SlideShare a Scribd company logo

Waterfall: Rapid identification of IP flows using cascade classification

Pawel Foremski
Pawel Foremski

In the last years network traffic classification has attracted much research effort, given that it represents the foundation of many Internet functionalities such as Quality of Service (QoS) enforcement, monitoring, and security. Nonetheless, the proposed works are not able to satisfactorily solve the problem, usually being suitable for only addressing a given portion of the whole network traffic and thus none of them can be considered an ultimate solution for network classification. In this paper, we address network traffic classification by proposing a new architecture-named Waterfall architecture-that, by combining several classification algorithms together according to a cascade principle, is able to correctly classify the whole mixture of network traffic.

Science
1 of 30
Download to read offline
Waterfall: Rapid identification of IP flows using cascade classification Paweł Foremski, MSc. Eng. The Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences, Gliwice pjf@iitis.pl Brunów, 24th June 2014CN 2014 Conference
Identification of IP flows? “traffic classification” or “traffic identification”
TC: input - output Traffic Classifier Input Output network traffic application names
TC input • TC input is the object of classification: o Single IP packet o IP flow o Endpoint o Host
TC output • TC output is the result of classification: o Application name – e.g. Skype, Teamviewer o Network protocol – e.g. HTTP, SMTP o Category – e.g. chat, streaming o Traffic profile – e.g. bulk, interactive o Content type – e.g. text, image o Web application – e.g. Google Docs, Facebook
TC: the problem • How to identify network traffic? • How to cope with practical constraints? o With limited resources (on high-speed routers) o With limited details (only packet headers) o ... • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o ...
TC: applications HTTP Skype BitTorrent FTP BitTorrent Queuing Quality of Service Firewall Access Policy Monitoring Routing ...
TC: applications Alessandro Finamore, Marco Mellia, Michela Meo, Maurizio M. Munafò, Dario Rossi, Experiences of Internet Traffic Monitoring with Tstat, IEEE Network "March/April 2011", Vol.25, No.3, pp.8-14, ISSN: 0890-8044, March/April 2011
TC: applications FTTH 4 Mbps ADSL 24 Mbps VoIP, DNS, Games, ... BitTorrent, eMule, YouTube, ... 5-10 ms 50-100 ms
TC: existing solutions • Port numbers • Deep Packet Inspection (DPI) - e.g. [2,3] • Machine Learning - e.g. [5,9] • Behavioral analysis - e.g. [4,7,8] • Classifier fusion - e.g. [6]
Waterfall: motivation Each TC algorithm has advantages and disadvantages. The problem: Could we integrate these approaches into one system so that we move forward in TC? How would solving this problem affect classification performance?
Waterfall: the idea 1. Use existing classifiers as modules 2. Implement the rejection option 3. Minimize false positives 4. Connect in a cascade structure 1 2 3
An old (yet new) idea • Classifier selection • Mixture of experts • Cascade classification Kuncheva L., “Combining pattern classifiers: methods and algorithms", John Wiley & Sons, 2004 A A B Ax • Classifier fusion • Majority vote • Weighted vote • Naive Bayes Combination • Behavior Knowledge Space • ...
Waterfall: the idea
Waterfall: practical system dstip dnsclass portsize npkts port (Python source code available at mutrics.iitis.pl) Flow features limited to first 10 seconds
Waterfall: validation • Total sum of over 3.5 TB of data • Validation of spatial and temporal stability Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
Validation: dataset 1 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
Validation: dataset 2 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Temporal stability (8 months)
Validation: datasets 3 and 4 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Spatial stability No payloads
Experiment 1: >50% is easy Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 >50% >50%
Experiment 2: more is faster Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 adding specialized modules
Discussion • Waterfall is a new architecture for TC • We propose an idea and an open source implementation • A 5-element system yielded very good results • Findings • More than 50% of traffic in Internet is easy to identify • Adding more modules to cascade can increase the speed • Open questions • Quantitative comparison: Waterfall vs. BKS • How to train the system in an optimal way? • How to put the modules in a proper order?
References 1. Foremski P., On different ways to classify Internet traffic: a short review of selected publications. Theoretical and Applied Informatics 2013; 25(2). 2. B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, Towards automated application signature generation for traffic identification, in Network Operations and Management Symposium, 2008. NOMS 2008. IEEE, pp. 160–167, IEEE, 2008. 3. S. H. Yeganeh, M. Eftekhar, Y. Ganjali, R. Keralapura, and A. Nucci, CUTE: Traffic Classification Using TErms, in Computer Communications and Networks (ICCCN), 2012 21st International Conference on, pp. 1–9, IEEE, 2012. 4. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, BLINC: Multilevel traffic classification in the dark, in ACM SIGCOMM Computer Communication Review, vol. 35, pp. 229 – 240, ACM, 2005. 5. A. Finamore, M. Mellia, M. Meo, and D. Rossi, KISS: Stochastic packet inspection classifier for udp traffic, Networking, IEEE/ACM Transactions on, vol. 18, no. 5, pp. 1505 – 1515, 2010. 6. A. Dainotti, A. Pescapé, and C. Sansone, Early classification of network traffic through multi- classification, Traffic Monitoring and Analysis, pp. 122 – 135, 2011. 7. Foremski P., Callegari C., Pagano M., DNS-Class: Immediate classification of IP flows using DNS, International Journal of Network Management, John Wiley & Sons, 2014, DOI: 10.1002/nem.1864 8. P. Bermolen, M. Mellia, M. Meo, D. Rossi, and S. Valenti, Abacus: Accurate behavioral classification of P2P-TV traffic, Computer Networks, vol. 55, no. 6, pp. 1394 – 1411, 2011. 9. G. Münz, H. Dai, L. Braun, and G. Carle, TCP traffic classification using Markov models, Traffic Monitoring and Analysis, pp. 127 – 140, 2010.
Thank you! Paweł Foremski, pjf@iitis.pl Project website: http://mutrics.iitis.pl/
TC: definition Internet traffic classification (or identification) is the act of matching IP packets to the applications that generated them. [1]
TC: the problem • How to identify network traffic? • How to do it well? o With limited resources (on high-speed routers) o With limited details (only packet headers) o With good accuracy (no errors) o In limited time (in real-time) o For current and future protocols (flexibility and stability) o For the whole Internet (backbone routers and gateways) • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o Processing time o Unknown detection
Example: dnsclass Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
dnsclass: motivation Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014

