Waterfall: Rapid Identification of IP Flows Using Cascade Classification

  • Paweł Foremski
  • Christian Callegari
  • Michele Pagano
Part of the Communications in Computer and Information Science book series (CCIS, volume 431)


In the last years network traffic classification has attracted much research effort, given that it represents the foundation of many Internet functionalities such as Quality of Service (QoS) enforcement, monitoring, and security. Nonetheless, the proposed works are not able to satisfactorily solve the problem, usually being suitable for only addressing a given portion of the whole network traffic and thus none of them can be considered an ultimate solution for network classification.

In this paper, we address network traffic classification by proposing a new architecture – named Waterfall architecture – that, by combining several classification algorithms together according to a cascade principle, is able to correctly classify the whole mixture of network traffic.

Through extensive experimental tests run over real traffic datasets, we have demonstrated the effectiveness of the proposal.


network management traffic classification machine learning multi-classification classifier selection cascade classification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Foremski, P.: On different ways to classify Internet traffic: a short review of selected publications. Theoretical and Applied Informatics 25(2) (2013)Google Scholar
  2. 2.
    Adami, D., Callegari, C., Giordano, S., Pagano, M., Pepe, T.: Skype-Hunter: A real-time system for the detection and classification of Skype traffic. International Journal of Communication Systems 25(3), 386–403 (2012)CrossRefGoogle Scholar
  3. 3.
    Foremski, P., Callegari, C., Pagano, M.: DNS-Class: Immediate classification of IP flows using DNS. International Journal of Network Management (accepted, 2014)Google Scholar
  4. 4.
    Fiadino, P., Bär, A., Casas, P.: HTTPTag: A Flexible On-line HTTP Classification System for Operational 3G Networks. In: International Conference on Computer Communications, INFOCOM 2013. IEEE (2013)Google Scholar
  5. 5.
    Bermolen, P., Mellia, M., Meo, M., Rossi, D., Valenti, S.: Abacus: Accurate behavioral classification of P2P-TV traffic. Computer Networks 55(6), 1394–1411 (2011)CrossRefGoogle Scholar
  6. 6.
    Finamore, A., Mellia, M., Meo, M., Rossi, D.: KISS: Stochastic packet inspection classifier for udp traffic. IEEE/ACM Transactions on Networking 18(5), 1505–1515 (2010)CrossRefGoogle Scholar
  7. 7.
    Dusi, M., Crotti, M., Gringoli, F., Salgarelli, L.: Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting. Computer Networks 53(1), 81–97 (2009)CrossRefGoogle Scholar
  8. 8.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern classification. John Wiley & Sons (2012)Google Scholar
  9. 9.
    Kuncheva, L.I.: Combining Pattern Classifiers: Methods and Algorithms. Wiley (2004)Google Scholar
  10. 10.
    Dainotti, A., Pescapé, A., Sansone, C.: Early classification of network traffic through multi-classification. Traffic Monitoring and Analysis, 122–135 (2011)Google Scholar
  11. 11.
    Dusi, M., Gringoli, F., Salgarelli, L.: Quantifying the accuracy of the ground truth associated with Internet traffic traces. Computer Networks 55(5), 1158–1167 (2011)CrossRefGoogle Scholar
  12. 12.
    Bujlow, T., Carela-Espanol, V.: Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification. Technical report, Polytechnic University of Catalonia (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Paweł Foremski
    • 1
  • Christian Callegari
    • 2
  • Michele Pagano
    • 2
  1. 1.The Institute of Theoretical and Applied InformaticsPolish Academy of SciencesGliwicePoland
  2. 2.Department of Information EngineeringUniversity of PisaItaly

Personalised recommendations