Exploring Behavioral Patterns Through Entropy in Multimedia Peer-to-Peer Traffic
Gomes, J. V.
Inácio , P.R.M.
Computer Journal Vol. 55, Nº 6, pp. 740 - 755, June, 2012.
ISSN (print): 1460-2067
ISSN (online): 0010-4620
Scimago Journal Ranking: 0,41 (in 2012)
Digital Object Identifier: 10.1093/comjnl/bxs109
The inclusion of encryption or evasive techniques in popular applications increased the importance of characterizing network traffic based on behavior. This study aims to characterize peer-to-peer (P2P) traffic from the perspective of host computers by focusing on the packet lengths. The article explores the dissimilarities between the lengths of Internet Protocol (IP) packets generated by P2P and non-P2P applications. The heterogeneity of those lengths was assessed using entropy and compared for different classes of applications, through the implementation of a sliding analysis window. Initial observations show that the lengths of the packets generated by P2P applications are more varied than those of non-P2P applications. These patterns were used to implement a method to identify hosts running P2P applications. Unlike previous studies on this area, we used the heterogeneity of the packet lengths instead of the length value per se, and a sliding window calculation procedure was adopted to allow real-time processing. The results of this study can be used for the characterization of traffic generated by P2P applications, as well as for traffic classification and management purposes.