Towards Accurate Network-Traffic Characterization
Andrew Moore
Accurate traffic classification is the keystone of numerous other network
activities, from security monitoring to accounting, and from Quality of
Service to providing operators with useful forecasts for long-term
provisioning. Well-known port numbers can no longer be used to reliably
identify network applications. There is a variety of new Internet
applications that either do not use well-known port numbers or use other
protocols, such as HTTP, as wrappers in order to go through firewalls
without being blocked. One consequence of this is that a simple inspection
of the port numbers used by flows may lead to the inaccurate classification
of network traffic.
With a motivation to provide accurate traffic characterization this talk
will cover issues of network monitoring, the challenges of traffic
characterization and discuss some results gained using both labour-intensive
and more broadly-applicable techniques.
|