Marios Iliofotou, University of California, Riverside

Location :

Thomson
46 Quai A. Le Gallo
92648 Boulogne Cedex

Abstract :

Monitoring network traffic and detecting applications has become a challenging problem, 
since many applications obfuscate their traffic (e.g., by using unregistered port numbers). Apart 
from some notable exceptions, most traffic monitoring tools use two types of
approaches: (a) keeping traffic statistics such as packet sizes and inter-arrivals, flow counts, byte 
volumes, etc., or (b) analyzing packet content. In our work, we propose the use of Traffic Dispersion 
Graphs (TDGs) as a way to monitor, analyze, and visualize network traffic. TDGs represent the 
network-wide communications of hosts ("who talks to whom"), where the edges can be defined 
to represent different interactions (e.g. the exchange of a certain number or type of packets). 
Using TDGs, we develop a traffic classification framework dubbed Graption ({Grap}h-based 
classifica{tion}).  Our framework provides a systematic way to exploit network-wide behavior, 
flow-level characteristics, and data mining techniques.  As a proof of concept, we instantiate 
our framework to detect P2P applications, and show that it can identify P2P traffic with recall and 
precision greater than 90% in backbone traces, which are particularly challenging for other methods.

Host :