User login

Weekly Report -- 27/05/2011




Ran some experiments to compare the accuracy of libprotoident with the DPI-based traffic classification tools I've managed to get my hands on. Much of this time was spent figuring out various quirks with the other tools that was causing them to perform more poorly than expected -- e.g, TIE fails to identify HTTP by default if the GET request is more than a couple of hundred bytes.

Finally managed to get everything working properly towards the end of the week and had completed a preliminary study using some full-payload Auckland traces we'd taken last year. Results were very promising: using the PACE classifications as our ground truth, only 0.9% of traffic is not correctly identified by libprotoident, compared with 1.5% for OpenDPI and 12.4% for the L7 filter module included with TIE.