Robust and Efficient traffic Classification in IP nEtworks
and efficient classification of network traffic according to
application layer protocols is essential for most network management,
resource allocation, network anomaly detection and security. The main
goal of this project is then to design and develop robust and efficient
traffic classification tools for IP networks. Provided tools will be
tested over real traffic coming from real networks. A number of traffic
traces will be made publicly and freely available through the project
web-site.Traffic classification techniques will be also applied in the
context of network security, for improving the performance of existing
Intrusion Detection Systems (IDS) based on anomaly detection
techniques, and for developing a network-based Intrusion Prevention
proposed tools should be able to classify IP traffic according to the
application-level protocols in robust and efficient fashion overcoming
the typical limitations of current port-based and payload-based traffic
classification mechanisms. Here robust means that the classification
results should not change if the observed flow deviates from the
protocol specifications in terms of payload – and that it should be
possible to classify tunneled and even encrypted traffic. To this end
we must exploit statistical properties that can be derived by the
analysis of network traffic generated by different applications.
Several statistical and signal processing techniques will be used for
this purpose, as well as different traffic analysis approaches (e.g.
packet-level, flow-level, etc.).
regards classification algorithms, both statistical and soft-computing
techniques will be investigated and adopted by the research units.
Information fusion approaches will allow taking advantage of their
the term efficient, we mean that the proposed tools should be able to
work at wire speed on backbone links. To guarantee efficient and robust
classifiers ad-hoc hardware architectures (i.e. Network Processors)
will be also taken into consideration. Part of the project, in fact,
will consist in the optimization of the developed algorithms in order
to implement the classifier on top of a Network Processor platform.
More deeply, the main bottlenecks of Network Processors will be
analyzed and the algorithm will be modified and optimized depending on
the obtained results. Indeed analysis of the parallelism degree of the
classification algorithm in respect to the architectural features of
Network Processors will be performed.
side effect of the classification tools planning and implementation,
other valuable results that will be achieved during the project can be
summarized in the following way:
Provided tools will be tested over real traffic coming from real
networks. A number of traffic traces will be made publicly and freely
available through the project web-site.
In order to provide traffic traces two activities are needed. The first
involves the deployment of efficient and wire-speed packet trace
capturing architectures. The second will be focused on the development
of tools for traffic sanitization and anonymization to protect the
privacy of the offering institute. Every tool will be made publicly
Tools for extracting and analyzing statistical properties of traffic at
packet-level will be developed, as well as traffic characterization
methodologies and techniques.
Developed traffic classification techniques will be applied for
improving the performance of existing Intrusion Detection Systems (IDS)
based on anomaly detection techniques, or for developing a new IDS.
Developed traffic classification techniques will be applied to the
specific context of network-based Intrusion Prevention Systems (NIPS),
which require accurate decisions in real-time, as soon as the first few
packets of a new flow are detected.
further goal of the project will be the dissemination of the main
results in the international scientific community, both academic and
industrial, improving the dissemination of acquired knowledge,
advertising the results, and giving a contribution to the free
diffusion of software and knowledge sharing. In addition to the
submission of the obtained results to journals and conferences, a final
workshop at the end of the project will be organized.
we foresee that a public-domain archive (web site) will be made
available to researchers all over the world, containing raw and
elaborated experimental data. On these data, the researchers will be
able to perform statistical analyses and verify theoretical models. In
this way, the results of this project will be useful to researcher
being outside the RU involved in the project. On the same website
measurement, data acquisition and traffic analysis modules developed
during the project will be made available.