Results 1 -
8 of
8
MonSamp: A Distributed SDN Application for QoS Monitoring
"... Abstract—Software Defined Networks are intended to be less complex, more flexible, and free of vendor-lock-ins. Therefore the Software Defined Networking (SDN) instantiation OpenFlow has been designed according to these properties. The efforts are expected to result in lower expenditure and operatio ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract—Software Defined Networks are intended to be less complex, more flexible, and free of vendor-lock-ins. Therefore the Software Defined Networking (SDN) instantiation OpenFlow has been designed according to these properties. The efforts are expected to result in lower expenditure and operational costs. To reach these objectives, mechanisms of classical networks that provide established functionalities have to be revalued and either transformed or redesigned from scratch to take advantage from SDNs. In this paper we describe our vision on flow sampling suitable for traffic monitoring in those networks. Without the loss of generality our approach was specifically created to monitor the quality of service for flows. We describe monitoring as one of possibly many applications that communicate with the SDN controller via the SDN Northbound API. We implemented a prototype SDN application called MonSamp and performed tests to demonstrate the feasibility of our concept.
High Performance Computing and Networking Group
, 2012
"... En los últimos años ha ganado cada vez mayor importancia las aplicaciones de Voz sobre IP (VoIP). En especial, Skype, ha conseguido en pocos años una gran popularidad siendo utilizada por millones de usuarios de todo el mundo. Este hecho ha provocado el interés tanto de la comunidad científica como ..."
Abstract
- Add to MetaCart
(Show Context)
En los últimos años ha ganado cada vez mayor importancia las aplicaciones de Voz sobre IP (VoIP). En especial, Skype, ha conseguido en pocos años una gran popularidad siendo utilizada por millones de usuarios de todo el mundo. Este hecho ha provocado el interés tanto de la comunidad científica como de las operadoras de telecomunicaciones en analizar, clasificar y caracterizar el tráfico de dicha aplicación. Tales tareas son capitales para la gestión del tráfico en tiempo real, el cumplimiento de las restricciones de calidad de servicio (QoS) y por motivos legales (intercepción de las comunicaciones). Skype utiliza un protocolo privado, ofuscado, donde los datos están cifrados, y funciona sobre puertos aleatorios, lo que dificulta su identificación. Tal dificultad de clasificar el tráfico Skype con las técnicas habituales, esto es, mediante el análisis de los puertos TCP o UDP, o analizando la carga útil de los paquetes mediante técnicas Deep Packet Inspection (DPI), ha hecho necesario la utilización de nuevas técnicas, que analizan las características estadísticas del tráfico y usan técnicas de aprendizaje automático. Otro hecho importante es el aumento de la capacidad de los enlaces, llegando a existir redes con velocidades de hasta 100 Gb/s, lo que hace más complicado la clasificación del tráfico debido
accepted for publication elsewhere. It has not been submitted to any other journal.
"... Abstract Traffic classification is an important aspect in network operation and management, but challenging from a research perspective. During the last decade, several works have proposed different methods for traffic classification. Although most proposed methods achieve high accuracy, they presen ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract Traffic classification is an important aspect in network operation and management, but challenging from a research perspective. During the last decade, several works have proposed different methods for traffic classification. Although most proposed methods achieve high accuracy, they present several practical limitations that hinder their actual deployment in production net-works. For example, existing methods often require a costly training phase or expensive hardware, while their results have relatively low completeness. In this paper, we address these practical limitations by proposing an autonomic traffic classification system for large networks. Our system combines multiple classification techniques to leverage their advantages and minimize the limi-tations they present when used alone. Our system can operate with Sampled NetFlow data making it easier to deploy in production networks to assist net-work operation and management tasks. The main novelty of our system is that it can automatically retrain itself in order to sustain a high classification accuracy along time. We evaluate our solution using a 14-day trace from a large production network and show that our system can sustain an accuracy greater than 96%, even in presence of sampling, during long periods of time. The proposed system has been deployed in production in the Catalan Research and Education network and it is currently being used by network managers of more than 90 institutions connected to this network.
Independent Comparison of Popular DPI Tools for Traffic Classification
"... Deep Packet Inspection (DPI) is the state-of-the-art technology for traffic classification. According to the conventional wisdom, DPI is the most accurate classification technique. Consequently, most popular products, either commercial or open-source, rely on some sort of DPI for traffic classificat ..."
Abstract
- Add to MetaCart
(Show Context)
Deep Packet Inspection (DPI) is the state-of-the-art technology for traffic classification. According to the conventional wisdom, DPI is the most accurate classification technique. Consequently, most popular products, either commercial or open-source, rely on some sort of DPI for traffic classification. However, the actual performance of DPI is still unclear to the research community, since the lack of public datasets prevent the comparison and reproducibility of their results. This paper presents a comprehensive comparison of 6 well-known DPI tools, which are commonly used in the traffic classification literature. Our study includes 2 commercial products (PACE and NBAR) and 4 open-source tools (OpenDPI, L7-filter, nDPI, and Libprotoident). We studied their performance in various scenarios (including packet and flow truncation) and at different classification levels (application protocol, application and web service). We carefully built a labeled dataset with more than 750 K flows, which contains traffic from popular applications. We used the Volunteer-Based System (VBS), developed at Aalborg University, to guarantee the correct labeling of the dataset. We released this dataset, including full packet payloads, to the research community. We believe this dataset could become a common benchmark for the comparison and validation of network traffic classifiers. Our results present PACE, a commercial tool, as the most accurate solution. Surprisingly, we find that some open-source tools, such as nDPI and Libprotoident, also achieve very high accuracy.
On the Performance of OpenDPI in Identifying P2P Truncated Flows
"... Abstract—This paper aims to show the impact on classification accuracy and the level of computational gain that could be obtained in applying deep packet inspection on truncated peer to peer traffic flows instead of complete ones. Using one of the latest open source classifiers, experiments were con ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—This paper aims to show the impact on classification accuracy and the level of computational gain that could be obtained in applying deep packet inspection on truncated peer to peer traffic flows instead of complete ones. Using one of the latest open source classifiers, experiments were conducted to evaluate classification performance on full and truncated network flows for different protocols, focusing on the detection of peer to peer. Despite minor exceptions, all the results show that with the latest deep packet inspection classifiers, which may incorporate different helper technologies, inspecting the first packets at the beginning of each flow, may still provide concrete computational gain while an acceptable level of classification accuracy is maintained. The present paper discusses this tradeoff and provides some recommendations on the number of packets to be inspected for the detection of peer to peer flows and some other common application protocols. As such, a new sampling approach is proposed, which accommodates samples to the stateful classifier’s algorithm, taking into consideration the characteristics of the protocols being classified. Keywords-IP traffic classification; p2p; peer to peer; deep packet inspection; DPI optimization I.
Cascade
"... Abstract � In this work, we present a traffic classifier based on the theory of multifractal network traffic. We use precisely the concept of multiplicative binomial cascades to get a feature vector to be used in the classification scheme. This vector is obtained by the multiplier variances of the m ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract � In this work, we present a traffic classifier based on the theory of multifractal network traffic. We use precisely the concept of multiplicative binomial cascades to get a feature vector to be used in the classification scheme. This vector is obtained by the multiplier variances of the multiplicative cascade traffic view. We analyze the performance of the technique proposed by a popular ML Software-based and the results showed viability classification rates of traffic over 90%. 1.
IEEE/ACM TRANSACTIONS ON NETWORKING 1 Robust Network Traffic Classification
"... Abstract—As a fundamental tool for network management and security, traffic classification has attracted increasing attention in recent years. A significant challenge to the robustness of classification performance comes from zero-day applications previously unknown in traffic classification systems ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—As a fundamental tool for network management and security, traffic classification has attracted increasing attention in recent years. A significant challenge to the robustness of classification performance comes from zero-day applications previously unknown in traffic classification systems. In this paper, we propose a new scheme of Robust statistical Traffic Classification (RTC) by combining supervised and unsupervised machine learning techniques to meet this challenge. The proposed RTC scheme has the capability of identifying the traffic of zeroday applications as well as accurately discriminating pre-defined application classes. In addition, we develop a new method for automating the RTC scheme parameters optimization process. The empirical study on real-world traffic data confirms the effectiveness of the proposed scheme. When zero-day applications are present, the classification performance of the new scheme is significantly better than four state-of-the-art methods: random forest, correlation-based classification, semi-supervised clustering, and one-class SVM. Index Terms—Traffic classification, semi-supervised learning, zero-day applications I.
