Towards self adaptive network traffic classification
A critical aspect of network management from an operator’s perspective is the ability to understand or classify all traffic that traverses the network. The failure of port based traffic classification technique triggered an interest in discovering signatures based on packet content. However, this ap...
Gespeichert in:
| Veröffentlicht in: | Computer communications 2015-02, Vol.56, p.35-46 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 46 |
|---|---|
| container_issue | |
| container_start_page | 35 |
| container_title | Computer communications |
| container_volume | 56 |
| creator | Tongaonkar, Alok Torres, Ruben Iliofotou, Marios Keralapura, Ram Nucci, Antonio |
| description | A critical aspect of network management from an operator’s perspective is the ability to understand or classify all traffic that traverses the network. The failure of port based traffic classification technique triggered an interest in discovering signatures based on packet content. However, this approach involves manually reverse engineering all the applications/protocols that need to be identified. This suffers from the problem of scalability; keeping up with the new applications that come up everyday is very challenging and time-consuming. Moreover, the traditional approach of developing signatures once and using them in different networks suffers from low coverage. In this work, we present a novel fully automated packet payload content (PPC) based network traffic classification system that addresses the above shortcomings. Our system learns new application signatures in the network where classification is desired. Furthermore, our system adapts the signatures as the traffic for an application changes. Based on real traces from several service providers, we show that our system is capable of detecting (1) tunneled or wrapped applications, (2) applications that use random ports, and (3) new applications. Moreover, it is robust to routing asymmetry, an important requirement in large ISPs, and has high precision (>97%). Finally, our system is easy to deploy and setup and performs classification in real-time. |
| doi_str_mv | 10.1016/j.comcom.2014.03.026 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1677990974</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0140366414001236</els_id><sourcerecordid>1677990974</sourcerecordid><originalsourceid>FETCH-LOGICAL-c475t-b1eb9a161573df8166b3fc61f4be0a731ad1d4d4d29babff8872332035ee9aad3</originalsourceid><addsrcrecordid>eNp9kE9LAzEQxYMoWKvfwMMeveyabNJk9yJI8R8UvFTwFmaTCaRuNzXZtvjtTVnPMgMzMO89mB8ht4xWjDJ5v6lM2OauaspERXlFa3lGZqxRvFSUf56TWT7QkkspLslVShtKqVCKz4hYhyNEm4qEvSvAwm70BywGHI8hfhVjBOe8KUwPKfm8wejDcE0uHPQJb_7mnHw8P62Xr-Xq_eVt-bgqjVCLsewYdi0wyRaKW9cwKTvujGROdEhBcQaWWZGrbjvonGsaVXNeU75AbAEsn5O7KXcXw_ce06i3Phnsexgw7JNmUqm2pa0SWSomqYkhpYhO76LfQvzRjOoTJL3REyR9gqQp1xlStj1MNsxvHDxGnYzHwaD1Ec2obfD_B_wC5rJypQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1677990974</pqid></control><display><type>article</type><title>Towards self adaptive network traffic classification</title><source>Elsevier ScienceDirect Journals Complete</source><creator>Tongaonkar, Alok ; Torres, Ruben ; Iliofotou, Marios ; Keralapura, Ram ; Nucci, Antonio</creator><creatorcontrib>Tongaonkar, Alok ; Torres, Ruben ; Iliofotou, Marios ; Keralapura, Ram ; Nucci, Antonio</creatorcontrib><description>A critical aspect of network management from an operator’s perspective is the ability to understand or classify all traffic that traverses the network. The failure of port based traffic classification technique triggered an interest in discovering signatures based on packet content. However, this approach involves manually reverse engineering all the applications/protocols that need to be identified. This suffers from the problem of scalability; keeping up with the new applications that come up everyday is very challenging and time-consuming. Moreover, the traditional approach of developing signatures once and using them in different networks suffers from low coverage. In this work, we present a novel fully automated packet payload content (PPC) based network traffic classification system that addresses the above shortcomings. Our system learns new application signatures in the network where classification is desired. Furthermore, our system adapts the signatures as the traffic for an application changes. Based on real traces from several service providers, we show that our system is capable of detecting (1) tunneled or wrapped applications, (2) applications that use random ports, and (3) new applications. Moreover, it is robust to routing asymmetry, an important requirement in large ISPs, and has high precision (>97%). Finally, our system is easy to deploy and setup and performs classification in real-time.