Go to OpenReview Archive homepageGraption: Graph-based P2P Traffic Classification Framework for the Internet Backbone
Abstract: Monitoring network traffic and classifying applications are essential functions for network
administrators. Current traffic classification methods can be grouped in three categories:
(a) flow-based (e.g., packet sizing/timing features), (b) payload-based, and (c) host-based.
Methods from all three categories have limitations, especially when it comes to detecting
new applications, and classifying traffic at the backbone. In this paper, we propose the use
of Traffic Dispersion Graphs (TDGs) to remedy these limitations. Given a set of flows, a TDG
is a graph with an edge between any two IP addresses that communicate; thus TDGs capture network-wide interactions. Using TDGs, we develop an application classification
framework dubbed Graption (Graph-based classification). Our framework provides a systematic way to classify traffic by using information from the network-wide behavior and
flow-level characteristics of Internet applications. As a proof of concept, we instantiate
our framework to detect P2P traffic, and show that it can identify 90% of P2P flows with
95% accuracy in backbone traces, which are particularly challenging for other methods.
Loading