Consistency, Accuracy, and Usefulness of Techniques and Tools for Network Traffic Identification
Présenté par Tomasz Bujlow, Aalborg University in Denmark
14 mai 2014 à 14h salle G09 à TELECOM Sudparis à Evry (91)
Classification of computer network traffic rapidly increased its significance during the last years, becoming a key aspect of many network related tasks. Therefore, many different classification methods and tools were developed or are under development. Testing of the accuracy of the classifiers become a challenging issue, as it requires possession of clean data samples from various applications, which is challenging, as various classifiers output the results on different levels. There are, however, many publications, which try to deal with this problem in one or another way. While most researchers focus on the precision and/or coverage of the obtained results, we will try to uncover a nearly forgotten aspect – which results are really meaningful. The presentation goes through several important traffic identification techniques, including port-based classification, QoS-based classification, Deep Packet Inspection, statistical methods, and host-based traffic monitoring. Advantages, disadvantages, and possible result levels obtained from each of these techniques are described and evaluated. The topic of Deep Packet Inspection is treated more thoroughly and includes code examples. The presentation finishes by introducing various methods for the evaluation of network traffic classifiers and obtaining reliable ground-truth dataset.
Tomasz Bujlow :
Tomasz Bujlow is a Ph.D. Student in the Department of Electronic Systems at Aalborg University in Denmark. He received his Master of Science in Computer Engineering from Silesian University of Technology in Poland in 2008, specializing in Databases, Computer Networks and Computer Systems. Previously, he obtained his Bachelor of Computer Engineering from University of Southern Denmark in 2009, specializing in software engineering and system integration. His research interests include methods for traffic classification in computer networks. He is also a Cisco Certified Network Professional (CCNP) since 2010.