There are several techniques for classifying internet traffic, i.e. associating a flow of packets to the application that generated it. Among these techniques, Shallow Packet Inspection makes a decision by considering only the outermost packet header and other statistical characteristics of the packet process and, therefore, is well suited to perform classification of obfuscated or encrypted traffic. In particular, the packet arrival process is an interesting feature for traffic classification because cannot be easily obfuscated or manipulated. In this paper, we propose a novel technique using the measured burstiness of the packet sources over different time scales to distinguish among different internet applications. The effectiveness of this technique is experimentally evaluated with both synthetic data and real traffic traces. Synthetic traffic traces make it possible to give an estimation of the classification error rate that the algorithm can achieve, while experiments with real traffic data show that the most common Internet applications are identified with an error rate similar to the more intrusive Deep Packet Inspection.

Using packet interarrival times for internet traffic classification / Rottondi, C.; Verticale, G.. - ELETTRONICO. - (2011). (Intervento presentato al convegno 2011 IEEE 3rd Latin-American Conference on Communications, LATINCOM 2011; tenutosi a Belem do Para (Brazil) nel 24 October 2011 through 26 October 2011) [10.1109/LatinCOM.2011.6107404].

Using packet interarrival times for internet traffic classification

Rottondi, C.;
2011

Abstract

There are several techniques for classifying internet traffic, i.e. associating a flow of packets to the application that generated it. Among these techniques, Shallow Packet Inspection makes a decision by considering only the outermost packet header and other statistical characteristics of the packet process and, therefore, is well suited to perform classification of obfuscated or encrypted traffic. In particular, the packet arrival process is an interesting feature for traffic classification because cannot be easily obfuscated or manipulated. In this paper, we propose a novel technique using the measured burstiness of the packet sources over different time scales to distinguish among different internet applications. The effectiveness of this technique is experimentally evaluated with both synthetic data and real traffic traces. Synthetic traffic traces make it possible to give an estimation of the classification error rate that the algorithm can achieve, while experiments with real traffic data show that the most common Internet applications are identified with an error rate similar to the more intrusive Deep Packet Inspection.
2011
978-1-4673-0279-1
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2723361
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo