SlideShare uma empresa Scribd logo

Waterfall: Rapid identification of IP flows using cascade classification

Pawel Foremski
Pawel Foremski

In the last years network traffic classification has attracted much research effort, given that it represents the foundation of many Internet functionalities such as Quality of Service (QoS) enforcement, monitoring, and security. Nonetheless, the proposed works are not able to satisfactorily solve the problem, usually being suitable for only addressing a given portion of the whole network traffic and thus none of them can be considered an ultimate solution for network classification. In this paper, we address network traffic classification by proposing a new architecture-named Waterfall architecture-that, by combining several classification algorithms together according to a cascade principle, is able to correctly classify the whole mixture of network traffic.

Ciências
1 de 30
Baixar para ler offline
Waterfall: Rapid identification of IP flows using cascade classification Paweł Foremski, MSc. Eng. The Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences, Gliwice pjf@iitis.pl Brunów, 24th June 2014CN 2014 Conference
Identification of IP flows? “traffic classification” or “traffic identification”
TC: input - output Traffic Classifier Input Output network traffic application names
TC input • TC input is the object of classification: o Single IP packet o IP flow o Endpoint o Host
TC output • TC output is the result of classification: o Application name – e.g. Skype, Teamviewer o Network protocol – e.g. HTTP, SMTP o Category – e.g. chat, streaming o Traffic profile – e.g. bulk, interactive o Content type – e.g. text, image o Web application – e.g. Google Docs, Facebook
TC: the problem • How to identify network traffic? • How to cope with practical constraints? o With limited resources (on high-speed routers) o With limited details (only packet headers) o ... • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o ...
TC: applications HTTP Skype BitTorrent FTP BitTorrent Queuing Quality of Service Firewall Access Policy Monitoring Routing ...
TC: applications Alessandro Finamore, Marco Mellia, Michela Meo, Maurizio M. Munafò, Dario Rossi, Experiences of Internet Traffic Monitoring with Tstat, IEEE Network "March/April 2011", Vol.25, No.3, pp.8-14, ISSN: 0890-8044, March/April 2011
TC: applications FTTH 4 Mbps ADSL 24 Mbps VoIP, DNS, Games, ... BitTorrent, eMule, YouTube, ... 5-10 ms 50-100 ms
TC: existing solutions • Port numbers • Deep Packet Inspection (DPI) - e.g. [2,3] • Machine Learning - e.g. [5,9] • Behavioral analysis - e.g. [4,7,8] • Classifier fusion - e.g. [6]
Waterfall: motivation Each TC algorithm has advantages and disadvantages. The problem: Could we integrate these approaches into one system so that we move forward in TC? How would solving this problem affect classification performance?
Waterfall: the idea 1. Use existing classifiers as modules 2. Implement the rejection option 3. Minimize false positives 4. Connect in a cascade structure 1 2 3
An old (yet new) idea • Classifier selection • Mixture of experts • Cascade classification Kuncheva L., “Combining pattern classifiers: methods and algorithms", John Wiley & Sons, 2004 A A B Ax • Classifier fusion • Majority vote • Weighted vote • Naive Bayes Combination • Behavior Knowledge Space • ...
Waterfall: the idea
Waterfall: practical system dstip dnsclass portsize npkts port (Python source code available at mutrics.iitis.pl) Flow features limited to first 10 seconds
Waterfall: validation • Total sum of over 3.5 TB of data • Validation of spatial and temporal stability Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
Validation: dataset 1 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
Validation: dataset 2 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Temporal stability (8 months)
Validation: datasets 3 and 4 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Spatial stability No payloads
Experiment 1: >50% is easy Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 >50% >50%
Experiment 2: more is faster Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 adding specialized modules
Discussion • Waterfall is a new architecture for TC • We propose an idea and an open source implementation • A 5-element system yielded very good results • Findings • More than 50% of traffic in Internet is easy to identify • Adding more modules to cascade can increase the speed • Open questions • Quantitative comparison: Waterfall vs. BKS • How to train the system in an optimal way? • How to put the modules in a proper order?
References 1. Foremski P., On different ways to classify Internet traffic: a short review of selected publications. Theoretical and Applied Informatics 2013; 25(2). 2. B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, Towards automated application signature generation for traffic identification, in Network Operations and Management Symposium, 2008. NOMS 2008. IEEE, pp. 160–167, IEEE, 2008. 3. S. H. Yeganeh, M. Eftekhar, Y. Ganjali, R. Keralapura, and A. Nucci, CUTE: Traffic Classification Using TErms, in Computer Communications and Networks (ICCCN), 2012 21st International Conference on, pp. 1–9, IEEE, 2012. 4. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, BLINC: Multilevel traffic classification in the dark, in ACM SIGCOMM Computer Communication Review, vol. 35, pp. 229 – 240, ACM, 2005. 5. A. Finamore, M. Mellia, M. Meo, and D. Rossi, KISS: Stochastic packet inspection classifier for udp traffic, Networking, IEEE/ACM Transactions on, vol. 18, no. 5, pp. 1505 – 1515, 2010. 6. A. Dainotti, A. Pescapé, and C. Sansone, Early classification of network traffic through multi- classification, Traffic Monitoring and Analysis, pp. 122 – 135, 2011. 7. Foremski P., Callegari C., Pagano M., DNS-Class: Immediate classification of IP flows using DNS, International Journal of Network Management, John Wiley & Sons, 2014, DOI: 10.1002/nem.1864 8. P. Bermolen, M. Mellia, M. Meo, D. Rossi, and S. Valenti, Abacus: Accurate behavioral classification of P2P-TV traffic, Computer Networks, vol. 55, no. 6, pp. 1394 – 1411, 2011. 9. G. Münz, H. Dai, L. Braun, and G. Carle, TCP traffic classification using Markov models, Traffic Monitoring and Analysis, pp. 127 – 140, 2010.
Thank you! Paweł Foremski, pjf@iitis.pl Project website: http://mutrics.iitis.pl/
TC: definition Internet traffic classification (or identification) is the act of matching IP packets to the applications that generated them. [1]
TC: the problem • How to identify network traffic? • How to do it well? o With limited resources (on high-speed routers) o With limited details (only packet headers) o With good accuracy (no errors) o In limited time (in real-time) o For current and future protocols (flexibility and stability) o For the whole Internet (backbone routers and gateways) • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o Processing time o Unknown detection
Example: dnsclass Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
dnsclass: motivation Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014

