Implementation Issues of Early Application Identification

Authors:
Laurent Bernaille;Renata Teixeira
Affiliations:
Centre National de la Recherche Scientifique (CNRS) and, Université Pierre et Marie Curie - Paris 6, Paris, France;Centre National de la Recherche Scientifique (CNRS) and, Université Pierre et Marie Curie - Paris 6, Paris, France
Venue:
AINTEC '07 Proceedings of the 3rd Asian conference on Internet Engineering: Sustainable Internet
Year:
2007

Citing 12
Cited 0

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
A fast string searching algorithm

Communications of the ACM
Building a better NetFlow

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Unexpected means of protocol inference

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Fast and memory-efficient regular expression matching for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Dynamic application-layer protocol analysis for network intrusion detection

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Early application identification

CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Early recognition of encrypted applications

PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Traffic classification using a statistical approach

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement

Quantified Score

Hi-index	0.00

Visualization

Abstract

The automatic identification of applications associated with network traffic is an essential step to apply quality-of-service policies and profile network usage. Our prior work proposes Early Application Identification, a method that accurately identifies the application after the first four packets of a TCP connection. However, an online implementation of this method faces two challenges: it needs to run at high speed and with limited memory. This paper addresses these issues. We propose an algorithm that implements Early Application Identificationplus a number of computation and memory optimizations. An evaluation using traffic traces collected at our university network shows that this implementation can classify traffic at up to 6 Gbit/s. This speed is more than enough to classify traffic at current edge networks.