Recommended

Hybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksHybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksZhenyun Zhuang
 
A Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemA Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemZhenyun Zhuang
 
Dynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesDynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesZhenyun Zhuang
 
Study of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksStudy of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksAlexander Decker
 
Scale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksScale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksIOSR Journals
 
presentation_SB_v01
presentation_SB_v01presentation_SB_v01
presentation_SB_v01Salvatore Balzano
 
Extending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerExtending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerScientific Review
 
On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...IJCNCJournal
 

Recommended

Hybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksHybrid Periodical Flooding in Unstructured Peer-to-Peer Networks
Hybrid Periodical Flooding in Unstructured Peer-to-Peer NetworksZhenyun Zhuang
 
A Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemA Distributed Approach to Solving Overlay Mismatching Problem
A Distributed Approach to Solving Overlay Mismatching ProblemZhenyun Zhuang
 
Dynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesDynamic Layer Management in Super-Peer Architectures
Dynamic Layer Management in Super-Peer ArchitecturesZhenyun Zhuang
 
Study of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksStudy of the topology mismatch problem in peer to-peer networks
Study of the topology mismatch problem in peer to-peer networksAlexander Decker
 
Scale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksScale-Free Networks to Search in Unstructured Peer-To-Peer Networks
Scale-Free Networks to Search in Unstructured Peer-To-Peer NetworksIOSR Journals
 
presentation_SB_v01
presentation_SB_v01presentation_SB_v01
presentation_SB_v01Salvatore Balzano
 
