Identifying and Discriminating Between Web and Peer-to-Peer Traffic in the Network Core
Authors:
Jeffrey Erman (University of Calgary)
Anirban Mahanti (University of Calgary)
Martin Arlitt (HP Labs/University of Calgary)
Carey Williamson (University of Calgary)
Abstract:
Traffic classification is the ability to identify and categorize network traffic by application type. In this paper, we consider the problem of traffic classification in the network core. Classification at the core is challenging because only partial information of the flows and their contributors is available. We address this problem by developing and evaluating a classification framework that can classify a flow using only unidirectional flow information. We validated this approach using recent full-payload packet traces that we collected and pre-classified to establish a ``base truth''. From our evaluation, we find that flow statistics along the server-to-client path of a TCP connection provides higher classification accuracy than flow statistics along the client-to-server path. Because collection of the server-to-client flow statistics may not always be feasible, we developed and verified an algorithm that can estimate the missing statistics from a unidirectional packet trace.