Recomendados

Hybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksHybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksZhenyun Zhuang
 
A Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemA Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemZhenyun Zhuang
 
Dynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesDynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesZhenyun Zhuang
 
Study of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksStudy of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksAlexander Decker
 
Scale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksScale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksIOSR Journals
 
presentation_SB_v01
presentation_SB_v01presentation_SB_v01
presentation_SB_v01Salvatore Balzano
 
Extending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerExtending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerScientific Review
 
On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...IJCNCJournal
 

Recomendados

Hybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksHybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksZhenyun Zhuang
 
A Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemA Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemZhenyun Zhuang
 
Dynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesDynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesZhenyun Zhuang
 
Study of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksStudy of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksAlexander Decker
 
Scale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksScale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksIOSR Journals
 
presentation_SB_v01
presentation_SB_v01presentation_SB_v01
presentation_SB_v01Salvatore Balzano
 
Extending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerExtending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerScientific Review
 
On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...IJCNCJournal
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
 
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationAnalytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationIJCNCJournal
 
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P SystemNon Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
G0434045
G0434045G0434045
G0434045IOSR Journals
 
Iaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd Iaetsd
 
27
2727
27IMPULSE_TECHNOLOGY
 
HON_NetSci_2016
HON_NetSci_2016HON_NetSci_2016
HON_NetSci_2016Jian Xu
 
World Wide Web
World Wide WebWorld Wide Web
World Wide WebDenise Vilardo
 
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...IRJET Journal
 
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkEffective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkUvaraj Shan
 