Extending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerExtending TCP the Major Protocol of Transport Layer
Extending TCP the Major Protocol of Transport LayerScientific Review
 
On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...IJCNCJournal
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
 
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationAnalytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationIJCNCJournal
 
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P SystemNon Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
G0434045
G0434045G0434045
G0434045IOSR Journals
 
Iaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd Iaetsd
 
27
2727
27IMPULSE_TECHNOLOGY
 
HON_NetSci_2016
HON_NetSci_2016HON_NetSci_2016
HON_NetSci_2016Jian Xu
 
World Wide Web
World Wide WebWorld Wide Web
World Wide WebDenise Vilardo
 
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...IRJET Journal
 
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkEffective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkUvaraj Shan
 
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Uvaraj Shan
 
TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006Kalman Graffi
 
Integrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataIntegrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataDhaval Thakker
 
Hou_Resume
Hou_ResumeHou_Resume
Hou_ResumeShibo Hou
 
ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"Fabien Gandon
 
Resume
ResumeResume
ResumeVivek Pahwa
 
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma..."Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...Núcleo de Electrónica e Informática da Universidade do Algarve
 
Grid Computing: BOINC Overview
Grid Computing: BOINC OverviewGrid Computing: BOINC Overview
Grid Computing: BOINC OverviewRodrigo Neves
 
Resume
Resume Resume
Resume Vivek Pahwa
 
QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006Kalman Graffi
 
Orientation to Computer Networks
Orientation to Computer NetworksOrientation to Computer Networks
Orientation to Computer NetworksMukesh Chinta
 
Automatics and Remote Control
Automatics and Remote ControlAutomatics and Remote Control
Automatics and Remote ControlVisionary_
 

More Related Content

What's hot

EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
 
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationAnalytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationIJCNCJournal
 
Iaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd Iaetsd
 
HON_NetSci_2016
HON_NetSci_2016HON_NetSci_2016
HON_NetSci_2016Jian Xu
 
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...IRJET Journal
 
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkEffective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkUvaraj Shan
 
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Uvaraj Shan
 
TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006Kalman Graffi
 
Integrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataIntegrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataDhaval Thakker
 

What's hot (13)

EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
 
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT ConsiderationAnalytical Modelling of Localized P2P Streaming Systems under NAT Consideration
Analytical Modelling of Localized P2P Streaming Systems under NAT Consideration
 
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P SystemNon Path-Based Mutual Anonymity Protocol for Decentralized P2P System
Non Path-Based Mutual Anonymity Protocol for Decentralized P2P System
 
G0434045
G0434045G0434045
G0434045
 
Iaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing overIaetsd an enhancement for content sharing over
Iaetsd an enhancement for content sharing over
 
27
2727
27
 
HON_NetSci_2016
HON_NetSci_2016HON_NetSci_2016
HON_NetSci_2016
 
World Wide Web
World Wide WebWorld Wide Web
World Wide Web
 
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
An Extensive Literature Review of Various Routing Protocols in Delay Tolerant...
 
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkEffective Data Retrieval System with Bloom in a Unstructured p2p Network
Effective Data Retrieval System with Bloom in a Unstructured p2p Network
 
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
Flexible Bloom for Searching Textual Content Based Retrieval System in an Uns...
 
TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006TU Darmstadt - KOM - P2P Group Overview 2006
TU Darmstadt - KOM - P2P Group Overview 2006
 
Integrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched dataIntegrating digital traces into a semantic enriched data
Integrating digital traces into a semantic enriched data
 

Similar to Waterfall: Rapid identification of IP flows using cascade classification

ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"Fabien Gandon
 
Grid Computing: BOINC Overview
Grid Computing: BOINC OverviewGrid Computing: BOINC Overview
Grid Computing: BOINC OverviewRodrigo Neves
 
QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006Kalman Graffi
 
Orientation to Computer Networks
Orientation to Computer NetworksOrientation to Computer Networks
Orientation to Computer NetworksMukesh Chinta
 
Automatics and Remote Control
Automatics and Remote ControlAutomatics and Remote Control
Automatics and Remote ControlVisionary_
 
A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...Fellowship at Vodafone FutureLab
 
ESWC2015 opening ceremony
ESWC2015 opening ceremonyESWC2015 opening ceremony
ESWC2015 opening ceremonyFabien Gandon
 
Data Communication & Computer Networks
Data Communication & Computer NetworksData Communication & Computer Networks
Data Communication & Computer NetworksSreedhar Chowdam
 
ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)Shibiao Nong
 
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...Sharif Hossen
 
Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"Valentin Thirion
 
978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michael978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michaelADARAMOLA MICHAEL FUNSO
 
A Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSNA Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSNIJARIIT
 

Similar to Waterfall: Rapid identification of IP flows using cascade classification (20)

Hou_Resume
Hou_ResumeHou_Resume
Hou_Resume
 
ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"ESWC 2015 Closing and "General Chair's minute of Madness"
ESWC 2015 Closing and "General Chair's minute of Madness"
 
Resume
ResumeResume
Resume
 
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma..."Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
"Grid Computing: BOINC Overview" por Rodrigo Neves, Nuno Mestre, Francisco Ma...
 
Grid Computing: BOINC Overview
Grid Computing: BOINC OverviewGrid Computing: BOINC Overview
Grid Computing: BOINC Overview
 
Resume
Resume Resume
Resume
 
QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006QuaP2P Kickoff Slides 2006
QuaP2P Kickoff Slides 2006
 
Orientation to Computer Networks
Orientation to Computer NetworksOrientation to Computer Networks
Orientation to Computer Networks
 
Automatics and Remote Control
Automatics and Remote ControlAutomatics and Remote Control
Automatics and Remote Control
 
A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...A machine learning based protocol for efficient routing in opportunistic netw...
A machine learning based protocol for efficient routing in opportunistic netw...
 
ESWC2015 opening ceremony
ESWC2015 opening ceremonyESWC2015 opening ceremony
ESWC2015 opening ceremony
 
Data Communication & Computer Networks
Data Communication & Computer NetworksData Communication & Computer Networks
Data Communication & Computer Networks
 
ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)ShibiaoNong_Resume_ColumbiaMS (1)
ShibiaoNong_Resume_ColumbiaMS (1)
 
Peer to peer connection
Peer to peer connectionPeer to peer connection
Peer to peer connection
 
Tcp
TcpTcp
Tcp
 
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
Performance analysis of Delay-Tolerant Routing Protocols in Intermittently Co...
 
Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"Network Measurement and Monitori - Assigment 1, Group3, "Classification"
Network Measurement and Monitori - Assigment 1, Group3, "Classification"
 
978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michael978 3-659-41237-0-e-book -adaramola michael
978 3-659-41237-0-e-book -adaramola michael
 
A Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSNA Review on Traffic Classification Methods in WSN
A Review on Traffic Classification Methods in WSN
 
AVSTP2P Overview
AVSTP2P OverviewAVSTP2P Overview
AVSTP2P Overview
 

Recently uploaded

Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.aasikanpl
 
Orientation, design and principles of polyhouse
Orientation, design and principles of polyhouseOrientation, design and principles of polyhouse
Orientation, design and principles of polyhousejana861314
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Nistarini College, Purulia (W.B) India
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...RohitNehra6
 
Luciferase in rDNA technology (biotechnology).pptx
Luciferase in rDNA technology (biotechnology).pptxLuciferase in rDNA technology (biotechnology).pptx
Luciferase in rDNA technology (biotechnology).pptxAleenaTreesaSaji
 
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.aasikanpl
 
Neurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trNeurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trssuser06f238
 
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfBehavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfSELF-EXPLANATORY
 
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCESTERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCEPRINCE C P
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeSatoshi NAKAHIRA
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxUmerFayaz5
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡anilsa9823
 
