Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th conference on World Wide Web - WWW '04
The ability to accurately identify the network traffic associated with different P2P applications is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, service differentiation, etc. However, traditional traffic to higher-level application mapping techniques such as default server TCP or UDP network-port based disambiguation is highly inaccurate for some P2P applications. In this paper, we provide an efficient
... de an efficient approach for identifying the P2P application traffic through application level signatures. We first identify the application level signatures by examining some available documentations, and packet-level traces. We then utilize the identified signatures to develop online filters that can efficiently and accurately track the P2P traffic even on high-speed network links. We examine the performance of our application-level identification approach using five popular P2P protocols. Our measurements show that our technique achieves less than ¢ ¡ false positive and false negative ratios in most cases. We also show that our approach only requires the examination of the very first few packets (less than £ ¥ ¤ packets) to identify a P2P connection, which makes our approach highly scalable. Our technique can significantly improve the P2P traffic volume estimates over what pure network port based approaches provide. For instance, we were able to identify ¦ times as much traffic for the popular Kazaa P2P protocol, compared to the traditional port-based approach.