Traffic classification with passive measurement
This is a master thesis from a collaboration between Oslo University College and Uninett Research. Uninett have a passive monitoring device on a 2.5 Gbps backbone link between Trondheim and Narvik. They uses measurement with optical splitters and specialized measuring interfaces to trace traffic with Gigabit speed. We would like to investigate the structure and patterns in these data. It is of special interest to classify the traffic belonging to different services and protocols. Traffic classification enables a variety of other applications and topics, including Quality of Service, security, monitoring, and intrusion-detection that are of use to research, accountants, network operators and end users. The ability to accurately identify the network traffic associated with different applications is therefore important. However, traditional traffic to higher-level application classification techniques such as port-based is highly inaccurate for some applications. In this thesis, we provide an efficient approach for identifying different applications through our classification methodology. Our results indicate that with our technique we achieves less than 6.5% unknown type in most cases compared to the port-based which is 46.6%. The project is divided into three phases. First we will have a look at the problems dealing with collecting data traces in high speed network system. Second we will explore how we can identify and classify the data into different categories. Finally we will try to analyse our results offline.
Pham, Phong Hoang