Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

An Algorithm to Detect P2P Heavy Traffic based on Flow Transport Characteristics

플로우 전달 특성 기반의 P2P 헤비 트래픽 검출 알고리즘

  • Received : 2009.07.06
  • Accepted : 2010.05.11
  • Published : 2010.10.15
Download PDF
⟨ Previous Next ⟩

Abstract

Nowadays, transmission bandwidth for network traffic is increasing and the type is varied such as peer-to-peer (PZP), real-time video, and so on, because distributed computing environment is spread and various network-based applications are developed. However, as PZP traffic occupies much volume among Internet backbone traffics, transmission bandwidth and quality of service(QoS) of other network applications such as web, ftp, and real-time video cannot be guaranteed. In previous research, the port-based technique which checks well-known port number and the Deep Packet Inspection(DPI) technique which checks the payload of packets were suggested for solving the problem of the P2P traffics, however there were difficulties to apply those methods to detection of P2P traffics because P2P applications are not used well-known port number and payload of packets may be encrypted. A proposed algorithm for identifying P2P heavy traffics based on flow transport parameters and behavioral characteristics can solve the problem of the port-based technique and the DPI technique. The focus of this paper is to identify P2P heavy traffic flows rather than all P2P traffics. P2P traffics are consist of two steps i)searching the opposite peer which have some contents ii) downloading the contents from one or more peers. We define P2P flow patterns on these P2P applications' features and then implement the system to classify P2P heavy traffics.

최근 분산 컴퓨팅 환경이 확대되고 네트워크 기반의 응용프로그램이 다양하게 개발됨에 따라 네트워크 트래픽이 증가되고 있으며, 트래픽 종류도 P2P(Peer to Peer), 실시간 동영상등과 같이 다양해지고 있다. 네트워크 트래픽 중에서 P2P 트래픽이 지속적으로 증가되면서 많은 대역폭을 차지하고 있기 때문에 웹, 파일 전송 및 실시간 동영상등과 같은 다른 네트워크 응용프로그램의 서비스 품질을 보장하지 못하는 상황이 빈번하게 발생하고 있다. P2P 트래픽으로 인한 문제점을 해결하기 위해 기존에 포트 기반의 P2P 트래픽 검출 기법과 패킷들의 내용을 검사하는 DPI(Deep Packet Inspection) 방식의 검출 기법들이 제시되었으나 최근의 P2P 용용프로그램들이 고정된 포트를 사용하지 않으며, 패킷들의 내용을 암호화하여 전송함으로써 기존의 연구 방법을 P2P 트래픽 검출에 적용하기가 어려운 상황이다. 본 논문에서는 기존의 포트 기반의 P2P 트래픽 검출 기법과 DPI 기법의 문제점들을 해결할 수 있는 플로우(flow) 매개 변수의 상관 관계를 이용한 플로우 전달 특성 기반의 P2P Heavy 트래픽 검출 알고리즘을 제시한다. 본 논문에서 제시하는 알고리즘은 P2P 트래픽 중에서 네트워크 대역폭을 가장 많이 차지하는 컨텐츠 다운로드 P2P 트래픽을 검출하는 것이다. P2P 트래픽은 컨텐츠를 가지고 있는 상대 노드(Peer)들을 검색하는 단계와 검색된 노드들 중에 하나 이상의 노드로부터 컨텐츠를 다운로드하는 단계로 이루어진다. 이러한 P2P 응용프로그램들의 특성을 P2P 플로우 패턴으로 정의하고 이를 기반으로 P2P Heavy 트래픽을 검출하는 알고리즘을 개발하였다.

Keywords

References

  1. CoralReef. http://www.caida.org/tools/measurement/coralreef/
  2. T. Choi, C. Kim, S. Yoon, J. Park, B. Lee, H. Kim, and H. Chung, "Content-aware internet application traffic measurement and analysis," IEEE/IFIP NOMS, April 2004.
  3. P. Haffner, S. Sen, O.Spatscheck, and D.Wang, "Automataed construction of applicatin signatures," ACM SIGCOMM MineNet Workshop, August 2005.
  4. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "Multilevel traffic classification in the dark," ACM SIGCOMM, August 2005.
  5. A. Moore and K. Papagiannaki, "Toward the accurate identification of network applications," PAM, April 2005.
  6. S. Sen, O, Spatscheck, and D. Wang, "Accurate, scalable in-network identification of p2p traffic using application signatures," WWW, May 2004.
  7. M. Iliofotou, P. Pappu, M. Faloutsos, M. Mitzenmacher, S. Singh, and G. Varghese, "Network monitoring using traffic dispersion graphs," ACM IMC, October 2007.
  8. T. Karagiannis, A. Broido, M. Faloutsos, and kc claffy, "Transport layer identification of p2p traffic," ACM IMC, October 2004.
  9. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "Multilevel traffic classification in the dark," ACM IMC, August 2005.
  10. A. McGregor, M. Hall, P. Lorier, and J. Brunskill, "Flow clustering using machine learning techniques," PAM, April 2004.
  11. A. McGregor, M. Hall, P. Lorier, and J. Brunskill, "Flow clustering using machine learning techniques," PAM, April 2004.
  12. A. Moore and D. Zuev, "Internet traffic classification using Bayesian analysis techniques," ACM SIGMETRICS, June 2005.
  13. M. Roughan, S. Sen, O. Spatscheck, and N. Duffield, "Class-of-service mapping for qos: a statistical signature-based approach to ip traffic classification," ACM IMC, October 2004.
  14. L. Bernaille, R.Teixeira, and K. Salamatian, "Early application identification," ACM CoNEXT, December 2006.
  15. J. Erman, M. Arlitt, and A. Mahanti, "Traffic Classification Using Clustering Algorithm," ACM SIGCOMN MineNet Workshop, September 2006.
  16. J. Erman, M. Arlitt, and A. Mahanti, "Traffic Classification Using Clustering Algorithm," ACM SIGCOMN MineNet Workshop, September 2006.
  17. T. Auld, A. W. Moore, and S. F. Gull, "Bayesian neural networks for internet traffic classification," IEEE Transactions on Neural Networks, vol.18, no.1, pp.223-239, January 2007.
  18. M. Crotti, M. Dusi, F. Gringoli, and L. Salgarelli, "Traffic classification through simple statistical fingerprinting," ACM SIGCOMM CCR, vol.37, no.1, pp.7-16, January 2007.
  19. S. Zander, T. Nguyen, and G. Armitage, "Automated traffic classification and application identification using machine learning," IEEE LCN, November 2005.
  20. J. Erman, A. Mahanti, M. Arlitt, I. Cohen, and C. Williamson, "Offline/Realtime Traffic Classification Using Semi-Supervised Learning," IFIP Performance, October 2007.
  21. N. Williams, S. Zander, and G. Armitage, "A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification," ACM SIGCOMM CCR, vol.36, no.5, pp.7-15, October 2006. https://doi.org/10.1145/1111322.1111326
  22. Z. Li, R. Yuan, and X. Guan, "Accurate Classification of the Internet Traffic Based on the SVM Method," ICC, June 2007
  23. Cisco, White Pagers, "NetFlow Service and Application," http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm