Internet traffic identification and classification - PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

Internet traffic identification and classification

Description:

Why is this one of the hottest issues in the Internet today? Existing approaches. Port-based ... What is the key new idea that I want to explore? ... – PowerPoint PPT presentation

Number of Views:572
Avg rating:3.0/5.0
Slides: 7
Provided by: ccGa
Category:

less

Transcript and Presenter's Notes

Title: Internet traffic identification and classification


1
Internet traffic identificationand classification
  • CS 7270
  • Networked Applications Services
  • Lecture-2

2
Background
  • What does traffic classification mean?
  • Packet monitors
  • Which are the important packet header fields?
  • Flow monitors (e.g., Ciscos NetFlow)
  • Definition of a flow?
  • Who is interested in traffic classification and
    why?
  • Why is this one of the hottest issues in the
    Internet today?

3
Existing approaches
  • Port-based
  • Largely ineffective today
  • Flow-based signatures/patterns
  • Look for certain packet sizes, packet
    interarrivals, flow sizes
  • Supervised machine-learning techniques
  • Requires accurate classification of some flows
    (training set)
  • Cluster flows based on group of discriminants?
  • Payload-based techniques
  • Look for certain strings or byte sequences in
    layer-4 (or higher) headers
  • What does deep packet inspection mean?

4
How would you do traffic classification?
  • A good project topic?
  • Some things to consider as you decide on a
    project topic
  • What is the most important related work?
  • See Keshavs paper
  • Read at least 3-4 papers on a topic before you
    decide to work on it
  • What is the key new idea that I want to explore?
  • For example, can I identify individual p2p
    applications if I have access to the payload of
    the first packet in a flow (after connection
    establishment)?
  • Which are the available tools I can use?
  • Tcpdump or ethereal packet monitors at my laptop
  • Install clients of p2p applications at my laptop
  • Do we have appropriate datasets?
  • OIT may be able to provide us with anonymized
    packet traces or netflow records from GAtechs
    edge routers
  • You can collect packet traces from your own
    laptop for validation purposes
  • What is the set of questions I want to answer?
    How will I do so?
  • Asking the right questions is 50 of the
    research!
  • Describe your methodology in detail
  • E.g, I will examine hypothesis X if I can accept
    it, I will move on to hypothesis Y (given X)
    otherwise, if I reject X, I will move to
    hypothesis Z

5
Reading
  • Blinc multilevel traffic classification in the
    dark by Karagiannis et al.
  • Published at Sigcomm05
  • Probably the most accurate method currently
    available (without payload information)
  • Interesting methodology for a couple of reasons
  • Focuses on hosts rather flows
  • Considers social/functional/application levels

6
Download slides
  • http//www.nanog.org/mtg-0510/pdf/karagiannis.blin
    c.pdf
Write a Comment
User Comments (0)
About PowerShow.com