Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > publications : bib : networking : entries : iliofotou08graption.xml
Bibliography Details
M. Iliofotou, P. Pappu, and M. Faloutsos, "Graption: Automated Detection of P2P Applications Using Traffic Dispersion Graphs", in Tech Report 2008, Jun 2008.
Graption: Automated Detection of P2P Applications Using Traffic Dispersion Graphs
Authors: M. Iliofotou
P. Pappu
M. Faloutsos
Published: Tech Report, 2008
Entry Dates: 2009-02-06
Abstract: Monitoring network traffic and detecting emerging P2P applications is an increasingly challenging problem since new applications obfuscate their traffic. Despite recent efforts, the problem is not yet solved and network administrators are still looking for effective and deployable tools. In this paper, we address this problem using Traffic Dispersion Graphs (TDGs), a novel way to analyze traffic. Given a set of flows, a TDG is a graph with an edge between any two IP addresses that communicate. Thus TDGs capture network-wide interactions. We start by exploring the potential of TDGs for traffic monitoring by focusing on graph metrics instead of features of individual flows. We then use TDGs to develop an application classification tool dubbed Graption (Graphbased P2P detection), which we target specifically for detecting P2P traffic. Graption begins by partitioning traffic flows into clusters based on flow-level features and without the need for application-specific knowledge. It then builds TDGs for these clusters, and uses graph metrics to identify clusters that correspond to P2P applications. Finally, we automatically extract a regular expression for a new P2P application, allowing the use of existing IDS devices and routers to block or rate-limit the detected traffic. We describe tracedriven experiments that show more than 90% precision and recall for P2P detection.
  • datasets: TR-OC48(CAIDA),TR-ABIL(Abilene Backbone),TR-PAY1(PAIX),TR-PAY2(PAIX); TR-PAY1 and TR-PAY2 contain up to 16 bytes of payload from each packet;
  • Traffic Dispersion Graphs(TDGs)
  • target specifically for detecting P2P traffic; show more than 90% precision and recall for P2P detection;
  Last Modified: Tue Jul-28-2020 14:29:20 UTC
  Page URL: