Improving matching performance of DPI traffic classifier

Authors:
Tingwen Liu;Yong Sun;Li Guo;Binxing Fang
Affiliations:
Graduate University of Chinese Academy of Sciences, Beijing;Chinese Academy of Sciences and National Engineering Laboratory for Information Security Technologies;Chinese Academy of Sciences and National Engineering Laboratory for Information Security Technologies;Chinese Academy of Sciences and National Engineering Laboratory for Information Security Technologies
Venue:
Proceedings of the 2011 ACM Symposium on Applied Computing
Year:
2011

Citing 12
Cited 0

BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A Longitudinal Study of P2P Traffic Classification

MASCOTS '06 Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation
Traffic classification using clustering algorithms

Proceedings of the 2006 SIGCOMM workshop on Mining network data
Unexpected means of protocol inference

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Fast and memory-efficient regular expression matching for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Traffic classification through simple statistical fingerprinting

ACM SIGCOMM Computer Communication Review
A Machine Learning Approach for Efficient Traffic Classification

MASCOTS '07 Proceedings of the 2007 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
A scalable multithreaded L7-filter design for multi-core servers

Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Traffic Classification Based on Flow Similarity

IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Improving cost and accuracy of DPI traffic classifiers

Proceedings of the 2010 ACM Symposium on Applied Computing
Composite lightweight traffic classification system for network management

International Journal of Network Management
Link homophily in the application layer and its usage in traffic classification

INFOCOM'10 Proceedings of the 29th conference on Information communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traffic classification through DPI technology is considered spending most CPU time in pattern matching, leading to the conclusion that it is not suitable for classifying traffic online on high speed networks. In this paper we focus on how to improve matching performance. We believe that performance can be improved by exploiting some characteristics of network traffic: magic first symbol and zipf-like distribution of application traffic. To the best of our knowledge, we are the first to observe and utilize them in traffic classification. In this paper, we analysis the expected matching times per flow before it is classified. Then, we introduce an enhanced traffic classification engine with the help of above characteristics and some optimizations, which has the same matching accuracy with the original L7-filter engine. We evaluate the enhanced engine, the result shows that it can improve matching performance with one order of magnitude, at the cost of a negligible increase in memory consumption. Furthermore, it does not depend on network environments and not require any training phase.