Efficient application identification and the temporal and spatial stability of classification schema

被引:102
作者
Li, Wei [1 ]
Canini, Marco [2 ]
Moore, Andrew W. [1 ]
Bolla, Raffaele [2 ]
机构
[1] Univ Cambridge, Comp Lab, Cambridge CB2 3QG, England
[2] Univ Genoa, DIST, Genoa, Italy
基金
英国工程与自然科学研究理事会;
关键词
Traffic classification; Application identification; Deep-packet inspection; Machine learning; Temporal decay; Spatial stability;
D O I
10.1016/j.comnet.2008.11.016
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Motivated by the importance of accurate identification for a range of applications, this paper compares and contrasts the effective and efficient classification of network-based applications using behavioral observations of network-traffic and those using deep-packet inspection. Importantly, throughout our work we are able to make comparison with data possessing an accurate, independently determined ground-truth that describes the actual applications causing the network-traffic observed. In a unique study in both the spatial-domain: comparing across different network-locations and in the temporal-domain: comparing across a number of years of data, we illustrate the decay in classification accuracy across a range of application-classification mechanisms. Further, we document the accuracy of spatial classification without training data possessing spatial diversity. Finally, we illustrate the classification of UDP traffic. We use the same classification approach for both stateful flows (TCP) and stateless flows based upon UDP. Importantly, we demonstrate high levels of accuracy: greater than 92% for the worst circumstance regardless of the application. (C) 2008 Elsevier B.V. All rights reserved.
引用
收藏
页码:790 / 809
页数:20
相关论文
共 35 条
  • [1] [Anonymous], 2006, P 2 ANN ACM WORKSH M
  • [2] [Anonymous], APPL LAYER PACKET CL
  • [3] [Anonymous], P 5 IEEE INT S NETW
  • [4] [Anonymous], 2005, P ACM SIGMETRICS
  • [5] [Anonymous], P 8 PASS ACT MEAS C
  • [6] BERNAILLE L, 2006, P 2006 ACM C EM NETW
  • [7] On the double-faced nature of P2P traffic
    Bolla, Raffaele
    Canini, Marco
    Rapuzzi, Riccardo
    Sciuto, Michele
    [J]. PROCEEDINGS OF THE 16TH EUROMICRO CONFERENCE ON PARALLEL, DISTRIBUTED AND NETWORK-BASED PROCESSING, 2008, : 524 - 530
  • [8] BONFIGLIO D, 2007, P 2007 ACM SIGCOMM A
  • [9] CANINI M, GTVS BOOSTING COLLEC
  • [10] CANINI M, 2009, P 1 INT C COMM SYST