CLC number: TP393
On-line Access: 2015-05-05
Received: 2014-07-22
Revision Accepted: 2014-12-12
Crosschecked: 2015-04-09
Cited: 2
Clicked: 6818
Jie He, Yue-xiang Yang, Yong Qiao, Wen-ping Deng. Fine-grained P2P traffic classification by simply counting flows[J]. Frontiers of Information Technology & Electronic Engineering, 2015, 16(5): 391-403.
@article{title="Fine-grained P2P traffic classification by simply counting flows",
author="Jie He, Yue-xiang Yang, Yong Qiao, Wen-ping Deng",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="16",
number="5",
pages="391-403",
year="2015",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1400267"
}
%0 Journal Article
%T Fine-grained P2P traffic classification by simply counting flows
%A Jie He
%A Yue-xiang Yang
%A Yong Qiao
%A Wen-ping Deng
%J Frontiers of Information Technology & Electronic Engineering
%V 16
%N 5
%P 391-403
%@ 2095-9184
%D 2015
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1400267
TY - JOUR
T1 - Fine-grained P2P traffic classification by simply counting flows
A1 - Jie He
A1 - Yue-xiang Yang
A1 - Yong Qiao
A1 - Wen-ping Deng
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 16
IS - 5
SP - 391
EP - 403
%@ 2095-9184
Y1 - 2015
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1400267
Abstract: The continuous emerging of peer-to-peer (P2P) applications enriches resource sharing by networks, but it also brings about many challenges to network management. Therefore, P2P applications monitoring, in particular, P2P traffic classification, is becoming increasingly important. In this paper, we propose a novel approach for accurate P2P traffic classification at a fine-grained level. Our approach relies only on counting some special flows that are appearing frequently and steadily in the traffic generated by specific P2P applications. In contrast to existing methods, the main contribution of our approach can be summarized as the following two aspects. Firstly, it can achieve a high classification accuracy by exploiting only several generic properties of flows rather than complicated features and sophisticated techniques. Secondly, it can work well even if the classification target is running with other high bandwidth-consuming applications, outperforming most existing host-based approaches, which are incapable of dealing with this situation. We evaluated the performance of our approach on a real-world trace. Experimental results show that P2P applications can be classified with a true positive rate higher than 97.22% and a false positive rate lower than 2.78%.
This paper makes use of host based statistics to answer the question as to whether or not a host is running a peer to peer application. The idea of exploiting special flows for detecting specific P2P protocols/implementations is neat. The application of a clustering algorithm for automatically identifying special flows makes the approach flexibile and extensibile.
[1]Auld, T., Moore, A.W., Gull, S.F., 2007. Bayesian neural networks for Internet traffic classification. IEEE Trans. Neur. Netw., 18(1):223-239.
[2]Ban, T., Guo, S., Eto, M., et al., 2012. A study on cost-effective P2P traffic classification. Proc. Int. Joint Conf. on Neural Networks, p.1-7.
[3]Basher, N., Mahanti, A., Mahanti, A., et al., 2008. A comparative analysis of web and peer-to-peer traffic. Proc. 17th Int. Conf. on World Wide Web, p.287-296.
[4]Bermolen, P., Mellia, M., Meo, M., et al., 2011. Abacus: accurate behavioral classification of P2P-TV traffic. Comput. Netw., 55(6):1394-1411.
[5]Chen, J.B., 2011. Fuzzy based approach for P2P file sharing detection. J. Internet Technol., 12(6):921-930.
[6]Dainotti, A., Pescapè, A., Claffy, K.C., 2012. Issues and future directions in traffic classification. IEEE Network, 26(1):35-40.
[7]Dhamankar, R., King, R., 2007. Protocol Identification via Statistical Analysis (PISA). White Paper, Tipping Point.
[8]Este, A., Gringoli, F., Salgarelli, L., 2009. On the stability of the information carried by traffic flow features at the packet level. ACM SIGCOMM Comput. Commun. Rev., 39(3):13-18.
[9]Finamore, A., Mellia, M., Meo, M., et al., 2010. KISS: stochastic packet inspection classifier for UDP traffic. IEEE/ACM Trans. Netw., 18(5):1505-1515.
[10]Gallagher, B., Iliofotou, M., Eliassi-Rad, T., et al., 2010. Link homophily in the application layer and its usage in traffic classification. Proc. IEEE INFOCOM, p.1-5.
[11]Gomes, J.V., Inácio, P.R.M., Pereira, M., et al., 2013. Detection and classification of peer-to-peer traffic: a survey. ACM Comput. Surv., 45(3), Article 30.
[12]He, J., Yang, Y., Qiao, Y., et al., 2013. Accurate classification of P2P traffic by clustering flows. China Commun., 10(11):42-51.
[13]Huang, N.F., Jai, G.Y., Chao, H.C., 2008. Early identifying application traffic with application characteristics. Proc. IEEE Int. Conf. on Communications, p.5788-5792.
[14]Hullár, B., Laki, S., Gyorgy, A., 2011. Early identification of peer-to-peer traffic. Proc. IEEE Int. Conf. on Communications, p.1-6.
[15]Hurley, J., Garcia-Palacios, E., Sezer, S., 2011. Host-based P2P flow identification and use in real-time. ACM Trans. Web, 5(2), Article 7.
[16]Iliofotou, M., Kim, H., Faloutsos, M., et al., 2011. Graption: a graph-based P2P traffic classification framework for the Internet backbone. Comput. Netw., 55(8):1909-1920.
[17]Karagiannis, T., Papagiannaki, K., Faloutsos, M., 2005. BLINC: multilevel traffic classification in the dark. ACM SIGCOMM Comput. Commun. Rev., 35(4):229-240.
[18]Moore, A., Zuev, D., Crogan, M., 2005. Discriminators for Use in Flow-Based Classification. Technical Report, University of London, UK.
[19]Nguyen, T.T.T., Armitage, G., 2008. Clustering to assist supervised machine learning for real-time IP traffic classification. Proc. IEEE Int. Conf. on Communications, p.5857-5862.
[20]Ohzahata, S., Hagiwara, Y., Terada, M., et al., 2005. A traffic identification method and evaluations for a pure P2P application. Proc. 6th Int. Workshop on Passive and Active Network Measurement, p.55-68.
[21]Sandvine, 2014. Global Internet Phenomena Report 1H 2014. Technical Report. Sandvine Incorporated ULC, Waterloo, Ontario, Canada.
[22]Tabatabaei, T.S., Adel, M., Karray, F., et al., 2012. Machine learning-based classification of encrypted Internet traffic. Proc. 8th Int. Conf. on Machine Learning and Data Mining in Pattern Recognition, p.578-592.
[23]Valenti, S., Rossi, D., 2011. Identifying key features for P2P traffic classification. Proc. IEEE Int. Conf. on Communications, p.1-6.
[24]Yang, D., Zhang, Y., Zhang, H., et al., 2009. Multi-factors oriented study of P2P Churn. Int. J. Commun. Syst., 22(9):1089-1103.
[25]Zhang, T., Ramakrishnan, R., Livny, M., 1996. BIRCH: an efficient data clustering method for very large databases. ACM SIGMOD Rec., 25(2):103-114.
Open peer comments: Debate/Discuss/Question/Opinion
<1>