Skip to main content
SpringerLink
Log in

Early recognition of internet traffic based on signature inspection

  • Published:
Journal of Electronics (China)

Abstract

The accurate and efficient classification of Internet traffic is the first and key step to accurate traffic management, network security and traffic analysis. The classic ways to identify flows is either inaccurate or inefficient, which are not suitable to be applied to real-time online classification. In this paper, we originally presented an early recognition method named Early Recognition Based on Deep Packet Inspection (ERBDPI) based on deep packet inspection, after analyzing the distribution of payload signature between packets of a flow in detail. The basic concept of ERBDPI is classifying flows based on the payload signature of their first some packets, so that we can identify traffic at the beginning of a flow connection. We compared the performance of ERBDPI with that of traditional sampling methods both synthetically and using real-world traffic traces. The result shows that ERBDPI can get a higher classification accuracy with a lower packet sampling rate, which makes it suitable to be applied to accurate real-time classification in high-speed links.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. IANA, IANA port number list, [EB/OL] http://www.iana.org/assignments/portnumbers, 2006.

  2. Andrew W. Moore and Konstantina Papagiannaki. Toward the accurate identification of network applications. PAM’ 2005 (LNCS’ 3431), Boston, MA, March/April 2005, 41–54.

  3. S. Sen, O. Spatscheck, and D. Wang. Accurate, scalable in-network identification of P2P traffic using application signatures. www, NY, USA, 2004, 512–521.

  4. A. W. Moore and D. Zuev. Internet traffic classification using Bayesian analysis techniques. Proceedings of SIGMETRICS, Alberta, Canada, 2005, 50–60.

  5. S. Zander, T. Nguyen, and G. Armitage. Self-learning IP traffic classification based on statistical flow characteristics. Proceedings of the Sixth Passive and Active Measurement Workshop (PAM’ 2005), Berlin, April 2005, 325–328.

  6. T. Karagiannis, K. Papagiannaki, and M. Faloutsos. BLINC: multilevel traffic classification in the dark. Proceedings of SIGCOMM’ 05, Philadelphia, PA, USA, 2005, 229–240.

  7. K. C. Claffy, George C. Polyzos, and Hans-Werner Braun. Application of sampling methodologies to network traffic characterization. Proceedings ACM SIGCOMM, San Francisco, 1993, 194–203.

  8. Cisco System White Paper. NetFlow Services Solutions Guide[R], 90–95.

  9. Nicolas Hohn and Darryl Veitch. Inverting sampled traffic. ACM Internet Measurement Conference, Florida, USA, 2003.

  10. Nick Duffield, Carsten Lund, and Mikkel Thorup. Properties and prediction of flow statistics from sampled packet streams. Proceedings ACM Internet Measurement Conference, Marseiue, France, 2002, 159–171.

  11. Abhishek Kumar and Jun (Jim) Xu. Sketch guided sampling—using on-line estimates of flow size for adaptive data collection. IEEE INFOCOM’2006, Barcelona, Spain, 2006, 467–482.

  12. L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian. Traffic classification on the fly. ACM SIGCOMM Computer Communication Review, 36 (2006)2, 23–26.

    Article  Google Scholar 

  13. L. Bernaille, R. Teixeira, and K. Salamatian. Early application identification. The 2nd ADETTI/ISCTE CONEXT Conference, Lisbon, Portugal, December 2006, 456–468.

  14. L. Bernaille and R. Teixeira. Early recognition of encrypted applications. PAM’ 2007, Louvain-la-neuve, Belgium, 2007, 165–175.

  15. Nen-Fu Huang, Gin-Yuan Jai, and Han-Chieh Chao. Early identifying application traffic with application characteristics. Proceedings of ICC’ 2008, Beijing, China, 2008, 88–92.

  16. Jin Zhang, Xiaona Niu, and Jiangxing Wu. A spaceefficient fair packet sampling algorithm. APNOMS’ 2008, Beijing, China, 2008, 246–255.

Download references

Author information

Authors and Affiliations

  1. National Digital Switching System Engineering & Technology Research Center (NDSC), Zhengzhou, 450002, China

    Xiaona Niu, Yunfei Guo, Jin Zhang & Chao Wang

Authors
  1. Xiaona Niu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yunfei Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaona Niu.

Additional information

Supported by grant from the Major State Basic Research Development Program of China (No. 2007CB307102).

Communication author: Niu Xiaona, born in 1983, female, Postgraduate, Assistant Engineer.

About this article

Cite this article

Niu, X., Guo, Y., Zhang, J. et al. Early recognition of internet traffic based on signature inspection. J. Electron.(China) 27, 230–236 (2010). https://doi.org/10.1007/s11767-010-0307-2

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11767-010-0307-2

Key words

CLC index

Search

Navigation