Efficient application identification and the temporal and spatial stability of classification schema

Wei Li*, Marco Canini, Andrew W. Moore, Raffaele Bolla

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

157 Scopus citations

Abstract

Motivated by the importance of accurate identification for a range of applications, this paper compares and contrasts the effective and efficient classification of network-based applications using behavioral observations of network-traffic and those using deep-packet inspection. Importantly, throughout our work we are able to make comparison with data possessing an accurate, independently determined ground-truth that describes the actual applications causing the network-traffic observed. In a unique study in both the spatial-domain: comparing across different network-locations and in the temporal-domain: comparing across a number of years of data, we illustrate the decay in classification accuracy across a range of application-classification mechanisms. Further, we document the accuracy of spatial classification without training data possessing spatial diversity. Finally, we illustrate the classification of UDP traffic. We use the same classification approach for both stateful flows (TCP) and stateless flows based upon UDP. Importantly, we demonstrate high levels of accuracy: greater than 92% for the worst circumstance regardless of the application.

Original languageEnglish (US)
Pages (from-to)790-809
Number of pages20
JournalComputer Networks
Volume53
Issue number6
DOIs
StatePublished - Apr 23 2009
Externally publishedYes

Keywords

  • Application identification
  • Deep-packet inspection
  • Machine learning
  • Spatial stability
  • Temporal decay
  • Traffic classification

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Efficient application identification and the temporal and spatial stability of classification schema'. Together they form a unique fingerprint.

Cite this