Abstract
The emergence of new Internet paradigms has changed the common properties of network data, increasing the bandwidth consumption and balancing traffic in both directions. These facts raise important challenges, making it necessary to devise effective solutions for managing network traffic. Since traditional methods are rather ineffective and easily bypassed, particular attention has been paid to the development of new approaches for traffic classification. This article surveys the studies on peer-to-peer traffic detection and classification, making an extended review of the literature. Furthermore, it provides a comprehensive analysis of the concepts and strategies for network monitoring.
- Adami, D., Callegari, C., Giordano, S., Pagano, M., and Pepe, T. 2009. A real-time algorithm for Skype traffic detection and classification. In Proceedings of the 9th International Conference on Next Generation Wired/Wireless Networking (NEW2AN'09). Lecture Notes in Computer Science, vol. 5764. Springer-Verlag, Berlin Heidelberg, 168--179. Google ScholarDigital Library
- Allman, M. and Paxson, V. 2007. Issues and etiquette concerning use of shared measurement data. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'07). ACM, New York, NY, 135--140. Google ScholarDigital Library
- Amer, P. D. and Cassel, L. N. 1989. Management of sampled real-time network measurements. In Proceedings of the 14th IEEE Conference on Local Computer Networks (LCN'89). IEEE Press, New York, NY, 62--68.Google Scholar
- Angevine, D. and Zincir-Heywood, A. N. 2008. A preliminary investigation of Skype traffic classification using a minimalist feature set. In Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES'08). IEEE Computer Society Press, 1075--1079. Google ScholarDigital Library
- Antoniades, D., Polychronakis, M., Antonatos, S., Markatos, E. P., Ubik, S., and Øslebø, A. 2006. Appmon: An application for accurate per application network traffic characterization. In Proceedings of the IST Broadband Europe Conference.Google Scholar
- Apisdorf, J., Claffy, K. C., Thompson, K., and Wilder, R. 1996. OC3MON: Flexible, affordable, high performance statistics collection. In Proceedings of the 10th USENIX Systems Administration Conference (LISA'96). USENIX Association, Berkeley, CA, 97--112. Google ScholarDigital Library
- Appmon. 2010. Appmon description. http://lobster.ics.forth.gr/∼appmon/appmon_description.html. (Last accessed 3/10).Google Scholar
- Arlitt, M. and Williamson, C. 2007. The extensive challenges of Internet application measurement. IEEE Netw. 21, 3, 41--46. Google ScholarDigital Library
- Auld, T., Moore, A. W., and Gull, S. F. 2007. Bayesian neural networks for Internet traffic classification. IEEE Trans. Neural Netw. 18, 1, 223--239. Google ScholarDigital Library
- Azzouna, N. B. and Guillemin, F. 2003. Analysis of ADSL traffic on an IP backbone link. In Proceedings of the IEEE Global Communications Conference (GlobeCom'03), Vol. 7. IEEE, 3742--3746.Google Scholar
- Baldi, M., Baldini, A., Cascarano, N., and Risso, F. 2009. Service-based traffic classification: Principles and validation. In Proceedings of the IEEE Sarnoff Symposium (SARNOFF'09). IEEE Press, Piscataway, NJ, 115--120. Google ScholarDigital Library
- Bartlett, G., Heidemann, J., and Papadopoulos, C. 2007a. Inherent behaviors for on-line detection of peer-to-peer file sharing. In Proceedings of the IEEE Global Internet Symposium. IEEE, 55--60.Google Scholar
- Bartlett, G., Heidemann, J., and Papadopoulos, C. 2007b. Understanding passive and active service discovery. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'07). ACM, New York, NY, 57--70. Google ScholarDigital Library
- Basher, N., Mahanti, A., Mahanti, A., Williamson, C., and Arlitt, M. 2008. A comparative analysis of web and peer-to-peer traffic. In Proceedings of the 17th International Conference on World Wide Web (WWW'08). ACM, New York, NY, 287--296. Google ScholarDigital Library
- Bernaille, L. and Teixeira, R. 2007. Early recognition of encrypted applications. In Proceedings of the Passive and Active Measurement Conference (PAM'07). Lecture Notes in Computer Science, vol. 4427, Springer-Verlag, Berlin Heidelberg, 165--175. Google ScholarDigital Library
- Bernaille, L., Teixeira, R., Akodjenou, I., Soule, A., and Salamatian, K. 2006a. Traffic classification on the fly. ACM SIGCOMM Comput. Commun. Rev. 36, 2, 23--26. Google ScholarDigital Library
- Bernaille, L., Teixeira, R., and Salamatian, K. 2006b. Early application identification. In Proceedings of the 2nd Conference on Future Networking Technologies (CoNEXT'06). ACM, 1--12. Google ScholarDigital Library
- Bin, L., Zhi-Tang, L., and Hao, T. 2007. A methodology for P2P traffic measurement using application signature work-in-progress. In Proceedings of the 2nd International Conference on Scalable Information Systems (InfoScale'07), vol. 304. ICST, Brussels, Belgium, 1--2. Google ScholarDigital Library
- Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., and Tofanelli, P. 2007. Revealing Skype traffic: When randomness plays with you. ACM SIGCOMM Comput. Commun. Rev. 37, 4, 37--48. Google ScholarDigital Library
- Branch, P. A., Heyde, A., and Armitage, G. J. 2009. Rapid identification of Skype traffic flows. In Proceedings of the 18th International Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV'09). ACM, New York, NY, 91--96. Google ScholarDigital Library
