The accurate and efficient classification of Internet traffic is the first and key step to ac-curate traffic management,network security and traffic analysis. The classic ways to identify flows is either inaccurate or...The accurate and efficient classification of Internet traffic is the first and key step to ac-curate traffic management,network security and traffic analysis. The classic ways to identify flows is either inaccurate or inefficient,which are not suitable to be applied to real-time online classification. In this paper,we originally presented an early recognition method named Early Recognition Based on Deep Packet Inspection (ERBDPI) based on deep packet inspection,after analyzing the distribution of payload signature between packets of a flow in detail. The basic concept of ERBDPI is classifying flows based on the payload signature of their first some packets,so that we can identify traffic at the be-ginning of a flow connection. We compared the performance of ERBDPI with that of traditional sampling methods both synthetically and using real-world traffic traces. The result shows that ERBDPI can get a higher classification accuracy with a lower packet sampling rate,which makes it suitable to be applied to accurate real-time classification in high-speed links.展开更多
基金Supported by grant from the Major State Basic Research Development Program of China (No.2007CB307102)
文摘The accurate and efficient classification of Internet traffic is the first and key step to ac-curate traffic management,network security and traffic analysis. The classic ways to identify flows is either inaccurate or inefficient,which are not suitable to be applied to real-time online classification. In this paper,we originally presented an early recognition method named Early Recognition Based on Deep Packet Inspection (ERBDPI) based on deep packet inspection,after analyzing the distribution of payload signature between packets of a flow in detail. The basic concept of ERBDPI is classifying flows based on the payload signature of their first some packets,so that we can identify traffic at the be-ginning of a flow connection. We compared the performance of ERBDPI with that of traditional sampling methods both synthetically and using real-world traffic traces. The result shows that ERBDPI can get a higher classification accuracy with a lower packet sampling rate,which makes it suitable to be applied to accurate real-time classification in high-speed links.
