Accurate, scalable in-network identification of p2p traffic using application signatures

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Accurate, scalable in-network identification of p2p traffic using application signatures

Full text

Pdf (206 KB)

Source

International World Wide Web Conference archive
Proceedings of the 13th international conference on World Wide Web table of contents

New York, NY, USA

SESSION: Workload analysis table of contents

Pages: 512 - 521

Year of Publication: 2004

ISBN:1-58113-844-X

Authors

Subhabrata Sen	AT&T Labs-Research, Florham Park, NJ
Oliver Spatscheck	AT&T Labs-Research, Florham Park, NJ
Dongmei Wang	AT&T Labs-Research, Florham Park, NJ

Sponsor

ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 29, Downloads (12 Months): 204, Citation Count: 31

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/988672.988742 What is a DOI?

ABSTRACT

The ability to accurately identify the network traffic associated with different P2P applications is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, service differentiation,etc. However, traditional traffic to higher-level application mapping techniques such as default server TCP or UDP network-port baseddisambiguation is highly inaccurate for some P2P applications.In this paper, we provide an efficient approach for identifying the P2P application traffic through application level signatures. We firstidentify the application level signatures by examining some available documentations, and packet-level traces. We then utilize the identified signatures to develop online filters that can efficiently and accurately track the P2P traffic even on high-speed network links.We examine the performance of our application-level identification approach using five popular P2P protocols. Our measurements show thatour technique achieves less than 5% false positive and false negative ratios in most cases. We also show that our approach only requires the examination of the very first few packets (less than 10packets) to identify a P2P connection, which makes our approach highly scalable. Our technique can significantly improve the P2P traffic volume estimates over what pure network port based approaches provide. For instance, we were able to identify 3 times as much traffic for the popular Kazaa P2P protocol, compared to the traditional port-based approach.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	BitTorrent Protocol. http://bitconjurer.org/BitTorrent.
	2	Internet Assigned Numbers Authority (IANA). http://www.iana.org/assignments/port-numbers.
	3	Internet Storm Center. http://isc.sans.org.
	4	Paul Barford , Jeffery Kline , David Plonka , Amos Ron, A signal analysis of network traffic anomalies, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France [doi>10.1145/637201.637210]
	5	Paul Barford , David Plonka, Characteristics of network traffic flow anomalies, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA [doi>10.1145/505202.505211]
	6	Robert S. Boyer , J. Strother Moore, A fast string searching algorithm, Communications of the ACM, v.20 n.10, p.762-772, Oct. 1977 [doi>10.1145/359842.359859]
	7	Chuck Cranor , Theodore Johnson , Oliver Spataschek , Vladislav Shkapenyuk, Gigascope: a stream database for network applications, Proceedings of the 2003 ACM SIGMOD international conference on Management of data, June 09-12, 2003, San Diego, California [doi>10.1145/872757.872838]
	8	Christian Dewes , Arne Wichmann , Anja Feldmann, An analysis of Internet chat systems, Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, October 27-29, 2003, Miami Beach, FL, USA [doi>10.1145/948205.948214]
	9	Anja Feldmann, BLT: Bi-layer tracing of HTTP and TCP&slash;IP, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.33 n.1-6, p.321-335, June 2000
	10	Glenn Fowler , David Korn , Stephen North , Herman Rao , Kiem-Phong Vo, Libraries and file system architecture, Practical reusable UNIX software, John Wiley & Sons, Inc., New York, NY, 1995
	11	A. Gerber, J. Houle, H. Nguyen, M. Roughan, and S. Sen. P2P The Gorilla in the Cable. In National Cable & Telecommunications Association (NCTA) 2003 National Show, Chicago, IL, June 2003.
	12	Krishna P. Gummadi , Richard J. Dunn , Stefan Saroiu , Steven D. Gribble , Henry M. Levy , John Zahorjan, Measurement, modeling, and analysis of a peer-to-peer file-sharing workload, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	13	Richard M. Karp , Michael O. Rabin, Efficient randomized pattern-matching algorithms, IBM Journal of Research and Development, v.31 n.2, p.249-260, March 1987
	14	D. Moore, G. Voelker, and S. Savage. Inferring Internet Denial of Service Activity. In Proc. of the USENIX Security Symposium, Washington, D.C., August 2001. http://www.cs.ucsd.edu/~savage/papers/UsenixSec01.pdf.
	15	White paper-netflow services and applications. http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.%htm.
	16	Vern Paxson, End-to-end routing behavior in the Internet, IEEE/ACM Transactions on Networking (TON), v.5 n.5, p.601-615, Oct. 1997 [doi>10.1109/90.649563]
	17	Stefan Saroiu , Krishna P. Gummadi , Richard J. Dunn , Steven D. Gribble , Henry M. Levy, An analysis of internet content delivery systems, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts [doi>10.1145/1060289.1060319]
	18	Subhabrata Sen , Jia Wang, Analyzing peer-to-peer traffic across large networks, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France [doi>10.1145/637201.637222]
	19	Y. Zhang and V. Paxson. Detecting backdoors. In Proc. USENIX, Denver, Colorado, USA, 2000.

CITED BY 31

	Liu Bin , Li Zhi Tang , Tu Hao, A methodology for P2P traffic measurement using application signature work-in-progress, Proceedings of the 2nd international conference on Scalable information systems, June 06-08, 2007, Suzhou, China
	Thomas Karagiannis , Andre Broido , Michalis Faloutsos , Kc claffy, Transport layer identification of P2P traffic, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
	Vijay Karamcheti , Davi Geiger , Zvi Kedem , S. Muthukrishnan, Detecting malicious network traffic using inverse distributions of packet contents, Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data, August 26-26, 2005, Philadelphia, Pennsylvania, USA
	Patrick Haffner , Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, ACAS: automated construction of application signatures, Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data, August 26-26, 2005, Philadelphia, Pennsylvania, USA
	Thomas Karagiannis , Konstantina Papagiannaki , Michalis Faloutsos, BLINC: multilevel traffic classification in the dark, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
	S. Antonatos , P. Akritidis , E. P. Markatos , K. G. Anagnostakis, Defending against hitlist worms using network address space randomization, Proceedings of the 2005 ACM workshop on Rapid malcode, November 11-11, 2005, Fairfax, VA, USA
	Jian Liang , Rakesh Kumar , Keith W. Ross, The FastTrack overlay: a measurement study, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.6, p.842-858, 13 April 2006
	Justin Ma , Kirill Levchenko , Christian Kreibich , Stefan Savage , Geoffrey M. Voelker, Unexpected means of protocol inference, Proceedings of the 6th ACM SIGCOMM on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil
	S. Antonatos , P. Akritidis , E. P. Markatos , K. G. Anagnostakis, Defending against hitlist worms using network address space randomization, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.12, p.3471-3490, August, 2007
	Jeffrey Erman , Anirban Mahanti , Martin Arlitt, Byte me: a case for byte accuracy in traffic classification, Proceedings of the 3rd annual ACM workshop on Mining network data, June 12-12, 2007, San Diego, California, USA
	Hamza Dahmouni , Sandrine Vaton , David Rossé, A markovian signature-based approach to IP traffic classification, Proceedings of the 3rd annual ACM workshop on Mining network data, June 12-12, 2007, San Diego, California, USA
	Michela Becchi , Patrick Crowley, An improved algorithm to accelerate regular expression evaluation, Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, December 03-04, 2007, Orlando, Florida, USA
	Flavio Bonomi , Michael Mitzenmacher , Rina Panigrah , Sushil Singh , George Varghese, Beyond bloom filters: from approximate membership checks to approximate state machines, ACM SIGCOMM Computer Communication Review, v.36 n.4, October 2006
	Jeffrey Erman , Martin Arlitt , Anirban Mahanti, Traffic classification using clustering algorithms, Proceedings of the 2006 SIGCOMM workshop on Mining network data, p.281-286, September 11-15, 2006, Pisa, Italy
	Jeffrey Erman , Anirban Mahanti , Martin Arlitt , Carey Williamson, Identifying and discriminating between web and peer-to-peer traffic in the network core, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada
	Jeffrey Erman , Anirban Mahanti , Martin Arlitt , Ira Cohen , Carey Williamson, Offline/realtime traffic classification using semi-supervised learning, Performance Evaluation, v.64 n.9-12, p.1194-1213, October, 2007
