Abstract
The accurate and efficient classification of Internet traffic is the first and key step to accurate traffic management, network security and traffic analysis. The classic ways to identify flows is either inaccurate or inefficient, which are not suitable to be applied to real-time online classification. In this paper, we originally presented an early recognition method named Early Recognition Based on Deep Packet Inspection (ERBDPI) based on deep packet inspection, after analyzing the distribution of payload signature between packets of a flow in detail. The basic concept of ERBDPI is classifying flows based on the payload signature of their first some packets, so that we can identify traffic at the beginning of a flow connection. We compared the performance of ERBDPI with that of traditional sampling methods both synthetically and using real-world traffic traces. The result shows that ERBDPI can get a higher classification accuracy with a lower packet sampling rate, which makes it suitable to be applied to accurate real-time classification in high-speed links.
Similar content being viewed by others
References
IANA, IANA port number list, [EB/OL] http://www.iana.org/assignments/portnumbers, 2006.
Andrew W. Moore and Konstantina Papagiannaki. Toward the accurate identification of network applications. PAM’ 2005 (LNCS’ 3431), Boston, MA, March/April 2005, 41–54.
S. Sen, O. Spatscheck, and D. Wang. Accurate, scalable in-network identification of P2P traffic using application signatures. www, NY, USA, 2004, 512–521.
A. W. Moore and D. Zuev. Internet traffic classification using Bayesian analysis techniques. Proceedings of SIGMETRICS, Alberta, Canada, 2005, 50–60.
S. Zander, T. Nguyen, and G. Armitage. Self-learning IP traffic classification based on statistical flow characteristics. Proceedings of the Sixth Passive and Active Measurement Workshop (PAM’ 2005), Berlin, April 2005, 325–328.
T. Karagiannis, K. Papagiannaki, and M. Faloutsos. BLINC: multilevel traffic classification in the dark. Proceedings of SIGCOMM’ 05, Philadelphia, PA, USA, 2005, 229–240.
K. C. Claffy, George C. Polyzos, and Hans-Werner Braun. Application of sampling methodologies to network traffic characterization. Proceedings ACM SIGCOMM, San Francisco, 1993, 194–203.
Cisco System White Paper. NetFlow Services Solutions Guide[R], 90–95.
Nicolas Hohn and Darryl Veitch. Inverting sampled traffic. ACM Internet Measurement Conference, Florida, USA, 2003.
Nick Duffield, Carsten Lund, and Mikkel Thorup. Properties and prediction of flow statistics from sampled packet streams. Proceedings ACM Internet Measurement Conference, Marseiue, France, 2002, 159–171.
Abhishek Kumar and Jun (Jim) Xu. Sketch guided sampling—using on-line estimates of flow size for adaptive data collection. IEEE INFOCOM’2006, Barcelona, Spain, 2006, 467–482.
L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian. Traffic classification on the fly. ACM SIGCOMM Computer Communication Review, 36 (2006)2, 23–26.
L. Bernaille, R. Teixeira, and K. Salamatian. Early application identification. The 2nd ADETTI/ISCTE CONEXT Conference, Lisbon, Portugal, December 2006, 456–468.
L. Bernaille and R. Teixeira. Early recognition of encrypted applications. PAM’ 2007, Louvain-la-neuve, Belgium, 2007, 165–175.
Nen-Fu Huang, Gin-Yuan Jai, and Han-Chieh Chao. Early identifying application traffic with application characteristics. Proceedings of ICC’ 2008, Beijing, China, 2008, 88–92.
Jin Zhang, Xiaona Niu, and Jiangxing Wu. A spaceefficient fair packet sampling algorithm. APNOMS’ 2008, Beijing, China, 2008, 246–255.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by grant from the Major State Basic Research Development Program of China (No. 2007CB307102).
Communication author: Niu Xiaona, born in 1983, female, Postgraduate, Assistant Engineer.
About this article
Cite this article
Niu, X., Guo, Y., Zhang, J. et al. Early recognition of internet traffic based on signature inspection. J. Electron.(China) 27, 230–236 (2010). https://doi.org/10.1007/s11767-010-0307-2
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11767-010-0307-2