Author/Authors :
Li, Chenglong Tsinghua National Lab for Information Science and Technology (TNList), China , Li, Chenglong Tsinghua University - Department of Computer Science Technology, China , Xue, Yibo Tsinghua University - Research Institute of Information Technology (RIIT), China , Xue, Yibo Tsinghua National Lab for Information Science and Technology (TNList), China , Dong, Yingfei University of Hawaii - Department of Electrical Engineering, USA , Wang, Dongsheng Tsinghua National Lab for Information Science and Technology (TNList), China , Wang, Dongsheng Tsinghua University - Research Institute of Information Technology(RIIT), China
Abstract :
Traffic classification is critical to effective network management. However, more and more proprietary, encrypted, and dynamic protocols make traditional traffic classification methods less effective. A Message and Command Correlation (MCC) method was developed to identify interactive protocols (such as P2P file sharing protocols and Instant Messaging (IM) protocols) by session analyses. Unlike traditional packet-based classification approaches, this method exploits application session information by clustering packets into application messages which are used for further classification. The efficacy and accuracy of the MCC method was evaluated with real world traffic,including P2P file sharing protocols Thunder and Bit- Torrent, and IM protocols QQ and GTalk. The tests show that the false positive rate is less than 3% and the false negative rate is below 8%, and that MCC only needs to check 8.7% of the packets or 0.9% of the traffic. Therefore, this approach has great potential for accurately and quickly discovering new types of interactive application protocols.
Keywords :
traffic classification , session , network management , correlation , interactive
