There are several techniques for classifying internet traffic, i.e. associating a flow of packets to the application that generated it. Among these techniques, Shallow Packet Inspection makes a decision by considering only the outermost packet header and other statistical characteristics of the packet process and, therefore, is well suited to perform classification of obfuscated or encrypted traffic. In particular, the packet arrival process is an interesting feature for traffic classification because cannot be easily obfuscated or manipulated. In this paper, we propose a novel technique using the measured burstiness of the packet sources over different time scales to distinguish among different internet applications. The effectiveness of this technique is experimentally evaluated with both synthetic data and real traffic traces. Synthetic traffic traces make it possible to give an estimation of the classification error rate that the algorithm can achieve, while experiments with real traffic data show that the most common Internet applications are identified with an error rate similar to the more intrusive Deep Packet Inspection.

Using Packet Interarrival Times for Internet TrafficClassification

ROTTONDI, CRISTINA EMMA MARGHERITA;VERTICALE, GIACOMO
2011

Abstract

There are several techniques for classifying internet traffic, i.e. associating a flow of packets to the application that generated it. Among these techniques, Shallow Packet Inspection makes a decision by considering only the outermost packet header and other statistical characteristics of the packet process and, therefore, is well suited to perform classification of obfuscated or encrypted traffic. In particular, the packet arrival process is an interesting feature for traffic classification because cannot be easily obfuscated or manipulated. In this paper, we propose a novel technique using the measured burstiness of the packet sources over different time scales to distinguish among different internet applications. The effectiveness of this technique is experimentally evaluated with both synthetic data and real traffic traces. Synthetic traffic traces make it possible to give an estimation of the classification error rate that the algorithm can achieve, while experiments with real traffic data show that the most common Internet applications are identified with an error rate similar to the more intrusive Deep Packet Inspection.
IEEE LATINCOM 2011, IEEE 3rd Latin-American Conference on Communications
9781467302777
Classification algorithms; Internet traffic modeling; traffic measurement
File in questo prodotto:
File Dimensione Formato  
latincom11.pdf

Accesso riservato

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 284.02 kB
Formato Adobe PDF
284.02 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11311/606688
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? ND
social impact