Host-based P2P flow identification and use in real-time

Emi Garcia-Palacios; John Hurley; Sakir Sezer

doi:10.1145/1961659.1961661

Host-based P2P flow identification and use in real-time

Emi Garcia-Palacios, John Hurley, Sakir Sezer

Research output: Contribution to journal › Article › peer-review

14 Citations (Scopus)

5 Downloads (Pure)

Abstract

Data identification is a key task for any Internet Service Provider (ISP) or network administrator. As port fluctuation and encryption become more common in P2P traffic wishing to avoid identification, new strategies must be developed to detect and classify such flows. This paper introduces a new method of separating P2P and standard web traffic that can be applied as part of a data mining process, based on the activity of the hosts on the network. Unlike other research, our method is aimed at classifying individual flows rather than just identifying P2P hosts or ports. Heuristics are analysed and a classification system proposed. The accuracy of the system is then tested using real network traffic from a core internet router showing over 99% accuracy in some cases. We expand on this proposed strategy to investigate its application to real-time, early classification problems. New proposals are made and the results of real-time experiments compared to those obtained in the data mining research. To the best of our knowledge this is the first research to use host based flow identification to determine a flows application within the early stages of the connection.

Original language	English
Article number	7
Number of pages	27
Journal	ACM Transactions on the Web
Volume	5
Issue number	2
DOIs	https://doi.org/10.1145/1961659.1961661
Publication status	Published - May 2011

Bibliographical note

The methodology presented can correctly separate web protocols from Peer to Peer protocols by looking at individual traffic flows as well as network hosts. This novel host based approach can achieve up to 99% accuracy when tested with real network traffic and it can be potentially used by network operators to identify user applications.

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1145/1961659.1961661

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Host-based P2P flow identification and use in real-time'. Together they form a unique fingerprint.

1 Finished

R1118ECI: Centre for Secure Information Technologies (CSIT)
McCanny, J. V., Cowan, C., Crookes, D., Fusco, V., Linton, D., Liu, W., Miller, P., O'Neill, M., Scanlon, W. & Sezer, S.
01/08/2009 → 30/06/2014
Project: Research

Cite this

@article{6772d1e2668544e085195c6939f5b4a1,

title = "Host-based P2P flow identification and use in real-time",

abstract = "Data identification is a key task for any Internet Service Provider (ISP) or network administrator. As port fluctuation and encryption become more common in P2P traffic wishing to avoid identification, new strategies must be developed to detect and classify such flows. This paper introduces a new method of separating P2P and standard web traffic that can be applied as part of a data mining process, based on the activity of the hosts on the network. Unlike other research, our method is aimed at classifying individual flows rather than just identifying P2P hosts or ports. Heuristics are analysed and a classification system proposed. The accuracy of the system is then tested using real network traffic from a core internet router showing over 99% accuracy in some cases. We expand on this proposed strategy to investigate its application to real-time, early classification problems. New proposals are made and the results of real-time experiments compared to those obtained in the data mining research. To the best of our knowledge this is the first research to use host based flow identification to determine a flows application within the early stages of the connection.",

author = "Emi Garcia-Palacios and John Hurley and Sakir Sezer",

note = "The methodology presented can correctly separate web protocols from Peer to Peer protocols by looking at individual traffic flows as well as network hosts. This novel host based approach can achieve up to 99% accuracy when tested with real network traffic and it can be potentially used by network operators to identify user applications.",

year = "2011",

month = may,

doi = "10.1145/1961659.1961661",

language = "English",

volume = "5",

journal = "ACM Transactions on the Web",

issn = "1559-1131",

publisher = "Association for Computing Machinery (ACM)",

number = "2",

}

TY - JOUR

T1 - Host-based P2P flow identification and use in real-time

AU - Garcia-Palacios, Emi

AU - Hurley, John

AU - Sezer, Sakir

N1 - The methodology presented can correctly separate web protocols from Peer to Peer protocols by looking at individual traffic flows as well as network hosts. This novel host based approach can achieve up to 99% accuracy when tested with real network traffic and it can be potentially used by network operators to identify user applications.

PY - 2011/5

Y1 - 2011/5

N2 - Data identification is a key task for any Internet Service Provider (ISP) or network administrator. As port fluctuation and encryption become more common in P2P traffic wishing to avoid identification, new strategies must be developed to detect and classify such flows. This paper introduces a new method of separating P2P and standard web traffic that can be applied as part of a data mining process, based on the activity of the hosts on the network. Unlike other research, our method is aimed at classifying individual flows rather than just identifying P2P hosts or ports. Heuristics are analysed and a classification system proposed. The accuracy of the system is then tested using real network traffic from a core internet router showing over 99% accuracy in some cases. We expand on this proposed strategy to investigate its application to real-time, early classification problems. New proposals are made and the results of real-time experiments compared to those obtained in the data mining research. To the best of our knowledge this is the first research to use host based flow identification to determine a flows application within the early stages of the connection.

AB - Data identification is a key task for any Internet Service Provider (ISP) or network administrator. As port fluctuation and encryption become more common in P2P traffic wishing to avoid identification, new strategies must be developed to detect and classify such flows. This paper introduces a new method of separating P2P and standard web traffic that can be applied as part of a data mining process, based on the activity of the hosts on the network. Unlike other research, our method is aimed at classifying individual flows rather than just identifying P2P hosts or ports. Heuristics are analysed and a classification system proposed. The accuracy of the system is then tested using real network traffic from a core internet router showing over 99% accuracy in some cases. We expand on this proposed strategy to investigate its application to real-time, early classification problems. New proposals are made and the results of real-time experiments compared to those obtained in the data mining research. To the best of our knowledge this is the first research to use host based flow identification to determine a flows application within the early stages of the connection.

UR - http://www.scopus.com/inward/record.url?scp=80052074576&partnerID=8YFLogxK

U2 - 10.1145/1961659.1961661

DO - 10.1145/1961659.1961661

M3 - Article

VL - 5

JO - ACM Transactions on the Web

JF - ACM Transactions on the Web

SN - 1559-1131

IS - 2

M1 - 7

ER -

Host-based P2P flow identification and use in real-time

Abstract

Bibliographical note

ASJC Scopus subject areas

Access to Document

R1118ECI: Centre for Secure Information Technologies (CSIT)

Cite this