Accurate Online Traffic Classification with Multi-Phases Identification Methodology

Abstract

Traffic metrics at application level are critical for protocol research, abnormity detection, accounting and network operation. There are great challenges to identify packets at application level since dynamic protocol ports and packet encryption are deployed popularly. There are several different methods of traffic identification being proposed in recently research for corresponding applications. It is impossible to identify traffic with any one method alone. A methodology of online traffic identification at application level named multi-phases identification (MPI) based on packet and flow is proposed in this paper. There are two stages in the methodology. The traffic classification is based on packet characteristic in the first stage and based on flow feature in the second stage to correct the results in the first stage. There are several advantages in MPI: (1) these existing traffic identification methods can be easily integrated into MPI to improve the identification accuracy, (2) the corresponding new identification method for the new application can be inserted into MPI feasibly with scripts of the identification rule, and (3) efficiency of identification can be improved with the mechanism of adaptive justification for the sequence of methods and implemented on multi-CPUs platform. MPI has been implemented a general purpose CPU platform with OC-48 POS and 10 GE network interface. Experiment on an OC-48 POS backbone link shows MPI is accurate and effective for traffic identification.