User login

Search Publications

Libprotoident: Traffic Classification Using Lightweight Packet Inspection (Technical Report)

16

Aug

2012

At present, accurate traffic classification requires the use of deep
packet inspection to analyse packet payload. This requires significant
CPU and memory resources and are invasive of network user privacy. In this
paper, we propose an alternative traffic classification approach that is
lightweight and only examines the first four bytes of packet payload observed
in each direction. We have implemented our approach as an open-source library
called libprotoident, which we evaluate by comparing its performance against
existing traffic classifiers that use deep packet inspection. Our results show
that our approach offers comparable (if not better) accuracy than tools that
have access to full packet payload and requires less processing resources.

This is simply a technical report, not a published conference or journal paper. We're hoping to publish an improved version of this paper soon, but mainly need to improve the validation process to be more convincing to external reviewers.

Author(s): 
Shane Alcock
Richard Nelson
AttachmentSize
lpi.pdf112.29 KB
Groups: