Home arrow RECIPE
RECIPE Print E-mail
Written by Alessandro Amirante   
Dec 19, 2007 at 11:08 PM

Robust and Efficient traffic Classification in IP nEtworks


Correct and efficient classification of network traffic according to application layer protocols is essential for most network management, resource allocation, network anomaly detection and security. The main goal of this project is then to design and develop robust and efficient traffic classification tools for IP networks. Provided tools will be tested over real traffic coming from real networks. A number of traffic traces will be made publicly and freely available through the project web-site.Traffic classification techniques will be also applied in the context of network security, for improving the performance of existing Intrusion Detection Systems (IDS) based on anomaly detection techniques, and for developing a network-based Intrusion Prevention Systems (NIPS).

The proposed tools should be able to classify IP traffic according to the application-level protocols in robust and efficient fashion overcoming the typical limitations of current port-based and payload-based traffic classification mechanisms. Here robust means that the classification results should not change if the observed flow deviates from the protocol specifications in terms of payload – and that it should be possible to classify tunneled and even encrypted traffic. To this end we must exploit statistical properties that can be derived by the analysis of network traffic generated by different applications. Several statistical and signal processing techniques will be used for this purpose, as well as different traffic analysis approaches (e.g. packet-level, flow-level, etc.).

As regards classification algorithms, both statistical and soft-computing techniques will be investigated and adopted by the research units. Information fusion approaches will allow taking advantage of their complementarity.

With the term efficient, we mean that the proposed tools should be able to work at wire speed on backbone links. To guarantee efficient and robust classifiers ad-hoc hardware architectures (i.e. Network Processors) will be also taken into consideration. Part of the project, in fact, will consist in the optimization of the developed algorithms in order to implement the classifier on top of a Network Processor platform. More deeply, the main bottlenecks of Network Processors will be analyzed and the algorithm will be modified and optimized depending on the obtained results. Indeed analysis of the parallelism degree of the classification algorithm in respect to the architectural features of Network Processors will be performed.

As side effect of the classification tools planning and implementation, other valuable results that will be achieved during the project can be summarized in the following way:


(i) Provided tools will be tested over real traffic coming from real networks. A number of traffic traces will be made publicly and freely available through the project web-site.


(ii) In order to provide traffic traces two activities are needed. The first involves the deployment of efficient and wire-speed packet trace capturing architectures. The second will be focused on the development of tools for traffic sanitization and anonymization to protect the privacy of the offering institute. Every tool will be made publicly available.


(iii) Tools for extracting and analyzing statistical properties of traffic at packet-level will be developed, as well as traffic characterization methodologies and techniques.


(iv) Developed traffic classification techniques will be applied for improving the performance of existing Intrusion Detection Systems (IDS) based on anomaly detection techniques, or for developing a new IDS.


(v) Developed traffic classification techniques will be applied to the specific context of network-based Intrusion Prevention Systems (NIPS), which require accurate decisions in real-time, as soon as the first few packets of a new flow are detected.


A further goal of the project will be the dissemination of the main results in the international scientific community, both academic and industrial, improving the dissemination of acquired knowledge, advertising the results, and giving a contribution to the free diffusion of software and knowledge sharing. In addition to the submission of the obtained results to journals and conferences, a final workshop at the end of the project will be organized.

Finally, we foresee that a public-domain archive (web site) will be made available to researchers all over the world, containing raw and elaborated experimental data. On these data, the researchers will be able to perform statistical analyses and verify theoretical models. In this way, the results of this project will be useful to researcher being outside the RU involved in the project. On the same website measurement, data acquisition and traffic analysis modules developed during the project will be made available.

Last Updated ( Dec 19, 2007 at 11:13 PM )
Ongoing Projects
Content
OneLab
NetQoS
COSMIC
RECIPE
ESALAB
INTERSECTION
NADIR
COST-TMA
Old Projects
E-Next
Quasar
WebMinds
EASEL
GUARDIANS
CADENUS
INTERMON
E-NET
NICE
RENAISSANCE
GESTALT
ESPRIT
BRAIN