KISS: stochastic packet inspection classifier for UDP traffic

Authors:
Alessandro Finamore;Marco Mellia;Michela Meo;Dario Rossi
Affiliations:
Politecnico di Torino, Torino, Italy;Politecnico di Torino, Torino, Italy;Politecnico di Torino, Torino, Italy;ENST Telecom ParisTech, Paris, France
Venue:
IEEE/ACM Transactions on Networking (TON)
Year:
2010

Citing 21
Cited 8

Empirically derived analytic models of wide-area TCP connections

IEEE/ACM Transactions on Networking (TON)
An introduction to support Vector Machines: and other kernel-based learning methods

An introduction to support Vector Machines: and other kernel-based learning methods
An analysis of Internet chat systems

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Accurate, scalable in-network identification of p2p traffic using application signatures

Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Profiling internet backbone traffic: behavior models and applications

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures

Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Unexpected means of protocol inference

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Traffic classification through simple statistical fingerprinting

ACM SIGCOMM Computer Communication Review
Revealing skype traffic: when randomness plays with you

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Offline/realtime traffic classification using semi-supervised learning

Performance Evaluation
Early application identification

CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Internet traffic classification demystified: myths, caveats, and the best practices

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
KISS: Stochastic Packet Inspection

TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Measuring IP and TCP behavior on edge nodes with Tstat

Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward the accurate identification of network applications

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
A survey of techniques for internet traffic classification using machine learning

IEEE Communications Surveys & Tutorials
Building a cooperative P2P-TV application over a wise network: the approach of the European FP-7 strep NAPA-WINE

IEEE Communications Magazine

Mining unclassified traffic using automatic clustering techniques

TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Uncovering the big players of the web

TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Unmasking the growing UDP traffic in a campus network

PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Exploiting packet-sampling measurements for traffic characterization and classification

International Journal of Network Management
Unsupervised traffic classification using flow statistical properties and IP packet payload

Journal of Computer and System Sciences
Robust network traffic identification with unknown applications

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
An information-theoretical approach to high-speed flow nature identification

IEEE/ACM Transactions on Networking (TON)
Reviewing traffic classification

DataTraffic Monitoring and Analysis

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes KISS, a novel Internet classification engine. Motivated by the expected raise of UDP traffic, which stems from the momentum of Peer-to-Peer (P2P) streaming applications, we propose a novel classification framework that leverages on statistical characterization of payload. Statistical signatures are derived by the means of a Chi-Square (χ2)-like test, which extracts the protocol "format," but ignores the protocol "semantic" and "synchronization" rules. The signatures feed a decision process based either on the geometric distance among samples, or on Support Vector Machines. KISS is very accurate, and its signatures are intrinsically robust to packet sampling, reordering, and flow asymmetry, so that it can be used on almost any network. KISS is tested in different scenarios, considering traditional client-server protocols, VoIP, and both traditional and new P2P Internet applications. Results are astonishing. The average True Positive percentage is 99.6%, with the worst case equal to 98.1,% while results are almost perfect when dealing with new P2P streaming applications.