</description><identifier>ISSN: 0140-3664</identifier><identifier>EISSN: 1873-703X</identifier><identifier>DOI: 10.1016/j.comcom.2014.03.026</identifier><language>eng</language><publisher>Elsevier B.V</publisher><subject>Asymmetry ; Classification ; Network monitoring ; Networks ; Payloads ; Ports ; Routing (telecommunications) ; Signatures ; Traffic classification ; Traffic engineering ; Traffic flow</subject><ispartof>Computer communications, 2015-02, Vol.56, p.35-46</ispartof><rights>2014 Elsevier B.V.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c475t-b1eb9a161573df8166b3fc61f4be0a731ad1d4d4d29babff8872332035ee9aad3</citedby><cites>FETCH-LOGICAL-c475t-b1eb9a161573df8166b3fc61f4be0a731ad1d4d4d29babff8872332035ee9aad3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0140366414001236$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3537,27901,27902,65534</link.rule.ids></links><search><creatorcontrib>Tongaonkar, Alok</creatorcontrib><creatorcontrib>Torres, Ruben</creatorcontrib><creatorcontrib>Iliofotou, Marios</creatorcontrib><creatorcontrib>Keralapura, Ram</creatorcontrib><creatorcontrib>Nucci, Antonio</creatorcontrib><title>Towards self adaptive network traffic classification</title><title>Computer communications</title><description>A critical aspect of network management from an operator’s perspective is the ability to understand or classify all traffic that traverses the network. The failure of port based traffic classification technique triggered an interest in discovering signatures based on packet content. However, this approach involves manually reverse engineering all the applications/protocols that need to be identified. This suffers from the problem of scalability; keeping up with the new applications that come up everyday is very challenging and time-consuming. Moreover, the traditional approach of developing signatures once and using them in different networks suffers from low coverage. In this work, we present a novel fully automated packet payload content (PPC) based network traffic classification system that addresses the above shortcomings. Our system learns new application signatures in the network where classification is desired. Furthermore, our system adapts the signatures as the traffic for an application changes. Based on real traces from several service providers, we show that our system is capable of detecting (1) tunneled or wrapped applications, (2) applications that use random ports, and (3) new applications. Moreover, it is robust to routing asymmetry, an important requirement in large ISPs, and has high precision (>97%). Finally, our system is easy to deploy and setup and performs classification in real-time.</description><subject>Asymmetry</subject><subject>Classification</subject><subject>Network monitoring</subject><subject>Networks</subject><subject>Payloads</subject><subject>Ports</subject><subject>Routing (telecommunications)</subject><subject>Signatures</subject><subject>Traffic classification</subject><subject>Traffic engineering</subject><subject>Traffic flow</subject><issn>0140-3664</issn><issn>1873-703X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><recordid>eNp9kE9LAzEQxYMoWKvfwMMeveyabNJk9yJI8R8UvFTwFmaTCaRuNzXZtvjtTVnPMgMzMO89mB8ht4xWjDJ5v6lM2OauaspERXlFa3lGZqxRvFSUf56TWT7QkkspLslVShtKqVCKz4hYhyNEm4qEvSvAwm70BywGHI8hfhVjBOe8KUwPKfm8wejDcE0uHPQJb_7mnHw8P62Xr-Xq_eVt-bgqjVCLsewYdi0wyRaKW9cwKTvujGROdEhBcQaWWZGrbjvonGsaVXNeU75AbAEsn5O7KXcXw_ce06i3Phnsexgw7JNmUqm2pa0SWSomqYkhpYhO76LfQvzRjOoTJL3REyR9gqQp1xlStj1MNsxvHDxGnYzHwaD1Ec2obfD_B_wC5rJypQ</recordid><startdate>20150201</startdate><enddate>20150201</enddate><creator>Tongaonkar, Alok</creator><creator>Torres, Ruben</creator><creator>Iliofotou, Marios</creator><creator>Keralapura, Ram</creator><creator>Nucci, Antonio</creator><general>Elsevier