- Bro. 2010. Bro intrusion detection system. http://bro-ids.org. (Last accessed 3/10).Google Scholar
- Cáceres, R., Duffield, N., Feldmann, A., Friedmann, J. D., Greenberg, A., Greer, R., Johnson, T., Kalmanek, C. R., Krishnamurthy, B., Lavelle, D., Mishra, P. P., Rexford, J., Ramakrishnan, K. K., True, F. D., and van der Merwe, J. E. 2000. Measurement and analysis of IP network usage and behavior. IEEE Commun. Mag. 38, 5, 144--151. Google ScholarDigital Library
- Callado, A., Kamienski, C., Szabó, G., Gero, B. P., Kelner, J., Fernandes, S., and Sadok, D. 2009. A survey on Internet traffic identification. IEEE Commun. Surveys Tuts. 11, 3, 37--52. Google ScholarDigital Library
- Callado, A., Kelner, J., Sadok, D., Kamienski, C. A., and Fernandes, S. 2010. Better network traffic identification through the independent combination of techniques. J. Netw. Comput. Appl. 33, 4, 433--446. Google ScholarDigital Library
- Canini, M., Li, W., Moore, A. W., and Bolla, R. 2009. GTVS: Boosting the collection of application traffic ground truth. In Proceedings of the 1st International Workshop on Traffic Monitoring and Analysis (TMA'09). Springer Verlag, Heidelberg, Germany, 54--63. Google ScholarDigital Library
- Cao, J., Chen, A., Widjaja, I., and Zhou, N. 2008. Online identification of applications using statistical behavior analysis. In Proceedings of the IEEE Global Telecommunications Conference (GlobeCom'08). IEEE, 1--6.Google Scholar
- Carvalho, D. A., Pereira, M., and Freire, M. M. 2009a. Detection of peer-to-peer TV traffic through deep packet inspection. In Acta da 9ª Conference sobre Redes de Computadores. INESC-ID and Instituto Superior Técnico, 6.Google Scholar
- Carvalho, D. A., Pereira, M., and Freire, M. M. 2009b. Towards the detection of encrypted BitTorrent traffic through deep packet inspection. In Proceedings of the International Conference on Security Technology (SecTech'09). Communications in Computer and Information Science Series, vol. 58, Springer-Verlag, Berlin Heidelberg, 265--272.Google Scholar
- Cascarano, N., Ciminiera, L., and Risso, F. 2010a. Improving cost and accuracy of DPI traffic classifiers. In Proceedings of the 25th ACM Symposium on Applied Computing (SAC'10). ACM, New York, NY, 641--646. Google ScholarDigital Library
- Cascarano, N., Este, A., Gringoli, F., Risso, F., and Salgarelli, L. 2009. An experimental evaluation of the computational cost of a DPI traffic classifier. In Proceedings of the IEEE Global Communications Conference (GlobeCom'09). IEEE, 1--8. Google ScholarDigital Library
- Cascarano, N., Risso, F., Este, A., Gringoli, F., Finamore, A., and Mellia, M. 2010b. Comparing P2PTV traffic classifiers. In Proceedings of the IEEE International Conference on Communications (ICC'10). IEEE, 1--6.Google Scholar
- Cavallaro, L., Lanzi, A., Mayer, L., and Monga, M. 2008. LISABETH: Automated content-based signature generator for zero-day polymorphic worms. In Proceedings of the 4th International Workshop on Software Engineering for Secure Systems (SESS'08). ACM, New York, NY, 41--48. Google ScholarDigital Library
- Choi, K. and Choi, J. K. 2006. Pattern matching of packet payload for network traffic classification. In Proceedings of the Joint International Conference on Optical Internet and Next Generation Network (COIN-NGNCON'06). IEEE, 130--132.Google Scholar
- Chopra, D., Schulzrinne, H., Marocco, E., and Ivov, E. 2009. Peer-to-peer overlays for real-time communication: Security issues and solutions. IEEE Commun. Surv. Tut. 11, 1, 4--12. Google ScholarDigital Library
- Cisco NetFlow. 2010. http://www.cisco.com/web/go/netflow. (Last accessed 3/10).Google Scholar
- Claffy, K. C., Braun, H.-W., and Polyzos, G. C. 1995. A parameterizable methodology for Internet traffic flow profiling. IEEE J. Sel. Areas Commun. 13, 8, 1481--1494. Google ScholarDigital Library
- Claffy, K. C. and McCreary, S. 1999. Internet measurement and data analysis: Passive and active measurement. Am. Stat. Assoc.Google Scholar
- Constantinou, F. and Mavrommatis, P. 2006. Identifying known and unknown peer-to-peer traffic. In Proceedings of 5th IEEE International Symposium on Network Computing and Applications (NCA'06). IEEE, 93--102. Google ScholarDigital Library
- Couto, A., Nogueira, A., Salvador, P., and Valadas, R. 2008. Identification of peer-to-peer applications' flow patterns. In Proceedings of the Conference on Next Generation Internet Networks (NGI'08). IEEE, 292--299.Google Scholar
- Crotti, M., Dusi, M., Gringoli, F., and Salgarelli, L. 2007. Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37, 1, 5--16. Google ScholarDigital Library
- Crotti, M., Gringoli, F., Pelosato, P., and Salgarelli, L. 2006. A statistical approach to IP-level classification of network traffic. In Proceedings of the IEEE International Conference on Communications (ICC'06), Vol. 1. IEEE, 170--176.Google Scholar
- Crovella, M. and Krishnamurthy, B. 2006. Internet Measurement: Infrastructure, Traffic and Applications. John Wiley & Sons, Inc., New York, NY. Google ScholarDigital Library
- Dainotti, A., de Donato, W., Pescapè, A., and Rossi, P. S. 2008. Classification of network traffic via packet-level hidden markov models. In Proceedings of the IEEE Global Telecommunications Conference (GlobeCom'08). IEEE, 1--5.Google Scholar
- Dainotti, A., de Donato, W., Pescapé, A., and Ventre, G. 2009. TIE: A community-oriented traffic classification platform. In Proceedings of the 1st International Workshop on Traffic Monitoring and Analysis (TMA'09). Lecture Notes in Computer Science, vol. 5537, Springer-Verlag, Berlin Heidelberg, 64--74. Google ScholarDigital Library