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxPhysiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxAArockiyaNisha
 
Scheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxScheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxyaramohamed343013
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PPRINCE C P
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTSérgio Sacani
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Sérgio Sacani
 
Boyles law module in the grade 10 science
Boyles law module in the grade 10 scienceBoyles law module in the grade 10 science
Boyles law module in the grade 10 sciencefloriejanemacaya1
 

Recently uploaded (20)

Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
 
Orientation, design and principles of polyhouse
Orientation, design and principles of polyhouseOrientation, design and principles of polyhouse
Orientation, design and principles of polyhouse
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...
 
Luciferase in rDNA technology (biotechnology).pptx
Luciferase in rDNA technology (biotechnology).pptxLuciferase in rDNA technology (biotechnology).pptx
Luciferase in rDNA technology (biotechnology).pptx
 
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
 
Neurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 trNeurodevelopmental disorders according to the dsm 5 tr
Neurodevelopmental disorders according to the dsm 5 tr
 
Engler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomyEngler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomy
 
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfBehavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
 
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
 
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCESTERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real time
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptx
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
 
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxPhysiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
 
Scheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxScheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docx
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C P
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOST
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
 
Boyles law module in the grade 10 science
Boyles law module in the grade 10 scienceBoyles law module in the grade 10 science
Boyles law module in the grade 10 science
 

