Inferring applications at the network layer using collective traffic statistics Conference Paper uri icon

abstract

  • In this paper, we propose a novel technique for inferring the distribution of application classes present in the aggregated traffic flows between endpoints, which exploits both the statistics of the traffic flows, and the spatial distribution of those flows across the network. Our method employs a two-step supervised model, where the bootstrapping step provides initial (inaccurate) inference on the traffic application classes, and the graph-based calibration step adjusts the initial inference through the collective spatial traffic distribution. In evaluations using real traffic flow measurements from a large ISP, we show how our method can accurately classify application types within aggregate traffic between endpoints, even without the knowledge of ports and other traffic features. While the bootstrap estimate classifies the aggregates with 80% accuracy, incorporating spatial distributions through calibration increases the accuracy to 92%, i.e., roughly halving the number of errors.

name of conference

  • SIGMETRICS 2010, Proceedings of the 2010 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, New York, New York, USA, 14-18 June 2010

published proceedings

  • ACM SIGMETRICS Performance Evaluation Review

author list (cited authors)

  • Jin, Y. u., Duffield, N., Haffner, P., Sen, S., & Zhang, Z.

citation count

  • 4

complete list of authors

  • Jin, Yu||Duffield, Nick||Haffner, Patrick||Sen, Subhabrata||Zhang, Zhi-Li

publication date

  • June 2010