- Dedinski, I., Meer, H. D., Han, L., Mathy, L., Pezaros, D. P., Sventek, J. S., and Xiaoying, Z. 2005. Cross-layer peer-to-peer traffic identification and optimization based on active networking. In Proceedings of the 7th Annual International Working Conference on Active and Programmable Networks (IWAN'05). Springer-Verlag, Berlin Heidelberg, 13--27. Google ScholarDigital Library
- Dewes, C., Wichmann, A., and Feldmann, A. 2003. An analysis of Internet chat systems. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'03). ACM, New York, NY, 51--64. Google ScholarDigital Library
- Dhamankar, R. and King, R. 2007. Protocol identification via statistical analysis (PISA). White Paper, Tipping Point.Google Scholar
- Duffield, N., Lund, C., and Thorup, M. 2005. Estimating flow distributions from sampled flow statistics. IEEE/ACM Trans. Netw. 13, 5, 933--946. Google ScholarDigital Library
- Duffield, N. G. 2004. Sampling for passive Internet measurement: A review. Stati. Sci. 19, 3, 472--498.Google Scholar
- Dusi, M., Crotti, M., Gringoli, F., and Salgarelli, L. 2008. Detection of encrypted tunnels across network boundaries. In Proceedings of the IEEE International Conference on Communications (ICC'08). IEEE, 1738--1744.Google Scholar
- Dusi, M., Crotti, M., Gringoli, F., and Salgarelli, L. 2009. Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting. Comput. Netw. 53, 1, 81--97. Google ScholarDigital Library
- Early, J. P., Brodley, C. E., and Rosenberg, C. 2003. Behavioral authentication of server flows. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC'03). IEEE Computer Society, Los Alamitos, CA, 46--55. Google ScholarDigital Library
- Ehlert, S. and Petgang, S. 2006. Analysis and signature of Skype VoIP session traffic. Tech. rep. NGNI-SKYPE-06b, Fraunhofer FOKUS, Berlin, Germany. July.Google Scholar
- Endace. 2011. Enterprise network monitoring tools--network security system--application performance monitoring. http://www.endace.com. (Last accessed 7/11).Google Scholar
- Erman, J., Arlitt, M., and Mahanti, A. 2006a. Traffic classification using clustering algorithms. In Proceedings of the ACM SIGCOMM Workshop on Mining Network Data (MineNet'06). ACM, New York, NY, 281--286. Google ScholarDigital Library
- Erman, J., Mahanti, A., and Arlitt, M. 2006b. Internet traffic identification using machine learning. In Proceedings of the IEEE Global Telecommunications Conference (GlobeCom'06). IEEE, 1--6.Google Scholar
- Erman, J., Mahanti, A., Arlitt, M., Cohen, I., and Williamson, C. 2007a. Offline/realtime traffic classification using semi-supervised learning. Perform. Eval. 64, 9-12, 1194--1213. Google ScholarDigital Library
- Erman, J., Mahanti, A., Arlitt, M., and Williamson, C. 2007b. Identifying and discriminating between web and peer-to-peer traffic in the network core. In Proceedings of the 16th International Conference on World Wide Web (WWW'07). ACM Press, New York, NY, 883--892. Google ScholarDigital Library
- Este, A., Gargiulo, F., Gringoli, F., Salgarelli, L., and Sansone, C. 2008. Pattern recognition approaches for classifying IP flows. In Proceedings of the Joint IAPR International Workshop on Structural, Syntactic, and Statistical Pattern Recognition (SSPR & SPR'08). Lecture Notes in Computer Science, vol. 5342, Springer-Verlag, Berlin Heidelberg, 885--895. Google ScholarDigital Library
- Este, A., Gringoli, F., and Salgarelli, L. 2009. Support vector machines for TCP traffic classification. Comput. Netw. 53, 14, 2476--2490. Google ScholarDigital Library
- Ettercap. 2010. http://ettercap.sourceforge.net. (Last accessed 3/10).Google Scholar
- Finamore, A., Mellia, M., Meo, M., and Rossi, D. 2009. KISS: Stochastic packet inspection. In Proceedings of the 1st International Workshop on Traffic Monitoring and Analysis (TMA'09). Lecture Notes in Computer Science, vol. 5537, Springer-Verlag, Berlin Heidelberg, 117--125. Google ScholarDigital Library
- Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., Rockell, R., Seely, T., and Diot, C. 2003. Packet-level traffic measurements from the Sprint IP backbone. IEEE Netw. 17, 6, 6--16. Google ScholarDigital Library
- Freire, E. P., Ziviani, A., and Salles, R. M. 2008a. Detecting Skype flows in web traffic. In Proceedings of the IEEE Network Operations and Management Symposium (NOMS'08). IEEE, 89--96.Google Scholar
- Freire, E. P., Ziviani, A., and Salles, R. M. 2008b. Detecting VoIP calls hidden in web traffic. IEEE Trans. Netw. Service Manag. 5, 4, 204--214. Google ScholarDigital Library
- Freire, M. M., Carvalho, D. A., and Pereira, M. 2009. Detection of encrypted traffic in eDonkey network through application signatures. In Proceedings of the 1st International Conference on Advances in P2P Systems (AP2PS'09). IEEE Computer Society Press, Los Alamitos, CA, 174--179. Google ScholarDigital Library
- Gerber, A., Houle, J., Nguyen, H., Roughan, M., and Sen, S. 2003. P2P, the gorilla in the cable. In Proceedings of the National Cable & Telecommunications Association (NCTA). 8--11.Google Scholar
- Gomes, J. V. P., Inácio, P. R. M., Freire, M. M., Pereira, M., and Monteiro, P. P. 2008. Analysis of peer-to-peer traffic using a behavioural method based on entropy. In Proceedings of the 27th IEEE International Performance Computing and Communications Conference (IPCCC'08). IEEE Computer Society Press, Los Alamitos, CA, 201--208.Google Scholar
