Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Towards Context-Based Flow Classification
ICAS '06 Proceedings of the International Conference on Autonomic and Autonomous Systems
P2P Traffic Identification by TCP Flow Analysis
IWNAS '06 Proceedings of the 2006 International Workshop on Networking, Architecture, and Storages
Identifying Known and Unknown Peer-to-Peer Traffic
NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Byte me: a case for byte accuracy in traffic classification
Proceedings of the 3rd annual ACM workshop on Mining network data
Offline/realtime traffic classification using semi-supervised learning
Performance Evaluation
A comparative analysis of web and peer-to-peer traffic
Proceedings of the 17th international conference on World Wide Web
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
A traffic identification method and evaluations for a pure p2p application
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Finding peer-to-peer file-sharing using coarse network behaviors
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
Data identification and classification is a key task for any Internet Service Provider (ISP) or network administrator. As port fluctuation and encryption become more common in P2P applications wishing to avoid identification, new strategies must be developed to detect and classify their flows. This article introduces a method of separating P2P and standard web traffic that can be applied as part of an offline data analysis process, based on the activity of the hosts on the network. Heuristics are analyzed and a classification system proposed that focuses on classifying those “long” flows that transfer most of the bytes across a network. The accuracy of the system is then tested using real network traffic from a core Internet router showing misclassification rates as low as 0.54% of flows in some cases. We expand on this proposed strategy to investigate its relevance to real-time, early classification problems. New proposals are made and the results of real-time experiments are compared to those obtained in the offline analysis. It is shown that classification accuracies in the real-time strategy are similar to those achieved in offline analysis with a large portion of the total web and P2P flows correctly identified.