BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A Longitudinal Study of P2P Traffic Classification
MASCOTS '06 Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Unexpected means of protocol inference
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Traffic classification through simple statistical fingerprinting
ACM SIGCOMM Computer Communication Review
A Machine Learning Approach for Efficient Traffic Classification
MASCOTS '07 Proceedings of the 2007 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
A scalable multithreaded L7-filter design for multi-core servers
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Traffic Classification Based on Flow Similarity
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Improving cost and accuracy of DPI traffic classifiers
Proceedings of the 2010 ACM Symposium on Applied Computing
Composite lightweight traffic classification system for network management
International Journal of Network Management
Link homophily in the application layer and its usage in traffic classification
INFOCOM'10 Proceedings of the 29th conference on Information communications
Hi-index | 0.00 |
Traffic classification through DPI technology is considered spending most CPU time in pattern matching, leading to the conclusion that it is not suitable for classifying traffic online on high speed networks. In this paper we focus on how to improve matching performance. We believe that performance can be improved by exploiting some characteristics of network traffic: magic first symbol and zipf-like distribution of application traffic. To the best of our knowledge, we are the first to observe and utilize them in traffic classification. In this paper, we analysis the expected matching times per flow before it is classified. Then, we introduce an enhanced traffic classification engine with the help of above characteristics and some optimizations, which has the same matching accuracy with the original L7-filter engine. We evaluate the enhanced engine, the result shows that it can improve matching performance with one order of magnitude, at the cost of a negligible increase in memory consumption. Furthermore, it does not depend on network environments and not require any training phase.