Can multiscale traffic analysis be used to differentiate Internet applications?
Nogueira, A. N.
Telecommunication Systems Vol. 48, Nº 1-2, pp. 19 - 30, October, 2011.
ISSN (print): 1018-4864
ISSN (online): 1572-9451
Scimago Journal Ranking: 0,18 (in 2011)
Digital Object Identifier: 10.1007/s11235-010-9331-1
An accurate mapping of Internet traffic to applications can be important for a broad range of network management and measurement tasks, including traffic engineering, service differentiation, performance/failure monitoring and security. Traditional mapping approaches have become increasingly inaccurate because many applications use non-default or ephemeral port numbers, use well-known port numbers associated with other applications, change application signatures or use traffic encryption.
In this paper we will demonstrate that multiscale traffic analysis based on multi-order wavelet spectrum can be used as a discriminator of Internet applications traffic profiles. By performing clustering analysis over the multiscale wavelet spectrum coefficients that are inferred from the measured traffic, the proposed methodology is able to efficiently differentiate different IP applications without using any payload information. This characteristic will allow the differentiation of traffic flows in unencrypted and encrypted scenarios.
In order to compare the differentiating potential of different traffic application data, upload, download and joint upload and download flow statistics are considered to evaluate the identification approach for each selected protocol. Moreover, we also evaluate which timescales and spectrum orders are more relevant for the traffic differentiation.
From the analysis of the obtained results we can conclude that the proposed methodology is able to achieve good identification results using a small set of timescales of a single order wavelet spectrum of a general raw traffic statistic.