Abstract
The automatic identification of applications associated with network traffic is an essential step to apply quality-of-service policies and profile network usage. Our prior work proposes Early Application Identification, a method that accurately identifies the application after the first four packets of a TCP connection. However, an online implementation of this method faces two challenges: it needs to run at high speed and with limited memory. This paper addresses these issues. We propose an algorithm that implements Early Application Identification plus a number of computation and memory optimizations. An evaluation using traffic traces collected at our university network shows that this implementation can classify traffic at up to 6 Gbit/s. This speed is more than enough to classify traffic at current edge networks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., Faloutsos, M.: Is P2P dying or just hiding? In: IEEE Globecom (2004)
Roughan, M., Sen, S., Spatscheck, O., Duffield, N.: Class-of-service mapping for QoS: A statistical signature-based approach to ip traffic classification. In: Proceedings of ACM Internet Measurement Conference (2004)
Moore, A., Zuev, D.: Internet traffic classification using bayesian analysis. In: Proceedings of ACM SIGMETRICS (2005)
Karagiannis, T., Papagiannaki, D., Faloutsos, M.: Blinc: Multilevel traffic classification in the dark. In: Proceedings of ACM SIGCOMM (2005)
Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks 31, 2435–2463 (1999)
Snort: http://www.snort.org
Ma, J., Levchenko, K., Kreibich, C., Savage, S.: G M Voelker: Unexpected means of protocol inference. In: Proceedings of ACM Internet Measurement Confererence (2006)
McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 205–214. Springer, Heidelberg (2004)
Zuev, D., Moore, A.W.: Traffic classification using a statistical approach. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 321–324. Springer, Heidelberg (2005)
Bernaille, L., Teixeira, R., Salamatian, K.: Early application identification. In: Conference on Future Networking Technologies, CoNext (2006)
Estan, C., Keys, K., Moore, D., Varghese, G.: Building a better netflow. In: Proceedings of ACM SIGCOMM, pp. 245–256. ACM Press, New York (2004)
IPMON: http://ipmon.sprintlabs.com
Boyer, R., Moore, J.: A fast string searching algorithm. Communications of the ACM (1977)
Valgrind: http://valgrind.org/
Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: Proceedings of the ACM/IEEE Symposium on Architecture for networking and communications systems, pp. 93–102. ACM Press, New York (2006)
Dreger, H., Mai, M., Feldmann, A., Paxson, V., Sommer, R.: Dynamic application-layer protocol analysis for network intrusion detection. In: Usenix Security Symposium (2006)
l7filter: http://l7-filter.sourceforge.net/
gprof: http://www.gnu.org/software/binutils/manual/gprof-2.9.1/
Bernaille, L., Teixeira, R.: Early recognition of encrypted applications. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 165–175. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernaille, L., Teixeira, R. (2007). Implementation Issues of Early Application Identification. In: Fdida, S., Sugiura, K. (eds) Sustainable Internet. AINTEC 2007. Lecture Notes in Computer Science, vol 4866. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76809-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-76809-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76808-1
Online ISBN: 978-3-540-76809-8
eBook Packages: Computer ScienceComputer Science (R0)