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Uvaraj Shan
 
TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006Kalman Graffi
 
Integrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataIntegrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataDhaval Thakker
 
Hou_Resume
Hou_ResumeHou_Resume
Hou_ResumeShibo Hou
 
ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"Fabien Gandon
 
Resume
ResumeResume
ResumeVivek Pahwa
 
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma..."Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...Núcleo de Electrónica e Informática da Universidade do Algarve
 
Grid Computing: BOINC Overview
Grid Computing: BOINC OverviewGrid Computing: BOINC Overview
Grid Computing: BOINC OverviewRodrigo Neves
 
Resume
Resume Resume
Resume Vivek Pahwa
 
QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006Kalman Graffi
 
Orientation to Computer Networks
Orientation to Computer NetworksOrientation to Computer Networks
Orientation to Computer NetworksMukesh Chinta
 
Automatics and Remote Control
Automatics and Remote ControlAutomatics and Remote Control
Automatics and Remote ControlVisionary_
 

Mais conteúdo relacionado

Mais procurados

EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
 
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationAnalytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationIJCNCJournal
 
Iaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd Iaetsd
 
HON_NetSci_2016
HON_NetSci_2016HON_NetSci_2016
HON_NetSci_2016Jian Xu
 
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...IRJET Journal
 
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkEffective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkUvaraj Shan
 
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Uvaraj Shan
 
TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006Kalman Graffi
 
Integrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataIntegrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataDhaval Thakker
 

Mais procurados (13)

EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
 
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationAnalytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
 
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P SystemNon Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P System
 
G0434045
G0434045G0434045
G0434045
 
Iaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing over
 
27
2727
27
 
HON_NetSci_2016
HON_NetSci_2016HON_NetSci_2016
HON_NetSci_2016
 
World Wide Web
World Wide WebWorld Wide Web
World Wide Web
 
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
 
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkEffective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
 
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
 
TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006
 
Integrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataIntegrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched data
 

Semelhante a Waterfall: Rapid identification of IP flows using cascade classification

ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"Fabien Gandon
 
Grid Computing: BOINC Overview
Grid Computing: BOINC OverviewGrid Computing: BOINC Overview
Grid Computing: BOINC OverviewRodrigo Neves
 
QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006Kalman Graffi
 
Orientation to Computer Networks
Orientation to Computer NetworksOrientation to Computer Networks
Orientation to Computer NetworksMukesh Chinta
 
Automatics and Remote Control
Automatics and Remote ControlAutomatics and Remote Control
Automatics and Remote ControlVisionary_
 
A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...Fellowship at Vodafone FutureLab
 
ESWC2015 opening ceremony
ESWC2015 opening ceremonyESWC2015 opening ceremony
ESWC2015 opening ceremonyFabien Gandon
 
Data Communication & Computer Networks
Data Communication & Computer NetworksData Communication & Computer Networks
Data Communication & Computer NetworksSreedhar Chowdam
 
ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)Shibiao Nong
 
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...Sharif Hossen
 
Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"Valentin Thirion
 
978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michael978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michaelADARAMOLA MICHAEL FUNSO
 
A Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSNA Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSNIJARIIT
 

Semelhante a Waterfall: Rapid identification of IP flows using cascade classification (20)

Hou_Resume
Hou_ResumeHou_Resume
Hou_Resume
 
ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"
 
Resume
ResumeResume
Resume
 
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma..."Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
 
Grid Computing: BOINC Overview
Grid Computing: BOINC OverviewGrid Computing: BOINC Overview
Grid Computing: BOINC Overview
 
Resume
Resume Resume
Resume
 
QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006
 
Orientation to Computer Networks
Orientation to Computer NetworksOrientation to Computer Networks
Orientation to Computer Networks
 
Automatics and Remote Control
Automatics and Remote ControlAutomatics and Remote Control
Automatics and Remote Control
 
A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...
 
