffy, and M. Faloutsos, "Is P2P dying or just hiding?," in IEEE Globecom, 2004.Google Scholar
- M. Roughan, S. Sen, O. Spatscheck, and N. Duffield, "Class-of-service mapping for QoS: A statistical signature-based approach to IP traffic classification," in Internet Measurement Conference, 2004. Google ScholarDigital Library
- A. Moore and D. Zuev, "Internet traffic classification using bayesian analysis," in ACM SIGMETRICS, 2005. Google ScholarDigital Library
- T. Karagiannis, D. Papagiannaki, and M. Faloutsos, "BLINC: Multilevel traffic classification in the dark," in ACM SIGCOMM, 2005. Google ScholarDigital Library
- A. McGregor, M. Hall, P. Lorier, and J. Brunskill, "Flow clustering using machine learning techniques," in Passive and Active Measurement Workshop, 2004.Google Scholar
- D. Zuev and A. Moore, "Traffic classification using a statistical approach," in Passive and Active Measurement Workshop, 2005. Google ScholarDigital Library
- J. McQueen, "Some methods for classification and analysis of multivariations," in Symposium on Mathematical Statistics and Probability, 1967.Google Scholar
- Qosmos, "www.qosmos.com."Google Scholar
- Endace, "www.endace.com."Google Scholar
- N. Hohn and D. Veitch, "Inverting sampled traffic," in Internet Measurement Conference, 2003. Google ScholarDigital Library
Index Terms
- Traffic classification on the fly
Recommendations
Learning for accurate classification of real-time traffic
CoNEXT '06: Proceedings of the 2006 ACM CoNEXT conferenceAccurate network traffic classification is an important task. We intend to develop an intelligent classification system by learning the types of service inside a network flow using machine learning techniques. Previous work used Bayesian methods for ...
A survey of techniques for internet traffic classification using machine learning
The research community has begun looking for IP traffic classification techniques that do not rely on `well known TCP or UDP port numbers, or interpreting the contents of packet payloads. New work is emerging on the use of statistical traffic ...
Early application identification
CoNEXT '06: Proceedings of the 2006 ACM CoNEXT conferenceThe automatic detection of applications associated with network traffic is an essential step for network security and traffic engineering. Unfortunately, simple port-based classification methods are not always efficient and systematic analysis of packet ...
Comments