Waterfall: Rapid identification of IP flows using cascade classification

  • 1. Waterfall: Rapid identification of IP flows using cascade classification Paweł Foremski, MSc. Eng. The Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences, Gliwice pjf@iitis.pl Brunów, 24th June 2014CN 2014 Conference
  • 2. Identification of IP flows? “traffic classification” or “traffic identification”
  • 3. TC: input - output Traffic Classifier Input Output network traffic application names
  • 4. TC input • TC input is the object of classification: o Single IP packet o IP flow o Endpoint o Host
  • 5. TC output • TC output is the result of classification: o Application name – e.g. Skype, Teamviewer o Network protocol – e.g. HTTP, SMTP o Category – e.g. chat, streaming o Traffic profile – e.g. bulk, interactive o Content type – e.g. text, image o Web application – e.g. Google Docs, Facebook
  • 6. TC: the problem • How to identify network traffic? • How to cope with practical constraints? o With limited resources (on high-speed routers) o With limited details (only packet headers) o ... • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o ...
  • 7. TC: applications HTTP Skype BitTorrent FTP BitTorrent Queuing Quality of Service Firewall Access Policy Monitoring Routing ...
  • 8. TC: applications Alessandro Finamore, Marco Mellia, Michela Meo, Maurizio M. Munafò, Dario Rossi, Experiences of Internet Traffic Monitoring with Tstat, IEEE Network "March/April 2011", Vol.25, No.3, pp.8-14, ISSN: 0890-8044, March/April 2011
  • 9. TC: applications FTTH 4 Mbps ADSL 24 Mbps VoIP, DNS, Games, ... BitTorrent, eMule, YouTube, ... 5-10 ms 50-100 ms
  • 10. TC: existing solutions • Port numbers • Deep Packet Inspection (DPI) - e.g. [2,3] • Machine Learning - e.g. [5,9] • Behavioral analysis - e.g. [4,7,8] • Classifier fusion - e.g. [6]
  • 11. Waterfall: motivation Each TC algorithm has advantages and disadvantages. The problem: Could we integrate these approaches into one system so that we move forward in TC? How would solving this problem affect classification performance?
  • 12. Waterfall: the idea 1. Use existing classifiers as modules 2. Implement the rejection option 3. Minimize false positives 4. Connect in a cascade structure 1 2 3
  • 13. An old (yet new) idea • Classifier selection • Mixture of experts • Cascade classification Kuncheva L., “Combining pattern classifiers: methods and algorithms", John Wiley & Sons, 2004 A A B Ax • Classifier fusion • Majority vote • Weighted vote • Naive Bayes Combination • Behavior Knowledge Space • ...
  • 15. Waterfall: practical system dstip dnsclass portsize npkts port (Python source code available at mutrics.iitis.pl) Flow features limited to first 10 seconds
  • 16. Waterfall: validation • Total sum of over 3.5 TB of data • Validation of spatial and temporal stability Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
  • 17. Validation: dataset 1 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014
  • 18. Validation: dataset 2 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Temporal stability (8 months)
  • 19. Validation: datasets 3 and 4 Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 Spatial stability No payloads
  • 20. Experiment 1: >50% is easy Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 >50% >50%
  • 21. Experiment 2: more is faster Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification“. Proceedings of the 21st International Conference on Computer Networks, CN2014, CCIS 431, pp. 14-23. Springer, 2014 adding specialized modules
  • 22. Discussion • Waterfall is a new architecture for TC • We propose an idea and an open source implementation • A 5-element system yielded very good results • Findings • More than 50% of traffic in Internet is easy to identify • Adding more modules to cascade can increase the speed • Open questions • Quantitative comparison: Waterfall vs. BKS • How to train the system in an optimal way? • How to put the modules in a proper order?
  • 23. References 1. Foremski P., On different ways to classify Internet traffic: a short review of selected publications. Theoretical and Applied Informatics 2013; 25(2). 2. B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, Towards automated application signature generation for traffic identification, in Network Operations and Management Symposium, 2008. NOMS 2008. IEEE, pp. 160–167, IEEE, 2008. 3. S. H. Yeganeh, M. Eftekhar, Y. Ganjali, R. Keralapura, and A. Nucci, CUTE: Traffic Classification Using TErms, in Computer Communications and Networks (ICCCN), 2012 21st International Conference on, pp. 1–9, IEEE, 2012. 4. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, BLINC: Multilevel traffic classification in the dark, in ACM SIGCOMM Computer Communication Review, vol. 35, pp. 229 – 240, ACM, 2005. 5. A. Finamore, M. Mellia, M. Meo, and D. Rossi, KISS: Stochastic packet inspection classifier for udp traffic, Networking, IEEE/ACM Transactions on, vol. 18, no. 5, pp. 1505 – 1515, 2010. 6. A. Dainotti, A. Pescapé, and C. Sansone, Early classification of network traffic through multi- classification, Traffic Monitoring and Analysis, pp. 122 – 135, 2011. 7. Foremski P., Callegari C., Pagano M., DNS-Class: Immediate classification of IP flows using DNS, International Journal of Network Management, John Wiley & Sons, 2014, DOI: 10.1002/nem.1864 8. P. Bermolen, M. Mellia, M. Meo, D. Rossi, and S. Valenti, Abacus: Accurate behavioral classification of P2P-TV traffic, Computer Networks, vol. 55, no. 6, pp. 1394 – 1411, 2011. 9. G. Münz, H. Dai, L. Braun, and G. Carle, TCP traffic classification using Markov models, Traffic Monitoring and Analysis, pp. 127 – 140, 2010.
  • 24. Thank you! Paweł Foremski, pjf@iitis.pl Project website: http://mutrics.iitis.pl/
  • 25. TC: definition Internet traffic classification (or identification) is the act of matching IP packets to the applications that generated them. [1]
  • 26. TC: the problem • How to identify network traffic? • How to do it well? o With limited resources (on high-speed routers) o With limited details (only packet headers) o With good accuracy (no errors) o In limited time (in real-time) o For current and future protocols (flexibility and stability) o For the whole Internet (backbone routers and gateways) • How to measure the performance? o Result accuracy o Reaction time o Temporal stability o Spatial stability o Processing time o Unknown detection
  • 27. Example: dnsclass Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
  • 28. dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
  • 29. dnsclass: details Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014
  • 30. dnsclass: motivation Foremski P., Callegari C., Pagano M., "DNS-Class: Immediate classification of IP flows using DNS", International Journal of Network Management, John Wiley & Sons, 2014