B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20150201</creationdate><title>Towards self adaptive network traffic classification</title><author>Tongaonkar, Alok ; Torres, Ruben ; Iliofotou, Marios ; Keralapura, Ram ; Nucci, Antonio</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c475t-b1eb9a161573df8166b3fc61f4be0a731ad1d4d4d29babff8872332035ee9aad3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Asymmetry</topic><topic>Classification</topic><topic>Network monitoring</topic><topic>Networks</topic><topic>Payloads</topic><topic>Ports</topic><topic>Routing (telecommunications)</topic><topic>Signatures</topic><topic>Traffic classification</topic><topic>Traffic engineering</topic><topic>Traffic flow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Tongaonkar, Alok</creatorcontrib><creatorcontrib>Torres, Ruben</creatorcontrib><creatorcontrib>Iliofotou, Marios</creatorcontrib><creatorcontrib>Keralapura, Ram</creatorcontrib><creatorcontrib>Nucci, Antonio</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer communications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Tongaonkar, Alok</au><au>Torres, Ruben</au><au>Iliofotou, Marios</au><au>Keralapura, Ram</au><au>Nucci, Antonio</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Towards self adaptive network traffic classification</atitle><jtitle>Computer communications</jtitle><date>2015-02-01</date><risdate>2015</risdate><volume>56</volume><spage>35</spage><epage>46</epage><pages>35-46</pages><issn>0140-3664</issn><eissn>1873-703X</eissn><abstract>A critical aspect of network management from an operator’s perspective is the ability to understand or classify all traffic that traverses the network. The failure of port based traffic classification technique triggered an interest in discovering signatures based on packet content. However, this approach involves manually reverse engineering all the applications/protocols that need to be identified. This suffers from the problem of scalability; keeping up with the new applications that come up everyday is very challenging and time-consuming. Moreover, the traditional approach of developing signatures once and using them in different networks suffers from low coverage. In this work, we present a novel fully automated packet payload content (PPC) based network traffic classification system that addresses the above shortcomings. Our system learns new application signatures in the network where classification is desired. Furthermore, our system adapts the signatures as the traffic for an application changes. Based on real traces from several service providers, we show that our system is capable of detecting (1) tunneled or wrapped applications, (2) applications that use random ports, and (3) new applications. Moreover, it is robust to routing asymmetry, an important requirement in large ISPs, and has high precision (>97%). Finally, our system is easy to deploy and setup and performs classification in real-time.</abstract><pub>Elsevier B.V</pub><doi>10.1016/j.comcom.2014.03.026</doi><tpages>12</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0140-3664 |
| ispartof | Computer communications, 2015-02, Vol.56, p.35-46 |
| issn | 0140-3664 1873-703X |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1677990974 |
| source | Elsevier ScienceDirect Journals Complete |
| subjects | Asymmetry Classification Network monitoring Networks Payloads Ports Routing (telecommunications) Signatures Traffic classification Traffic engineering Traffic flow |
| title | Towards self adaptive network traffic classification |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-14T21%3A02%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Towards%20self%20adaptive%20network%20traffic%20classification&rft.jtitle=Computer%20communications&rft.au=Tongaonkar,%20Alok&rft.date=2015-02-01&rft.volume=56&rft.spage=35&rft.epage=46&rft.pages=35-46&rft.issn=0140-3664&rft.eissn=1873-703X&rft_id=info:doi/10.1016/j.comcom.2014.03.026&rft_dat=%3Cproquest_cross%3E1677990974%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1677990974&rft_id=info:pmid/&rft_els_id=S0140366414001236&rfr_iscdi=true |