Traffic classification with passive measurement
Abstract
This is a master thesis from a collaboration between Oslo University College and Uninett
Research. Uninett have a passive monitoring device on a 2.5 Gbps backbone link
between Trondheim and Narvik. They uses measurement with optical splitters and
specialized measuring interfaces to trace traffic with Gigabit speed. We would like to
investigate the structure and patterns in these data. It is of special interest to classify the
traffic belonging to different services and protocols.
Traffic classification enables a variety of other applications and topics, including Quality
of Service, security, monitoring, and intrusion-detection that are of use to research,
accountants, network operators and end users. The ability to accurately identify the
network traffic associated with different applications is therefore important. However,
traditional traffic to higher-level application classification techniques such as port-based
is highly inaccurate for some applications.
In this thesis, we provide an efficient approach for identifying different applications
through our classification methodology. Our results indicate that with our technique we
achieves less than 6.5% unknown type in most cases compared to the port-based which is
46.6%.
The project is divided into three phases. First we will have a look at the problems dealing
with collecting data traces in high speed network system. Second we will explore how we
can identify and classify the data into different categories. Finally we will try to analyse
our results offline.
Description
Master i nettverks- og systemadministrasjon
Publisher
Høgskolen i Oslo. Avdeling for ingeniørutdanningUniversitetet i Oslo