- Gonzá1ez-Castaño, F. J., Rodríguez-Hernández, P. S., Martínez-Álvarez, R. P., Gómez, A., López-Cabido, I., and Villasuso-Barreiro, J. 2006. Support vector machine detection of peer-to-peer traffic. In Proceedings of IEEE International Conference on Computational Intelligence for Measurement Systems and Applications (CIMSA'06). IEEE, 103--108.Google Scholar
- Gringoli, F., Salgarelli, L., Dusi, M., Cascarano, N., Risso, F., and Claffy, K. C. 2009. GT: Picking up the truth from the ground for Internet traffic. ACM SIGCOMM Comput. Commun. Rev. 39, 5, 13--18. Google ScholarDigital Library
- Guo, Z. and Qiu, Z. 2008. Identification peer-to-peer traffic for high speed networks using packet sampling and application signatures. In Proceedings of the 9th International Conference on Signal Processing (ICSP'08). IEEE, 2013--2019.Google Scholar
- Haffner, P., Sen, S., Spatscheck, O., and Wang, D. 2005. ACAS: Automated construction of application signatures. In Proceedings of the ACM SIGCOMM Workshop on Mining Network Data (MineNet'05). ACM, New York, NY, 197--202. Google ScholarDigital Library
- Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., and Witten, I. H. 2009. The WEKA data mining software: An update. ACM SIGKDD Explor. Newsl. 11, 1, 10--18. Google ScholarDigital Library
- Hu, Y., Chiu, D.-M., and Lui, J. C. S. 2008. Application identification based on network behavioral profiles. In Proceedings of the 16th International Workshop on Quality of Service (IWQoS'08). IEEE, 219--228.Google Scholar
- Hu, Y., Chiu, D.-M., and Lui, J. C. S. 2009. Profiling and identification of P2P traffic. Comput. Netw. 53, 6, 849--863. Google ScholarDigital Library
- Huang, N.-F., Jai, G.-Y., and Chao, H.-C. 2008. Early identifying application traffic with application characteristics. In Proceedings of the IEEE International Conference on Communications (ICC'08). IEEE, 5788--5792.Google Scholar
- IANA. 2011. Port numbers. http://www.iana.org. (Last accessed 6/11).Google Scholar
- IETF. 2008. Specification of the IP flow information export (IPFIX) protocol for the exchange of IP traffic flow information. RFC 5101. http://tools.ietf.org/html/rfc5101.Google Scholar
- Iliofotou, M., Kim, H.-C., Faloutsos, M., Mitzenmacher, M., Pappu, P., and Varghese, G. 2009. Graph-based P2P traffic classification at the Internet backbone. In Proceedings of the 28th IEEE International Conference on Computer Communications Workshops (InfoCom'09). IEEE Press, Piscataway, NJ, 37--42. Google ScholarDigital Library
- Iliofotou, M., Pappu, P., Faloutsos, M., Mitzenmacher, M., Singh, S., and Varghese, G. 2007. Network monitoring using traffic dispersion graphs (TDGs). In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'07). ACM, New York, NY, 315--320. Google ScholarDigital Library
- Iliofotou, M., Pappu, P., Faloutsos, M., Mitzenmacher, M., Varghese, G., and Kim, H. 2008. Graption: Automated detection of P2P applications using traffic dispersion graphs (TDGs). Tech. rep. UCR-CS-2008-06080. June.Google Scholar
- Inoue, H., Jansens, D., Hijazi, A., and Somayaji, A. 2007. NetADHICT: A tool for understanding network traffic. In Proceedings of the 21st Large Installation System Administration Conference (LISA'07). USENIX Association, 39--47. Google ScholarDigital Library
- ipoque. 2011. Bandwidth management with deep packet inspection. http://www.ipoque.com. (Last accessed 7/11).Google Scholar
- Jain, R. and Routhier, S. A. 1986. Packet trains--measurements and a new model for computer network traffic. IEEE J. Sel. Areas Commun. 4, 6, 986--995. Google ScholarDigital Library
- John, W. and Tafvelin, S. 2008. Heuristics to classify Internet backbone traffic based on connection patterns. In Proceedings of the International Conference on Information Networking (ICOIN'08). IEEE, 1--5.Google Scholar
- Johnson, M. E., McGuire, D., and Willey, N. D. 2008. The evolution of the peer-to-peer file sharing industry and the security risks for users. In Proceedings of the Proceedings of the 41st Hawaii International Conference on System Sciences (HICSS'08). IEEE Computer Society, Washington, DC. Google ScholarDigital Library
- Johnson, M. E., McGuire, D., and Willey, N. D. 2009. Why file sharing networks are dangerous? Commun. ACM 52, 2, 134--138. Google ScholarDigital Library
- Jurga, R. E. and Hulbój, M. M. 2007. Packet sampling for network monitoring. Tech. rep., CERN — HP Procurve openlab project. Dec.Google Scholar
- Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., and Faloutsos, M. 2004a. File-sharing in the Internet: A characterization of P2P traffic in the backbone. Tech. rep.Google Scholar
- Karagiannis, T., Broido, A., Brownlee, N., Claffy, K. C., and Faloutsos, M. 2004b. Is P2P dying or just hiding? In Proceedings of the IEEE Global Telecommunications Conference (GlobeCom'04), Vol. 3. IEEE Computer Society Press, Piscataway, NJ, 1532--1538.Google Scholar
- Karagiannis, T., Faloutsos, A. B. M., and Claffy, K. C. 2004c. Transport layer identification of P2P traffic. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'04). ACM, New York, NY, 121--134. Google ScholarDigital Library
- Karagiannis, T., Papagiannaki, K., and Faloutsos, M. 2005a. BLINC: Multilevel traffic classification in the dark. In Proceedings of the ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Vol. 35. ACM, New York, NY, 229--240. Google ScholarDigital Library
