Identiﬁcation of peer-to-peer VoIP sessions using entropy and codec properties
Gomes, J. V.
Inácio , P. R. M. I.
IEEE Transactions on Parallel and Distributed Systems Vol. 0, Nº 0, pp. 0 - 0, June, 2013.
ISSN (print): 1045-9219
Scimago Journal Ranking: 0,84 (in 2013)
Digital Object Identifier:
Voice over Internet Protocol (VoIP) applications based on peer-to-peer (P2P) communications have been experiencing considerable growth in terms of number of users. To overcome filtering policies or protect the privacy of their users, most of these applications implement mechanisms such as protocol obfuscation or payload encryption that avoid the inspection of their traffic, making it difficult to identify its nature. The incapacity to determine the application that is responsible for a certain flow raises challenges for the effective management of the network. In this article, a new method for the identification of VoIP sessions is presented. The proposed mechanism classifies the flows, in real-time, based on the speech codec used in the session. In order to make the classification lightweight, the behavioral signatures for each analyzed codec were created using only the lengths of the packets. Unlike most previous approaches, the classifier does not use the lengths of the packets individually. Instead, it explores their level of heterogeneity in real-time, using entropy to emphasize such feature. The results of the performance evaluation show that the proposed method is able to identify VoIP sessions accurately and simultaneously recognize the used speech codec.