Issues and future directions in traffic classification

Dainotti, Alberto; Pescapè, Antonio; Claffy, Kimberly C.

doi:10.1109/mnet.2012.6135854

Cited by 514 publications

(230 citation statements)

References 14 publications

Supporting

Mentioning

226

Contrasting

Unclassified

Order By: Relevance

“…Internet traffic classification techniques such as port number matching, payload signature matching, statistics, and application behavior-based methods have been the foundation for traffic classification engines for many years [1], [3], [8], [9]. However, these methods are not yet applicable to real Copyright c 2014 The Institute of Electronics, Information and Communication Engineers networks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Lightweight Software Model for Signature-Based Application-Level Traffic Classification System

Park

Yoon

Won

et al. 2014

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYInternet traffic classification is an essential step for stable service provision. The payload signature classifier is considered a reliable method for Internet traffic classification but is prohibitively computationally expensive for real-time handling of large amounts of traffic on high-speed networks. In this paper, we describe several design techniques to minimize the search space of traffic classification and improve the processing speed of the payload signature classifier. Our suggestions are (1) selective matching algorithms based on signature type, (2) signature reorganization using hierarchical structure and traffic locality, and (3) early packet sampling in flow. Each can be applied individually, or in any combination in sequence. The feasibility of our selections is proved via experimental evaluation on traffic traces of our campus and a commercial ISP. We observe 2 to 5 times improvement in processing speed against the untuned classification system and Snort Engine, while maintaining the same level of accuracy.

show abstract

Section: Related Workmentioning

confidence: 99%

“…In previous studies, categorization was not associated with an application name but rather an L7 protocol name [1]- [3]. However, criteria for application naming are needed because many applications can use an L7 protocol such as hypertext transfer protocol (HTTP) for various purposes.…”

Section: Introductionmentioning

confidence: 99%

A Lightweight Software Model for Signature-Based Application-Level Traffic Classification System

Park

Yoon

Won

et al. 2014

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…Alternative protocol identification strategies that have been explored include using packet sizes and timings [6,51], the types and number connections initiated by a host (its "social behavior") [23,26], and various machine learning techniques [33,34,55]. However, the feasibility of deploying more sophisticated classification strategies for DPI at scale remains unclear [11,34,40].…”

Section: Related Workmentioning

confidence: 99%

Protocol misidentification made easy with format-transforming encryption

Dyer

Coull²,

Ristenpart

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

Deep packet inspection (DPI) technologies provide muchneeded visibility and control of network traffic using portindependent protocol identification, where a network flow is labeled with its application-layer protocol based on packet contents. In this paper, we provide the first comprehensive evaluation of a large set of DPI systems from the point of view of protocol misidentification attacks, in which adversaries on the network attempt to force the DPI to mislabel connections. Our approach uses a new cryptographic primitive called format-transforming encryption (FTE), which, intuitively, extends conventional symmetric encryption with the ability to transform the ciphertext into a format of our choosing. We design an FTE-based record layer that can encrypt arbitrary application-layer traffic, and we experimentally show that this forces misidentification for all of the evaluated DPI systems. This set includes a proprietary, enterprise-class DPI system used by large corporations and nation-states. We also show that using FTE as a proxy system incurs no latency overhead and only 16% more bandwidth than standard SSH tunnels. Finally, we integrate our FTE proxy into Tor and demonstrate that it evades realworld censorship by the Great Firewall of China.

show abstract

“…network management system to network system security [1], from benefit separation to network traffic engineering, from slant investigation to network traffic research [3].…”

Section: Introductionmentioning

confidence: 99%

An Effective New Approach for Network Traffic Classification

2018

IJBPAS

View full text Add to dashboard Cite

show abstract

Issues and future directions in traffic classification

Cited by 514 publications

References 14 publications

A Lightweight Software Model for Signature-Based Application-Level Traffic Classification System

A Lightweight Software Model for Signature-Based Application-Level Traffic Classification System

Protocol misidentification made easy with format-transforming encryption

An Effective New Approach for Network Traffic Classification

Contact Info

Product

Resources

About