- Karagiannis, T., Rodriguez, P., and Papagiannaki, K. 2005b. Should Internet service providers fear peer-assisted content distribution? In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'05). USENIX Association, Berkeley, CA, 63--76. Google ScholarDigital Library
- Kim, H., Claffy, K. C., Fomenkov, M., Barman, D., Faloutsos, M., and Lee, K. 2008. Internet traffic classification demystified: Myths, caveats, and the best practices. In Proceedings of the ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT'08). ACM, New York, NY, 1--12. Google ScholarDigital Library
- Kim, H.-C., Fomenkov, M., Brownlee, N., Claffy, K. C., Barman, D., and Faloutsos, M. 2007. Comparison of Internet traffic classification tools. In Proceedings of the Workshop on Application Classification and Identification (WACI).Google Scholar
- Kind, A., Dimitropoulos, X., Denazis, S., and Claise, B. 2008. Advanced network monitoring brings life to the awareness plane. IEEE Commun. Mag. 46, 10, 140--146. Google ScholarDigital Library
- Krishnamurthy, B. and Wang, J. 2002. Traffic classification for application specific peering. In Proceedings of the 2nd ACM SIGCOMM Internet Measurement Workshop (IMW'02). ACM, New York, NY, 179--180. Google ScholarDigital Library
- Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., and Turner, J. 2006. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Comput. Commun. Rev. 36, 4, 339--350. Google ScholarDigital Library
- L7-filter. 2010. L7-filter, application layer packet classifier for Linux. http://l7-filter.sourceforge.net. (Last accessed 3/10).Google Scholar
- l7-netpdlclassifier. 2010. Tools for L2-L7 traffic classification. http://netgroup.polito.it/research-projects/l7-traffic-classification/. (Last accessed 3/10).Google Scholar
- Lakhina, A., Crovella, M., and Diot, C. 2005. Mining anomalies using traffic feature distributions. ACM SIGCOMM Comput. Commun. Rev. 35, 4, 217--228. Google ScholarDigital Library
- Lawton, G. 2004. Is peer-to-peer secure enough for corporate use? IEEE Comput. 37, 1, 22--25. Google ScholarDigital Library
- Leibowitz, N., Bergman, A., Ben-Shaul, R., and Shavit, A. 2002. Are file swapping networks cacheable? Characterizing P2P traffic. In Proceedings of the 7th International Workshop on Web Content Caching and Distribution (WCW).Google Scholar
- Li, T., Guan, Z., and Wu, X. 2007. Modeling and analyzing the spread of active worms based on P2P systems. Comput. Security 26, 3, 213--218.Google ScholarDigital Library
- Li, W., Canini, M., Moore, A. W., and Bolla, R. 2009. Efficient application identification and the temporal and spatial stability of classification schema. Comput. Netw. 53, 6, 790--809. Google ScholarDigital Library
- Lin, Y.-D., Lu, C.-N., Lai, Y.-C., Peng, W.-H., and Lin, P.-C. 2009. Application classification using packet size distribution and port association. J. Netw. Comput. Appl. 32, 5, 1023--1030. Google ScholarDigital Library
- Liu, H., Feng, W., Huang, Y., and Li, X. 2007. A peer-to-peer traffic identification method using machine learning. In Proceedings of the International Conference on Networking, Architecture, and Storage (NAS'07). IEEE, 155--160.Google Scholar
- Ma, J., Levchenko, K., Kreibich, C., Savage, S., and Voelker, G. M. 2006. Unexpected means of protocol inference. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'06). ACM, New York, NY, 313--326. Google ScholarDigital Library
- Madhukar, A. and Williamson, C. 2006. A longitudinal study of P2P traffic classification. In Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS'06). IEEE Computer Society, Washington, DC, 179--188. Google ScholarDigital Library
- Makhoul, J., Kubala, F., Schwartz, R., and Weischedel, R. 1999. Performance measures for information extraction. In Proceedings of the DARPA Broadcast News Workshop. 249--252.Google Scholar
- Mantia, G. L., Rossi, D., Finamore, A., Mellia, M., and Meo, M. 2010. Stochastic packet inspection for TCP traffic. In Proceedings of the IEEE International Conference on Communications (ICC'10). IEEE, 1--6.Google Scholar
- MAPI. 2010. MAPI, monitoring API. http://mapi.uninett.no. (Last accessed 3/10).Google Scholar
- McGregor, A., Hall, M., Lorier, P., and Brunskill, J. 2004. Flow clustering using machine learning techniques. In Proceedings of the Passive and Active Measurement Workshop (PAM'04). Lecture Notes in Computer Science, vol. 3015, Springer-Verlag, Berlin Heidelberg, 205--214.Google Scholar
- McGregor, T. 2002. Quality in measurement: Beyond the deployment barrier. In Proceedings of the Symposium on Applications and the Internet Workshops (SAINT-W'02). IEEE Computer Society, Washington, DC, 66--73. Google ScholarDigital Library
- Moore, A. W. and Papagiannaki, K. 2005. Toward the accurate identification of network applications. In Proceedings of the Passive and Active Measurement Conference (PAM'05). Lecture Notes in Computer Science, vol. 3431. Springer-Verlag, Berlin Heidelberg, 41--54. Google ScholarDigital Library
- Moore, A. W. and Zuev, D. 2005. Internet traffic classification using bayesian analysis techniques. ACM SIGMETRICS Perform. Eval. Rev. 33, 1, 50--60. Google ScholarDigital Library
- Moore, A. W., Zuev, D., and Crogan, M. L. 2005. Discriminators for use in flow-based classification. Tech. rep. RR-05-13, Intel Research, Cambridge, U.K. Aug.Google Scholar
