Fast Traffic Classification Using Joint Distribution of Packet Size and Estimated Protocol Processing Time

Rentao GU
Hongxiang WANG
Yongmei SUN
Yuefeng JI

IEICE TRANSACTIONS on Information and Systems   Vol.E93-D    No.11    pp.2944-2952
Publication Date: 2010/11/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E93.D.2944
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Architectures, Protocols, and Applications for the Future Internet)
protocols,  Internet,  traffic classification,  high-speed networks,  joint probability distribution,  

Full Text: PDF(1.3MB)>>
Buy this Article

A novel approach for fast traffic classification for the high speed networks is proposed, which bases on the protocol behavior statistical features. The packet size and a new parameter named "Estimated Protocol Processing Time" are collected from the real data flows. Then a set of joint probability distributions is obtained to describe the protocol behaviors and classify the traffic. Comparing the parameters of an unknown flow with the pre-obtained joint distributions, we can judge which application protocol the unknown flow belongs to. Distinct from other methods based on traditional inter-arrival time, we use the "Estimated Protocol Processing Time" to reduce the location dependence and time dependence and obtain better results than traditional traffic classification method. Since there is no need for character string searching and parallel feature for hardware implementation with pipeline-mode data processing, the proposed approach can be easily deployed in the hardware for real-time classification in the high speed networks.

open access publishing via