TY - JOUR
T1 - Speeding-Up DPI Traffic Classification with Chaining
AU - Doroud, Hossein
AU - Aceto, Giuseppe
AU - De Donato, Walter
AU - Jarchlo, Elnaz Alizadeh
AU - Lopez, Andres Marin
AU - Guerrero, Cesar D.
AU - Pescape, Antonio
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018
Y1 - 2018
N2 - The importance of network traffic classification has grown over the last two decades in line with the increasing diver- sity of networked applications. Nowadays traditional approaches to traffic classification, relying on port numbers and on Deep Packet Inspection (DPI), are not very effective in real scenarios respectively due to the usage of random or non-standard port numbers and to the wide usage of end-to-end encryption. Despite their limitations, port- based and DPI approaches are still widely used in operational networks for a number of network monitoring and management tasks. This paper proposes a practical approach for improving the efficiency of traditional traffic classification techniques by chain- ing fast classification stages (port-based and machine-learning- based), combined to lower their false-positive rate, and a more precise - but time- and resource-demanding - stage based on DPI. Experimental results demonstrate that Chain obtains results in line with DPI approaches in term of Precision, Recall, Accuracy and Area Under the Curve (AUC), while it is 45% faster when compared to nDPIng, a well- known DPI implementation. The appealing of the proposed approach in Network Function Virtualization (NFV) contexts is also discussed.
AB - The importance of network traffic classification has grown over the last two decades in line with the increasing diver- sity of networked applications. Nowadays traditional approaches to traffic classification, relying on port numbers and on Deep Packet Inspection (DPI), are not very effective in real scenarios respectively due to the usage of random or non-standard port numbers and to the wide usage of end-to-end encryption. Despite their limitations, port- based and DPI approaches are still widely used in operational networks for a number of network monitoring and management tasks. This paper proposes a practical approach for improving the efficiency of traditional traffic classification techniques by chain- ing fast classification stages (port-based and machine-learning- based), combined to lower their false-positive rate, and a more precise - but time- and resource-demanding - stage based on DPI. Experimental results demonstrate that Chain obtains results in line with DPI approaches in term of Precision, Recall, Accuracy and Area Under the Curve (AUC), while it is 45% faster when compared to nDPIng, a well- known DPI implementation. The appealing of the proposed approach in Network Function Virtualization (NFV) contexts is also discussed.
UR - http://www.scopus.com/inward/record.url?scp=85063453775&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2018.8648137
DO - 10.1109/GLOCOM.2018.8648137
M3 - Artículo de la conferencia
AN - SCOPUS:85063453775
JO - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
JF - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
T2 - 2018 IEEE Global Communications Conference, GLOBECOM 2018
Y2 - 9 December 2018 through 13 December 2018
ER -