- Moore, D., Keys, K., Koga, R., Lagache, E., and Claffy, K. C. 2001. The CoralReef software suite as a tool for system and network administrators. In Proceedings of the 15th USENIX System Administration Conference (LISA'01). USENIX Association, Berkeley, CA, 133--144. Google ScholarDigital Library
- Mu, J., Sezer, S., Douglas, G., Burns, D., Garcia, E., Hutton, M., and Cackovic, K. 2007. Accelerating pattern matching for DPI. In Proceedings of the IEEE International Symposium on System-on-Chip (SOC'07). IEEE, 83--86.Google Scholar
- Murray, M. and Claffy, K. C. 2001. Measuring the immeasurable: Global Internet measurement infrastructure. In Proceedings of the Passive and Active Measurement Workshop (PAM'01). 159--167.Google Scholar
- Napatech. 2011. Intelligent real-time network analysis. http://www.napatech.com. (Last accessed 7/11).Google Scholar
- NetADHICT. 2010. http://www.ccsl.carleton.ca/software/netadhict/. (Last accessed 3/10).Google Scholar
- NetBee. 2010. The NetBee library. http://www.nbee.org. (Last accessed 3/10).Google Scholar
- NetPDL. 2010. http://www.nbee.org/netpdl. (Last accessed 3/10).Google Scholar
- Nguyen, T. T. T. and Armitage, G. 2006. Training on multiple sub-flows to optimise the use of machine learning classifiers in real-world IP networks. In Proceedings of the IEEE Conference on Local Computer Networks (LCN'06). IEEE, 369--376.Google Scholar
- Nguyen, T. T. T. and Armitage, G. 2008a. Clustering to assist supervised machine learning for real-time IP traffic classification. In Proceedings of the IEEE International Conference on Communications (ICC'08). IEEE, 5857--5862.Google Scholar
- Nguyen, T. T. T. and Armitage, G. 2008b. A survey of techniques for Internet traffic classification using machine learning. IEEE Commun. Surveys Tuts. 10, 4, 56--76. Google ScholarDigital Library
- NLANR. 2010. NLANR/MNA home page. http://www.nlanr.net. (Last accessed 3/10).Google Scholar
- Nogueira, A., Salvador, P., Couto, A., and Valadas, R. 2009. Towards the on-line identification of peer-to-peer flow patterns. J. Netw. 4, 2, 108--118.Google Scholar
- Nogueira, A., Salvador, P., and Valadas, R. 2007. A framework for detecting internet applications. In Proceedings of the International Conference on Information Networking (ICOIN'07). Springer-Verlag, Berlin Heidelberg, 455--464. Google ScholarDigital Library
- Ohm, P., Sicker, D. C., and Grunwald, D. 2007. Legal issues surrounding monitoring during network research. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'07). ACM, New York, NY, 141--148. Google ScholarDigital Library
- Ohzahata, S., Hagiwara, Y., Terada, M., and Kawashima, K. 2005. A traffic identification method and evaluations for a pure P2P application. In Proceedings of the Passive and Active Measurement Conference (PAM'05). Lecture Notes in Computer Science, vol. 3431, Springer-Verlag, Berlin Heidelberg, 55--68. Google ScholarDigital Library
- Olson, D. L. and Delen, D. 2008. Advanced Data Mining Techniques 1st Ed. Springer. Google ScholarDigital Library
- OpenDPI. 2010. OpenDPI - the open source deep packet inspection engine. http://www.opendpi.org. (Last accessed 3/10).Google Scholar
- Palmieri, F. and Fiore, U. 2009. A nonlinear, recurrence-based approach to traffic classification. Comput. Netw. 53, 6, 761--773. Google ScholarDigital Library
- Park, B.-C., Won, Y. J., Kim, M.-S., and Hong, J. W. 2008. Towards automated application signature generation for traffic identification. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS'08). IEEE, 160--167.Google Scholar
- Paxson, V. 2004. Strategies for sound Internet measurement. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'04). ACM, New York, NY, 263--271. Google ScholarDigital Library
- Perényi, M., Dang, T. D., Gefferth, A., and Molnár, S. 2006. Identification and analysis of peer-to-peer traffic. J. Commun. 1, 7, 36--46.Google ScholarCross Ref
- Plonka, D. 2000. FlowScan: A network traffic flow reporting and visualization tool. In Proceedings of the 14th USENIX System Administration Conference (LISA'00). USENIX Association, Berkeley, CA, 305--317. Google ScholarDigital Library
- Raahemi, B., Kouznetsov, A., Hayajneh, A., and Rabinovitch, P. 2008a. Classification of peer-to-peer traffic using incremental neural networks (fuzzy ARTMAP). In Proceedings of the Canadian Conference on Electrical and Computer Engineering (CCECE'08). IEEE, 719--724.Google Scholar
- Raahemi, B., Zhong, W., and Liu, J. 2008b. Peer-to-peer traffic identification by mining IP layer data streams using concept-adapting very fast decision tree. In Proceedings of the 20th IEEE International Conference on Tools with Artificial Intelligence (ICTAI'08), Vol. 1. IEEE, 525--532. Google ScholarDigital Library
- Ranjan, S., Shah, S., Nucci, A., Munafò, M., Cruz, R., and Muthukrishnan, S. 2007. DoWitcher: Effective worm detection and containment in the internet core. In Proceedings of the 26th IEEE International Conference on Computer Communications (InfoCom'07). IEEE, 2541--2545.Google Scholar
- Risso, F. and Baldi, M. 2006. NetPDL: An extensible XML-based language for packet header description. Comput. Netw. 50, 5, 688--706. Google ScholarDigital Library
- Risso, F., Baldi, M., Morandi, O., Baldini, A., and Monclus, P. 2008. Lightweight, payload-based traffic classification: An experimental evaluation. In Proceedings of the IEEE International Conference on Communications (ICC'08). IEEE, 5869--5875.Google Scholar
