Speeding-Up DPI Traffic Classification with Chaining

The importance of network traffic classification has grown over the last two decades in line with the increasing diver- sity of networked applications. Nowadays traditional approaches to traffic classification, relying on port numbers and on Deep Packet Inspection (DPI), are not very effective in real scenarios respectively due to the usage of random or non-standard port numbers and to the wide usage of end-to-end encryption. Despite their limitations, port- based and DPI approaches are still widely used in operational networks for a number of network monitoring and management tasks. This paper proposes a practical approach for improving the efficiency of traditional traffic classification techniques by chain- ing fast classification stages (port-based and machine-learning- based), combined to lower their false-positive rate, and a more precise - but time- and resource-demanding - stage based on DPI. Experimental results demonstrate that Chain obtains results in line with DPI approaches in term of Precision, Recall, Accuracy and Area Under the Curve (AUC), while it is 45% faster when compared to nDPIng, a well- known DPI implementation. The appealing of the proposed approach in Network Function Virtualization (NFV) contexts is also discussed.