Classification of Network Traffic via Packet-Level Hidden Markov Models

Abstract

Traffic classification and identification is a fertile research area. Beyond Quality of Service, service differentiation, and billing, one of the most important applications of traffic classification is in the field of network security. This paper proposes a packet-level traffic classification approach based on Hidden Markov Model (HMM). Classification is performed by using real network traffic and estimating - in a combined fashion - Packet Size (PS) and Inter Packet Time (IPT) characteristics, thus remaining applicable to encrypted traffic too. The effectiveness of the proposed approach is evaluated by considering several traffic typologies: we applied our model to real traffic traces of Age of Mythology and Counter Strike (two Multi Player Network Games), HTTP, SMTP, Edonkey, PPlive (a peer-to-peer IPTV application), and MSN Messenger. An analytical basis and the mathematical details regarding the model are given. Results show how the proposed approach is able to classify network traffic by using packet-level statistical properties and therefore it is a good candidate as a component for a multi-classification framework.