- Romig, S., Fullmer, M., and Luman, R. 2000. The OSU flow-tools package and CISCO NetFlow logs. In Proceedings of the 14th USENIX System Administration Conference (LISA'00). USENIX Association, Berkeley, CA, 291--303. Google ScholarDigital Library
- Salgarelli, L., Gringoli, F., and Karagiannis, T. 2007. Comparing traffic classifiers. ACM SIGCOMM Comput. Commun. Rev. 37, 3, 65--68. Google ScholarDigital Library
- Saroiu, S., Gummadi, K. P., Dunn, R. J., Gribble, S. D., and Levy, H. M. 2002a. An analysis of Internet content delivery systems. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI'02), Vol. 36. ACM, New York, NY, 315--327. Google ScholarDigital Library
- Saroiu, S., Gummadi, P. K., and Gribble, S. D. 2002b. A measurement study of peer-to-peer file sharing systems. In Proceedings of the Multimedia Computing and Networking (MMCN'02). ACM, New York, NY.Google Scholar
- Saroiu, S., Gummadi, P. K., and Gribble, S. D. 2003. Measuring and analyzing the characteristics of Napster and Gnutella hosts. Multimedia Syst. J. 9, 2, 170--184. Google ScholarDigital Library
- Schmidt, Ş. E. G. and Soysal, M. 2006. An intrusion detection based approach for the scalable detection of P2P traffic in the national academic backbone network. In Proceedings of the International Symposium on Computer Networks (ISCN'06). IEEE, 128--133.Google Scholar
- Schulze, H. and Mochalski, K. 2007. Internet study 2007. Tech. rep., ipoque.Google Scholar
- Schulze, H. and Mochalski, K. 2009. Internet study 2008/2009. Tech. rep., ipoque.Google Scholar
- Seedorf, J. 2006. Security challenges for peer-to-peer SIP. IEEE Netw. 20, 5, 38--45. Google ScholarDigital Library
- Sen, S., Spatscheck, O., and Wang, D. 2004. Accurate, scalable in-network identification of P2P traffic using application signatures. In Proceedings of the 13th International Conference on World Wide Web (WWW'04). ACM, New York, NY, 512--521. Google ScholarDigital Library
- Sen, S. and Wang, J. 2004. Analyzing peer-to-peer traffic across large networks. IEEE/ACM Trans. Netw. 12, 2, 219--232. Google ScholarDigital Library
- Sena, G. G. and Belzarena, P. 2009. Early traffic classification using support vector machines. In Proceedings of the 5th International Latin American Networking Conference (LANC'09). ACM, New York, NY, 60--66. Google ScholarDigital Library
- Singh, S., Estan, C., Varghese, G., and Savage, S. 2004. Automated worm fingerprinting. In Proceedings of the 6th Symposium on Operating Systems Design & Implementation (OSDI'04). USENIX Association, Berkeley, CA, USA, 45--60. Google ScholarDigital Library
- Smith, F. D., Campos, F. H., Jeffay, K., and Ott, D. 2001. What TCP/IP protocol headers can tell us about the Web. ACM SIGMETRICS Perform. Eval. Rev. 29, 1, 245--256. Google ScholarDigital Library
- Smith, R., Estan, C., Jha, S., and Kong, S. 2008. Deflating the big bang: Fast and scalable deep packet inspection with extended finite automata. ACM SIGCOMM Comput. Commun. Rev. 38, 4, 207--218. Google ScholarDigital Library
- Snort. 2010. http://www.snort.org. (Last accessed 3/10).Google Scholar
- Soewito, B., Mahajan, A., Weng, N., and Wang, H. 2009. High-speed string matching for network intrusion detection. Int. J. Commun. Netw. Distrib. Syst. 3, 4, 319--339. Google ScholarDigital Library
- Soysal, M. and Schmidt, E. G. 2007. An accurate evaluation of machine learning algorithms for flow-based P2P traffic detection. In Proceedings of the 22nd International Symposium on Computer and Information Sciences (ISCIS'07). IEEE.Google Scholar
- Sperotto, A., Sadre, R., van Vliet, F., and Pras, A. 2009. A labeled data set for flow-based intrusion detection. In Proceedings of the 9th IEEE International Workshop on IP Operations and Management (IPOM'09). Lecture Notes in Computer Science, vol. 5843, Springer-Verlag, Berlin Heidelberg, 39--50. Google ScholarDigital Library
- Spognardi, A., Lucarelli, A., and Pietro, R. D. 2005. A methodology for P2P file-sharing traffic detection. In Proceedings of the 2nd International Workshop on Hot Topics in Peer-to-Peer Systems (HOT-P2P'05). IEEE Computer Society, Washington, DC, 52--61. Google ScholarDigital Library
- Stefanowski, J. and Wilk, S. 2009. Extending rule-based classifiers to improve recognition of imbalanced classes. In Advances in Data Management, Z. W. Ras and A. Dardzinska, Eds., Studies in Computational Intelligence, vol. 223, Springer-Verlag, Berlin Heidelberg, 131--154.Google Scholar
- Strayer, T., Armitage, G., Allman, M., Moore, A. W., Jin, S., and Bellovin, S. 2008. IMRG workshop on application classification and identification report. ACM SIGCOMM Comput. Commun. Rev. 38, 3, 87--90. Google ScholarDigital Library
- Szabó, G., Orincsay, D., Malomsoky, S., and Szabó, I. 2008. On the validation of traffic classification algorithms. In Proceedings of the Passive and Active Measurement Conference (PAM'08). Lecture Notes in Computer Science, vol. 4979, Springer-Verlag, Berlin Heidelberg, 72--81. Google ScholarDigital Library
- Szabó, G., Szabó, I., and Orincsay, D. 2007. Accurate traffic classification. In Proceedings of the IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'07). IEEE, 1--8.Google Scholar
- tcpdump. 2011. TCPDUMP/LIBPCAP public repository. http://www.tcpdump.org. (Last accessed 7/10).Google Scholar
- TIE. 2010. TIE, traffic identification engine. http://tie.comics.unina.it. (Last accessed 7/10).Google Scholar
