Early Internet Application Identification with Machine Learning Techniques

There is widespread interest in the research community for new IP traffic classification techniques, which are fundamental components for network management and surveillance. Nowadays, the most commonly used techniques are either based on the well-known TCP or UDP port numbers, or on the inspection of the packet payloads. Since an increasing number of applications adopt random port numbers or employ payload encryption, there is a growing interest for new techniques that exploit statistical features of the packet flows, which are difficult to conceal. These features include the length of the packets, the interarrival times, and other parameters that capture temporal correlations in the flow. In this paper, we propose to collect a new class of features based on the process of connection requests from the different traffic sources. These features are then used to help in the classification of traffic flows coming from those sources. Experimental results with real traffic traces show that there are some notable cases in which these features result in an increased classification performance.