The contents of this legacy page are no longer maintained nor supported, and are made available only for historical purposes.

Bibliography Details

H. Kim, K. Claffy, M. Fomenkova, N. Browlee, D. Barman, and M. Faloutsos, "Comparison of Internet Traffic Classification Tools", in IMRG WACI 2007, Oct 2007.

Comparison of Internet Traffic Classification Tools
Authors: H. Kim
K. Claffy
M. Fomenkova
N. Browlee
D. Barman
M. Faloutsos
Published: IMRG WACI, 2007
URL: http://www.icir.org/imrg/waci07/docs/waci-3-abs.pdf
Entry Dates: 2009-02-11
Abstract: Despite a plethora of research devoted to traffic classification adn a variety of proposed traffic classification methods, the research community still does not have definitive answers to these questions, and the task of traffic classification remains unapproachable and confusing for a practitioner. Rigorous comparison of various classification methods is challenging for three reasons. First, there is no publicly available payload trace set, so every method is evaulated using a different set of locally collected payload traces. Second, existing approaches use different techniques that rack different features, tune different parameters and use different definitions and categorization of applications. Third, more often than not, authors do not make their developed implementation codes publicly available once they publish their results. To address these challenges, we have conducted a comprehensive and coherent evaluation of three traffic classification approaches: port-based, behavior-based, and statistical. In this paper we present the result of our comparison, debunk traffic classification myths, identify caveats, and suggest practical tips.
Results:
  • datasets: seven payload traces collected at two backbone and two edge links located in US, Japan, and Korea; 1) PAIX-I,PAIX-II, backbone trace, 2004, 16 Bytes payload; 2) WIDE traces: collected on a 100 Mb/s Ethernet US-Japan transoceanic link, 2006, 40 Bytes payloads; 3) Keio-I, Keio-II: collected on a 1 Gb/s Ethernet link at Keio University Shonan-Fujisawa campus, 2006, 40 Bytes payloads; 4) KAIST-I, KAIST-II: collected on one of four exteenal links connecting a 1 Gb/s KAIST campus network to KOREN, 2006, 40 Bytes payloads;
  • evaluate 20 different machine learning algorithms;
  • analysis tools: weka
  • unique characteristics of these applications may not be captured by currently available techniques; propose to build a combined classifier where existing techniques are carefully combined based on their per-application performance;