Radiotekhnika
Publishing house Radiotekhnika

"Publishing house Radiotekhnika":
scientific and technical literature.
Books and journals of publishing houses: IPRZHR, RS-PRESS, SCIENCE-PRESS


Тел.: +7 (495) 625-9241

 

A classification algorithm for network traffic based on the packets content analisys

Keywords:

P.V. Egorov – Post-graduate Student, Bauman Moscow State Technical University
E-mail: yegorov.p@gmail.com
V.M. Chernenky – Dr. Sc. (Eng.), Professor, Head of Department «Information Processing and Control Systems», Bauman Moscow State Technical University
E-mail: chernen@bmstu.ru


The classification scheme is based on the analysis of the contents of the packages. It is a strictly sequential procedure. The ultimate goal is to obtain sufficient confidence that a particular traffic flow are properly mapped with its application.
During the classification not only individual packets are being analyzed, but so does the entire data streams. That grouping allows not only to process the datamore efficiently, but to use the received information in the future, for a more precise definition of the network application that created the flow. Aggregation of individual packets in the flows is based on matching the address/port source/destination and protocol. In some cases, it also analyzes the start and end of the broadcast stream. Traffic analysis is performed in both directions.
Upon successful classification of a particular stream accumulates important information about which hosts were active at the time of the selection traffic. This information is used to build a database of «host and port»pairs, which is used in a process of further classification, based on previously discovered role of the host. Furthermore, we additionally get information about the host records in DNS, as the names in the analyzed traffic can indicate the presence of proxy servers, mail servers or VPN servers.
The next step is sequence analysis of the flow according to various criteria. This procedure continues as long as packets belonging to a particular application is defined correctly. After each step the calculation accuracy of the current method is being calculated.

References:
  1. IANA Service Name and Transport Protocol Port Number Registry. URL = http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml (data obrashheniya: 10.11.2015).
  2. Madhukar C.A. Williamson, «longitudinal study of P2P traffic classification» // Proceedings of the 14th IEEE Symposium Analysis, and Simulation. 2006. Monterey. CA. USA. S. 2.
  3. SoftEther VPN Project. URL = https://www.softether.org/1-features/2._Layer-2_Ethernet-based_VPN (data obrashheniya: 10.11.2015).
  4. Chernyagin D.V. Adaptivnoe upravlenie trafikom neodnorodny’x setevy’x potokov. Avtoreferat. Dubna. 2011. 16 s.
  5. Cisco IOS NetFlow. URL = http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html (data obrashheniya: 10.11.2015).
  6. NetStream (Integrated) Technology White Paper. URL = http://enterprise.huawei.com/ilink/enenterprise/download/HW_201022 (data obrashheniya: 10.11.2015).
  7. Petrov V.V. Struktura teletrafika i algoritm obespecheniya kachestva obsluzhivaniya pri vliyanii e’ffekta samopodobiya. Avtoreferat dissertaczii. M.: 2004. 20 s.
  8. Chernen’kij V.M. Algoritmicheskij metod opisaniya diskretny’x proczessov funkczionirovaniya sistem // Informaczionno-izmeritel’ny’e i upravlyayushhie sistemy’. 2016. № 12. S. 11−21.

© Издательство «РАДИОТЕХНИКА», 2004-2017            Тел.: (495) 625-9241                   Designed by [SWAP]Studio