A Survey of Payload-Based Traffic Classification Approaches

Internet traffic classification has been the subject of intensive study since the birth of the Internet itself. Indeed, the evolution of approaches for traffic classification can be associated with the evolution of the Internet itself and with the adoption of new services and the emergence of novel applications and communication paradigms. Throughout the years many approaches have been proposed for addressing technical issues imposed by such novel services. Deep-Packet Inspection (DPI) has been a very important research topic within the traffic classification field and its concept consists of the analysis of the contents of the captured packets in order to accurately and timely discriminate the traffic generated by different Internet protocols. DPI was devised as a means to address several issues associated with port-based and statistical-based classification approaches in order to achieve an accurate and timely traffic classification. Many research works proposed different DPI schemes while many open-source modules have also become available for deployment. Surveys become then valuable tools for performing an overall analysis, study and comparison between the several proposed methods. In this paper we present a survey in which a complete and thorough analysis of the most important open-source DPI modules is performed. Such analysis comprises an evaluation of the classification accuracy, through a common set of traffic traces with ground truth, and of the computational requirements. In this manner, this survey presents a technical assessment of DPI modules and the analysis of the obtained evaluation results enable the proposal of general guidelines for the design and implementation of more adequate DPI modules.