The contents of this legacy page are no longer maintained nor supported, and are made available only for historical purposes.

Bibliography Details

S. Sen, O. Spatscheck, and D. Wang, "Accurate Scalable In-Network Identification of P2P Traffic", in World Wide Web (WWW) Conference, May 2004.

Accurate Scalable In-Network Identification of P2P Traffic
Authors: S. Sen
O. Spatscheck
D. Wang
Published: World Wide Web (WWW) Conference, 2004
URL: http://www.iw3c2.org/WWW2004/docs/1p512.pdf
Entry Dates: 2009-02-06
Abstract: The ability to accurately identify the network traffic associated with different P2P applications is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, service differentiation, etc. However, traditional traffic to higher-level application mapping techniques such as default server TCP or UDP network-port based disambiguation is highly inaccurate for some P2P applications. In this paper, we provide an efficient approach for identifying the P2P application traffic through application level signatures. We first identify the application level signatures by examining some available documentations, and packet-level traces. We then utilize the identified signatures to develop online filters that can efficiently and accurately track the P2P traffic even on high-speed network links. We examine the performance of our application-level identification approach using five popular P2P protocols. Our measurements show that our technique achieves less than 5% false positive and false negative ratios in most cases. We also show that our approach only requires the examination of the very first few packets (less than 10 packets) to identify a P2P connection, which makes our approach highly scalable. Our technique can significantly improve the P2P traffic volume estimates over what pure network port based approaches provide. For instance, we were able to identify 3 times as much traffic for the popular Kazaa P2P protocol, compared to the traditional port-based approach.
Results:
  • datasets: two full packet traces 1)Internet Access Trace, collect on an access network to a major backbone and contains typical Internet traffic,a 24 hour period on a Tuesday in Novermber 2003 and a 18 hour period on a Sunday in Novermber 2003; 2)VPN(Virtual Private Network), collected on a T3(45 Mbps) link connecting a VPN containning 500 employees to the Internet.
  • use application level signtures; very first few packets(less than 10 packets);
  • achieves less than 5% false positive and false negative ratios; able to identify 3 times as much traffic for the popular Kazaa P2P protocol, compared to the ytraditional port-based approach.