	Antonis Theocharides , Demetres Antoniades , Michalis Polychronakis , Elias Athanasopoulos , Evangelos P. Markatos, Topnet: a network-aware top(1), Proceedings of the 22nd conference on Large installation system administration conference, p.145-157, November 09-14, 2008, San Diego, California
	Wanchai Ngiwlay , Chalermek Intanagonwiwat , Yunyong Teng-amnuay, Bittorrent peer identification based on behaviors of a choke algorithm, Proceedings of the 4th Asian Conference on Internet Engineering, November 18-20, 2008, Pratunam, Bangkok, Thailand
	Naimul Basher , Aniket Mahanti , Anirban Mahanti , Carey Williamson , Martin Arlitt, A comparative analysis of web and peer-to-peer traffic, Proceeding of the 17th international conference on World Wide Web, April 21-25, 2008, Beijing, China
	Yaxuan Qi , Bo Xu , Fei He , Baohua Yang , Jianming Yu , Jun Li, Towards high-performance flow-level packet processing on multi-core network processors, Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, December 03-04, 2007, Orlando, Florida, USA
	Benjamin Arai , Gautam Das , Dimitrios Gunopulos , Vana Kalogeraki, Efficient Approximate Query Processing in Peer-to-Peer Networks, IEEE Transactions on Knowledge and Data Engineering, v.19 n.7, p.919-933, July 2007
	Haiyong Xie , Y. Richard Yang , Arvind Krishnamurthy , Yanbin Grace Liu , Abraham Silberschatz, P4p: provider portal for applications, ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
	Ionut Trestian , Supranamaya Ranjan , Aleksandar Kuzmanovi , Antonio Nucci, Unconstrained endpoint profiling (googling the internet), ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
	Haitao He , Chunhui Che , Feiteng Ma , Jun Zhang , Xiaonan Luo, Traffic classification using en-semble learning and co-training, Proceedings of the 8th conference on Applied informatics and communications, p.458-463, August 20-22, 2008, Rhodes, Greece
	Zhenxiang Chen , Bo Yang , Yuehui Chen , Ajith Abraham , Crina Grosan , Lizhi Peng, Online hybrid traffic classifier for Peer-to-Peer systems based on network processors, Applied Soft Computing, v.9 n.2, p.685-694, March, 2009
	Mohamed Hefeeda , Osama Saleh, Traffic modeling and proportional partial caching for peer-to-peer systems, IEEE/ACM Transactions on Networking (TON), v.16 n.6, p.1447-1460, December 2008
	Ying-Dar Lin , Po-Ching Lin , Meng-Fu Tsai , Tsao-Jiang Chang , Yuan-Cheng Lai, kP2PADM: An In-Kernel Architecture of P2P Management Gateway, IEICE - Transactions on Information and Systems, v.E91-D n.10, p.2398-2405, October 2008
	Yan Hu , Dah-Ming Chiu , John C. S. Lui, Profiling and identification of P2P traffic, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.849-863, April, 2009
	Daniele Apiletti , Elena Baralis , Tania Cerquitelli , Vincenzo D'Elia, Characterizing network traffic by means of the NetMine framework, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.774-789, April, 2009
	Jeffrey Erman , Alexandre Gerber , Mohammad T. Hajiaghayi , Dan Pei , Oliver Spatscheck, Network-aware forward caching, Proceedings of the 18th international conference on World wide web, April 20-24, 2009, Madrid, Spain
	Hyunchul Kim , KC Claffy , Marina Fomenkov , Dhiman Barman , Michalis Faloutsos , KiYoung Lee, Internet traffic classification demystified: myths, caveats, and the best practices, Proceedings of the 2008 ACM CoNEXT Conference, p.1-12, December 09-12, 2008, Madrid, Spain