Skip to main content
SpringerLink
Log in

A VoIP Traffic Identification Scheme Based on Host and Flow Behavior Analysis

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

With the development of network and multimedia coding techniques, more and more Voice over Internet Protocol (VoIP) applications have emerged. The traffic identification on VoIP applications becomes an important issue in network management and traffic analysis. In this paper, a new traffic identification scheme, which combines traffic flow statistic analysis with host behavior estimation, is proposed to identify the VoIP traffic at the transport layer of the Internet. The host IP addresses and the port numbers are examined as the host behavior to distinguish the VoIP traffic from traditional traffic flows. The packet size has been modeled by a function of entropy while the inter-packet time has been modeled by the self-adaptive estimation. The experiment results show that our scheme could obtain a stable performance. At the same time, the proposed scheme could maintain its validity when existing VoIP applications are updated or the new ones admitted. Both accuracy and flexibility can be improved.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Hilt, V., Hari, A., Hofmann, M.: An efficient and robust overlay routing scheme for VoIP. In: Proceedings of Fifth International Conference on Information, Communications and Signal, pp. 508–512 (2006)

  2. Internet Assigned Numbers Authority. http://www.iana.org

  3. Kang, H.-J., Kim, M.-S., Hong, J.W.-K.: A method on multimedia service traffic monitoring and analysis. In: Self-Managing Distributed Systems, vol. 2867/2004, pp. 489–501. Springer, Heidelberg (2004)

  4. Merwe, J. van der, Caceres, R., Chu, Y., Sreenan, C.: mmdump: a tool for monitoring internet multimedia traffic. In: ACM SIGCOMM Computer Communication Review, vol. 30, pp. 48–59. ACM, New York (2000)

  5. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of P2P using application signatures. In: Proceedings of the 13th international conference on World Wide Web, pp. 512–521. ACM, New York (2004)

  6. Choi, Y.: On the accuracy of signature-based traffic identification technique in IP networks. In: Proceedings of 2nd IEEE/IFIP International Workshop on Broadband Convergence Networks, pp. 1–12 (2007)

  7. Park, B.- C., Won, Y.J., Kim, M.-S.: Towards automated application signature generation for traffic identification. In: Proceedings of Network Operations and Management Symposium, pp. 160–167 (2008)

  8. Zuev, D., Moore, A.W.: Traffic classification using a statistical approach. In: Passive Active Measurement Workshop, vol. 3431/2005, pp. 321–324. Springer, Heidelberg (2005)

  9. Moore, A.W., Zuev, D.: Internet traffic classification using bayesian analysis techniques. In: Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 50–60. ACM, New York (2005)

  10. Auld, T., Moore, A.W., Gull, S.F.: Bayesian neural networks for internet traffic classification. IEEE Trans Neural Netw 18, 223–239 (2007)

    Article  Google Scholar 

  11. McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: Passive and Active Network Measurement, pp. 205–214, Springer, Heidelberg (2004)

  12. Erman, J., Mahanti, A., Arlitt, M.: Internet traffic identification using machine learning. In: Proceedings of 2006 Global Telecommunications Conference, pp. 1–6 (2006)

  13. Erman, J., Arlitt, M., Mahanti, A.: Traffic classification using clustering algorithms. In: Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data, pp. 281–286. ACM, New York (2006)

  14. Erman, J., Mahanti, A., Arlitt, M., Cohen, I., Williamson, C.: Semi-supervised network traffic classification. ACM SIGMETRICS Perform Eval. Rev. 35, 369–370 (2007)

    Article  Google Scholar 

  15. Erman, J., Mahanti, A., Arlitt, M., Cohen, I., Williamson, C.: Offline/real-time traffic classification using semi-supervised learning. Perform. Eval. 64(9–12), 1194–1213 (2007)

    Google Scholar 

  16. Raahemi, B., Zhong, W., Liu, J.: Peer-to-Peer traffic identification by mining IP layer data stream using concept-adapting very fast decision tree. In: Proceedings of 20th IEEE International Conference on Tools with Artificial Intelligence, vol. 1, pp. 525–532. IEEE Computer Society, Washington, DC (2008)

  17. Li, W., Moore, A. W.: A machine learning approach for efficient traffic classification. In: Proceedings of 15th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems, pp. 310–317. IEEE Computer Society, Washington, DC (2007)

  18. Deinski, I., De Meer, H., Han, L., Mathy, L., Pezaros, D.P., Sventek, J.S., Zhan, X.Y.: Cross-layer Peer-to-Peer traffic identification and optimization based on active networking. In: Proceedings of 7th International Working Conference on Active and Programmable Networks, pp. 13–27. Springer, Heidelberg (2005)

  19. Okabe, T., Kitamura, T., Shizuno, T.: Statistical traffic identification method based on flow-level behavior for fair VoIP service. In: Proceedings of IEEE Workshop on VoIP Management and Security, pp. 35–40 (2006)

  20. Karagiannis, T., Broido, A., Faloutsos, M., claffy, K.: Transport layer identification of P2P traffic. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 121–134, ACM, New York (2004)

  21. Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 229–240. ACM, New York (2005)

  22. Xu, K., Zhang, Z., Bhattacharyya, S.: Profiling internet backbone traffic: behavior models and applications. In: ACM SIGCOMM Computer Communication Review, vol. 35, no. 4, pp. 169–180. ACM, New York (2005)

  23. Du, P., Abe, S.: Detecting DoS attacks using packet size distribution. In: Proceedings of Bio-Inspired Models of Network, Information and Computing Systems, pp. 93–96 (2007)

  24. Moore, A.W., Zuev, D., Crogan, M.L., Discriminators for use in flow-based classification. In: Technical Report RR-05-13, Department of Computer Science, Queen Mary, University of London (2005)

  25. Tom-Skype web site. http://www.skype.tom.com

  26. Express Talk web site, http://www.nch.com.au/talk/index.html

  27. QQ web site. http://www.im.qq.com/

  28. MSN web site. http://www.msn.com/

  29. Combs, G., et al.: “Ethereal: a network protocol analyzer”. http://www.wireshark.org

  30. Skype trace web site. http://www.tstat.polito.it/traces-skype.shtml

  31. Global IP Sound web site. http://www.gipscorp.com/

  32. CAIDA web site. http://www.caida.org/home

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Tianjin University, No. 92 Weijin Road, Nankai District, Tianjin, 300072, China

    Bing Li

  2. School of Electrical and Electronic Engineering, Nanyang Technological University, Block S2, Nanyang Avenue, 639798, Singapore, Singapore

    Bing Li & Maode Ma

  3. School of Electronics and Information Engineering, Tianjin University, No. 92 Weijin Road, Nankai District, Tianjin, 300072, China

    Zhigang Jin

Authors
  1. Bing Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maode Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhigang Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhigang Jin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, B., Ma, M. & Jin, Z. A VoIP Traffic Identification Scheme Based on Host and Flow Behavior Analysis. J Netw Syst Manage 19, 111–129 (2011). https://doi.org/10.1007/s10922-010-9184-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-010-9184-7

Keywords

Search

Navigation