- Turkett, W. H., Karode, A. V., and Fulp, E. W. 2008. In-the-dark network traffic classification using support vector machines. In Proceedings of the 20th National Conference on Innovative Applications of Artificial Intelligence (IAAI'08). AAAI Press, 1745--1750. Google ScholarDigital Library
- Valenti, S., Rossi, D., Meo, M., Mellia, M., and Bermolen, P. 2009. Accurate, fine-grained classification of P2P-TV applications by simply counting packets. In Proceedings of the 1st International Workshop on Traffic Monitoring and Analysis (TMA'09), Lecture Notes in Computer Science, vol. 5537, Springer-Verlag, Berlin, Heidelberg, 84--92. Google ScholarDigital Library
- Wang, Y. 2008. Statistical Techniques for Network Security: Modern Statistically-Based Intrusion Detection and Protection. Premier Reference Source. Information Science Reference. Google ScholarDigital Library
- Wang, Y.-H., Gau, V., Bosaw, T., Hwang, J.-N., Lippman, A., Liebennan, D., and Wu, I.-C. 2008. Generalization performance analysis of flow-based peer-to-peer traffic identification. In Proceedings of the IEEE Workshop on Machine Learning for Signal Processing (MLSP'08). IEEE, 267--272.Google Scholar
- Weiss, G. M. 2004. Mining with rarity: A unifying framework. ACM SIGKDD Explor. Newsl. 6, 1, 7--19. Google ScholarDigital Library
- WildPackets. 2011. WildPackets: Network analyzer, voip monitoring, protocol analysis. http://www.wildpackets.com. (Last accessed 7/11).Google Scholar
- Williams, N., Zander, S., and Armitage, G. 2006. A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. ACM SIGCOMM Comput. Commun. Rev. 36, 5, 5--16. Google ScholarDigital Library
- Williamson, C. 2001. Internet traffic measurement. IEEE Internet Comput. 5, 6, 70--74. Google ScholarDigital Library
- WinDump. 2011. tcpdump for Windows using WinPcap. http://www.winpcap.org/windump/. (Last accessed 7/11).Google Scholar
- WinPcap. 2011. The industry-standard windows packet capture library. http://www.winpcap.org. (Last accessed 7/11).Google Scholar
- Wireshark. 2010. Wireshark, go deep. http://www.wireshark.org. (Last accessed 3/10).Google Scholar
- Wright, C. V., Monrose, F., and Masson, G. M. 2006. On inferring application protocol behaviors in encrypted network traffic. J. Mach. Learn. Res. 7, 2745--2769. Google ScholarDigital Library
- Xu, K., Liu, J., and Wang, H. 2008. Tod-cache: Peer-to-peer traffic management and optimization using combined caching and redirection. In Proceedings of the IEEE Global Telecommunications Conference (GlobeCom'08). IEEE, 1--5.Google Scholar
- Xusheng, Z. and Zhiming, W. 2009. Application of markov chain in IP traffic classification. In Proceedings of the International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC'09), Vol. 2. IEEE Computer Society, 688--691. Google ScholarDigital Library
- Yegneswaran, V., Giffin, J. T., Barford, P., and Jha, S. 2005. An architecture for generating semantics-aware signatures. In Proceedings of the 14th USENIX Security Symposium (SSYM'05). USENIX Association, Berkeley, CA, 97--112. Google ScholarDigital Library
- Yu, F. 2006. High speed deep packet inspection with hardware support. Ph.D. dissertation, EECS Department, University of California, Berkeley, CA. Google ScholarDigital Library
- Zander, S., Nguyen, T., and Armitage, G. 2005a. Automated traffic classification and application identification using machine learning. In Proceedings of the IEEE Conference on Local Computer Networks (LCN'2005). IEEE, 250--257. Google ScholarDigital Library
- Zander, S., Nguyen, T., and Armitage, G. 2005b. Self-learning IP traffic classification based on statistical flow characteristics. In Proceedings of the Passive and Active Measurement Conference (PAM'05). Lecture Notes in Computer Science, vol. 3431. Springer-Verlag, Berlin Heidelberg, 325--328. Google ScholarDigital Library
- Zhou, L., Zhang, L., McSherry, F., Immorlica, N., Costa, M., and Chien, S. 2005. A first look at peer-to-peer worms: Threats and defenses. In Proceedings of the 4th International Workshop on Peer-to-Peer Systems (IPTPS'05). Lecture Notes in Computer Science, vol. 3640, Springer, Berlin Heidelberg, 24--35. Google ScholarDigital Library
- Zuev, D. and Moore, A. W. 2005. Traffic classification using a statistical approach. In Proceedings of the Passive and Active Measurement Conference (PAM'05). Lecture Notes in Computer Science, vol. 3431, Springer-Verlag, Berlin Heidelberg, 321--324. Google ScholarDigital Library
Index Terms
- Detection and classification of peer-to-peer traffic: A survey
Recommendations
Application-Layer Traffic Analysis of a Peer-to-Peer System
Characterizing traffic behavior helps to optimize the network architecture for improved performance. Using a modified LimeWire servent (for both the server and client) and a variance-time plot for traffic characterization, the authors analyze the ...
Analyzing peer-to-peer traffic across large networks
The use of peer-to-peer (P2P) applications is growing dramatically, particularly for sharing large video/audio files and software. In this paper, we analyze P2P traffic by measuring flow-level information collected at multiple border routers across a ...
Peer-to-peer multimedia applications
MM '06: Proceedings of the 14th ACM international conference on MultimediaIn both academia and industry, peer-to-peer (P2P) applications have attracted great attention. Peer-to-peer file sharing applications, such as Napster, Gnutella, Kazaa, BitTorrent, Skype and PPLive, have witnessed tremendous success among end users. And ...
Comments