ESWC2015 opening ceremony
ESWC2015 opening ceremonyESWC2015 opening ceremony
ESWC2015 opening ceremony
 
Data Communication & Computer Networks
Data Communication & Computer NetworksData Communication & Computer Networks
Data Communication & Computer Networks
 
ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)
 
Peer to peer connection
Peer to peer connectionPeer to peer connection
Peer to peer connection
 
Tcp
TcpTcp
Tcp
 
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
 
Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"
 
978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michael978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michael
 
A Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSNA Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSN
 
AVSTP2P Overview
AVSTP2P OverviewAVSTP2P Overview
AVSTP2P Overview
 

Último

Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINChromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINsankalpkumarsahoo174
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfSumit Kumar yadav
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...anilsa9823
 
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxPhysiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxAArockiyaNisha
 
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...ssifa0344
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticssakshisoni2385
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...Sérgio Sacani
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)PraveenaKalaiselvan1
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksSérgio Sacani
 
Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfSumit Kumar yadav
 
fundamental of entomology all in one topics of entomology
fundamental of entomology all in one topics of entomologyfundamental of entomology all in one topics of entomology
fundamental of entomology all in one topics of entomologyDrAnita Sharma
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPirithiRaju
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bSérgio Sacani
 
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptxUnlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptxanandsmhk
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)Areesha Ahmad
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.Nitya salvi
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
 
Botany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questionsBotany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questionsSumit Kumar yadav
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...Sérgio Sacani
 

Último (20)

Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINChromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdf
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
 
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxPhysiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
 
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disks
 
Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdf
 
fundamental of entomology all in one topics of entomology
fundamental of entomology all in one topics of entomologyfundamental of entomology all in one topics of entomology
fundamental of entomology all in one topics of entomology
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdf
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
 
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptxUnlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
 
Botany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questionsBotany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questions
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
 

