Skip to main content
SpringerLink
Log in
Book cover

Asian Internet Engineering Conference

AINTEC 2007: Sustainable Internet pp 156–166Cite as

Implementation Issues of Early Application Identification

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4866))

Abstract

The automatic identification of applications associated with network traffic is an essential step to apply quality-of-service policies and profile network usage. Our prior work proposes Early Application Identification, a method that accurately identifies the application after the first four packets of a TCP connection. However, an online implementation of this method faces two challenges: it needs to run at high speed and with limited memory. This paper addresses these issues. We propose an algorithm that implements Early Application Identification plus a number of computation and memory optimizations. An evaluation using traffic traces collected at our university network shows that this implementation can classify traffic at up to 6 Gbit/s. This speed is more than enough to classify traffic at current edge networks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., Faloutsos, M.: Is P2P dying or just hiding? In: IEEE Globecom (2004)

    Google Scholar 

  2. Roughan, M., Sen, S., Spatscheck, O., Duffield, N.: Class-of-service mapping for QoS: A statistical signature-based approach to ip traffic classification. In: Proceedings of ACM Internet Measurement Conference (2004)

    Google Scholar 

  3. Moore, A., Zuev, D.: Internet traffic classification using bayesian analysis. In: Proceedings of ACM SIGMETRICS (2005)

    Google Scholar 

  4. Karagiannis, T., Papagiannaki, D., Faloutsos, M.: Blinc: Multilevel traffic classification in the dark. In: Proceedings of ACM SIGCOMM (2005)

    Google Scholar 

  5. Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks 31, 2435–2463 (1999)

    Google Scholar 

  6. Snort: http://www.snort.org

  7. Ma, J., Levchenko, K., Kreibich, C., Savage, S.: G M Voelker: Unexpected means of protocol inference. In: Proceedings of ACM Internet Measurement Confererence (2006)

    Google Scholar 

  8. McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 205–214. Springer, Heidelberg (2004)

    Google Scholar 

  9. Zuev, D., Moore, A.W.: Traffic classification using a statistical approach. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 321–324. Springer, Heidelberg (2005)

    Google Scholar 

  10. Bernaille, L., Teixeira, R., Salamatian, K.: Early application identification. In: Conference on Future Networking Technologies, CoNext (2006)

    Google Scholar 

  11. Estan, C., Keys, K., Moore, D., Varghese, G.: Building a better netflow. In: Proceedings of ACM SIGCOMM, pp. 245–256. ACM Press, New York (2004)

    Google Scholar 

  12. IPMON: http://ipmon.sprintlabs.com

  13. Boyer, R., Moore, J.: A fast string searching algorithm. Communications of the ACM (1977)

    Google Scholar 

  14. Valgrind: http://valgrind.org/

  15. Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: Proceedings of the ACM/IEEE Symposium on Architecture for networking and communications systems, pp. 93–102. ACM Press, New York (2006)

    Chapter  Google Scholar 

  16. Dreger, H., Mai, M., Feldmann, A., Paxson, V., Sommer, R.: Dynamic application-layer protocol analysis for network intrusion detection. In: Usenix Security Symposium (2006)

    Google Scholar 

  17. l7filter: http://l7-filter.sourceforge.net/

  18. gprof: http://www.gnu.org/software/binutils/manual/gprof-2.9.1/

  19. Bernaille, L., Teixeira, R.: Early recognition of encrypted applications. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 165–175. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre National de la Recherche Scientifique (CNRS) and, Université Pierre et Marie Curie - Paris 6, Paris, France

    Laurent Bernaille & Renata Teixeira

Authors
  1. Laurent Bernaille
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Renata Teixeira
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Serge Fdida Kazunori Sugiura

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernaille, L., Teixeira, R. (2007). Implementation Issues of Early Application Identification. In: Fdida, S., Sugiura, K. (eds) Sustainable Internet. AINTEC 2007. Lecture Notes in Computer Science, vol 4866. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76809-8_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76809-8_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76808-1

  • Online ISBN: 978-3-540-76809-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation