Pipeline Publishing, Volume 3, Issue 4
This Month's Issue: 
New Frontiers 
download article in pdf format
last page next page
Skype:
The Future of Traffic Detection and Classification
back to cover

article page | 1 | 2 | 3

Solution: Traffic Classification in the Dark

“Traffic classification in the dark” is a particularly effective protocol detection technique that involves the “pipelining” of two different detection applications: the first based on a payload-signature model and the second based on a behavioral-signature model. In this method, all TCP and UDP streams are processed first by the payload-signature application. If no match with current known signatures is found, the stream is then forwarded to the behavioral-signature application that analyzes the characteristics of the packet streams and very accurately detects even the most complex Internet Applications.

Payload-signature model: TCP and UDP streams of packets are processed first by the payload-signature application. The payload of each incoming packet is matched against a large set of constantly signatures. A match is achieved using proprietary algorithms that guarantee excellent performance at very high-speed (up to OC48). The majority of standard protocols (and their associated applications) are promptly classified by this application.

Behavioral-signature model: Any TCP and UDP streams not classified by the Payload-signature application are forwarded to the Behavioral-signature application. Streams of packets with encrypted payloads, emerging P2P protocols for which a signature is not available, or multimedia applications using proprietary technologies (such as VoIP, Video, Gaming, File Transfer, Chat, etc) fall into this family.

"...new entropy-based classification methods such as “traffic classification in the dark” offer great promise to network managers..."

The Behavioral-signature application profiles the behavior of hosts at different levels by exploring its social level (hosts that it communicates with), its functional level (servers vs. clients vs. peer-nodes), its application level (transport layer interactions between particular hosts on specific ports) and specific dynamics, with the intent to identify the application of origin.

 

Comptel
INDUSTRY PARTNER

 

As P2P services such as Skype continue to evolve, and find new ways to avoid detection, new entropy-based classification methods such as “traffic classification in the dark” offer great promise to network managers who wish to manage these services to ensure the health and profitability of their networks.  

 
 




article page | 1 | 2 | 3
last page back to top of page next page
 

© 2006, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding
the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.