Waterfall: Rapid identification of IP flows using cascade classification

  • 1. Waterfall: Rapid identification of IP flows using cascade classification Paweł Foremski, MSc. Eng. The Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences, Gliwice pjf@iitis.pl Brunów, 24th June 2014CN 2014 Conference
  • 2. Identification of IP flows? “traffic classification” or “traffic identification”
  • 3. TC: input - output Traffic Classifier Input Output network traffic application names
  • 4. TC input • TC input is the object of classification: o Single IP packet o IP flow o Endpoint o Host
  • 5. TC output • TC output is the result of classification: o Application name – e.g. Skype, Teamviewer o Network protocol – e.g. HTTP, SMTP o Category – e.g. chat, streaming o Traffic profile – e.g. bulk, interactive o Content type – e.g. text, image o Web application – e.g. Google Docs, Facebook
  • 6. TC: the problem • How to identify network traffic? • How to cope with practical constraints? o With limited resources (on high-speed routers) o With limited details (only packet headers) o ... • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o ...
  • 7. TC: applications HTTP Skype BitTorrent FTP BitTorrent Queuing Quality of Service Firewall Access Policy Monitoring Routing ...
  • 8. TC: applications Alessandro Finamore, Marco Mellia, Michela Meo, Maurizio M. Munafò, Dario Rossi, Experiences of Internet Traffic Monitoring with Tstat, IEEE Network "March/April 2011", Vol.25, No.3, pp.8-14, ISSN: 0890-8044, March/April 2011
  • 9. TC: applications FTTH 4 Mbps ADSL 24 Mbps VoIP, DNS, Games, ... BitTorrent, eMule, YouTube, ... 5-10 ms 50-100 ms
  • 10. TC: existing solutions • Port numbers • Deep Packet Inspection (DPI) - e.g. [2,3] • Machine Learning - e.g. [5,9] • Behavioral analysis - e.g. [4,7,8] • Classifier fusion - e.g. [6]
  • 11. Waterfall: motivation Each TC algorithm has advantages and disadvantages. The problem: Could we integrate these approaches into one system so that we move forward in TC? How would solving this problem affect classification performance?
  • 12. Waterfall: the idea 1. Use existing classifiers as modules 2. Implement the rejection option 3. Minimize false positives 4. Connect in a cascade structure 1 2 3
  • 13. An old (yet new) idea • Classifier selection • Mixture of experts • Cascade classification Kuncheva L., “Combining pattern classifiers: methods and algorithms", John Wiley & Sons, 2004 A A B Ax • Classifier fusion • Majority vote • Weighted vote • Naive Bayes Combination • Behavior Knowledge Space • ...
  • 15. Waterfall: practical system dstip dnsclass portsize npkts port (Python source code available at mutrics.iitis.pl) Flow features limited to first 10 seconds
  • 16. Waterfall: validation • Total sum of over 3.5 TB of data • Validation of spatial and temporal stability Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
  • 17. Validation: dataset 1 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
  • 18. Validation: dataset 2 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Temporal stability (8 months)
  • 19. Validation: datasets 3 and 4 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Spatial stability No payloads
  • 20. Experiment 1: >50% is easy Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 >50% >50%
  • 21. Experiment 2: more is faster Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 adding specialized modules
  • 22. Discussion • Waterfall is a new architecture for TC • We propose an idea and an open source implementation • A 5-element system yielded very good results • Findings • More than 50% of traffic in Internet is easy to identify • Adding more modules to cascade can increase the speed • Open questions • Quantitative comparison: Waterfall vs. BKS • How to train the system in an optimal way? • How to put the modules in a proper order?
  • 23. References 1. Foremski P., On different ways to classify Internet traffic: a short review of selected publications. Theoretical and Applied Informatics 2013; 25(2). 2. B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, Towards automated application signature generation for traffic identification, in Network Operations and Management Symposium, 2008. NOMS 2008. IEEE, pp. 160–167, IEEE, 2008. 3. S. H. Yeganeh, M. Eftekhar, Y. Ganjali, R. Keralapura, and A. Nucci, CUTE: Traffic Classification Using TErms, in Computer Communications and Networks (ICCCN), 2012 21st International Conference on, pp. 1–9, IEEE, 2012. 4. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, BLINC: Multilevel traffic classification in the dark, in ACM SIGCOMM Computer Communication Review, vol. 35, pp. 229 – 240, ACM, 2005. 5. A. Finamore, M. Mellia, M. Meo, and D. Rossi, KISS: Stochastic packet inspection classifier for udp traffic, Networking, IEEE/ACM Transactions on, vol. 18, no. 5, pp. 1505 – 1515, 2010. 6. A. Dainotti, A. Pescapé, and C. Sansone, Early classification of network traffic through multi- classification, Traffic Monitoring and Analysis, pp. 122 – 135, 2011. 7. Foremski P., Callegari C., Pagano M., DNS-Class: Immediate classification of IP flows using DNS, International Journal of Network Management, John Wiley & Sons, 2014, DOI: 10.1002/nem.1864 8. P. Bermolen, M. Mellia, M. Meo, D. Rossi, and S. Valenti, Abacus: Accurate behavioral classification of P2P-TV traffic, Computer Networks, vol. 55, no. 6, pp. 1394 – 1411, 2011. 9. G. Münz, H. Dai, L. Braun, and G. Carle, TCP traffic classification using Markov models, Traffic Monitoring and Analysis, pp. 127 – 140, 2010.
  • 24. Thank you! Paweł Foremski, pjf@iitis.pl Project website: http://mutrics.iitis.pl/
  • 25. TC: definition Internet traffic classification (or identification) is the act of matching IP packets to the applications that generated them. [1]
  • 26. TC: the problem • How to identify network traffic? • How to do it well? o With limited resources (on high-speed routers) o With limited details (only packet headers) o With good accuracy (no errors) o In limited time (in real-time) o For current and future protocols (flexibility and stability) o For the whole Internet (backbone routers and gateways) • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o Processing time o Unknown detection
  • 27. Example: dnsclass Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
  • 28. dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
  • 29. dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
  • 30. dnsclass: motivation Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014