About

At a glance

Grant: nr 2011/01/N/ST6/07202, funded by the Polish National Science Centre
Project name: Multilevel traffic classification in the Internet
Polish name: Wielopoziomowa klasyfikacja ruchu w sieci Internet
Time: 7 Dec 2011 - 6 Dec 2013 (closed)
Principal investigator: Paweł Foremski, MSc Eng., IITiS PAN, email: <pjf [at] iitis.pl>
Research supervisor: Prof. Michele Pagano, University of Pisa, email: <m.pagano [at] iet.unipi.it>

Introduction

The Internet has been constantly evolving since its inception. For more than a decade it has been growing in capacity and versatility with a great pace, often requiring the Internet Service Providers to update and extend their infrastructure in a timely manner.

These changes are connected with the inventions of new kinds of computer software, which in turn generate new types of network traffic. However, the fundamental protocol of the Internet – the IP protocol – does not provide a robust and universal mean to differentiate one traffic type from another. Thus, identification of a particular application in Internet transmissions is not a trivial task, yet it is very important.

For instance, a typical Internet end-user demands a safe and fast Internet access. An Internet Service Provider which is to fulfil such a requirement must be able to monitor the traffic for potential threats and to impose a proper prioritization on the traffic. Moreover, there are political and research organizations which monitor the global Internet. Observing the share of P2P traffic in Internet transmissions of a particular country could reveal trends in its society. Work in these areas cannot be done without a reliable source of information.

A fundamental question remains: given an Internet transmission, what is the name of application that produced it? This is the problem of traffic classification.

Project goals

Project goal is development of an Internet traffic classification system working in real-time. Fundamental research is planned on simultaneous usage of diverse levels of traffic features. The system will be able to determine kind of traffic, identify particular applications and highlight potential security threats.

Project will bring two key innovations to traffic classification science: a new performance evaluation utility and a classification decision combiner, able to provide detailed information and to signal traffic anomalies.

Project results will be computer software implementing the system and research documentation, in a form of scientific publications. New improvements to traffic classification research - and usage in general - are expected to be found.

Schedule

Start	End	Task
Dec 2011	Mar 2012	Collecting IP traffic samples for performance evaluation. Work on a research method for automatic collection of traffic samples on the level of operating system. Software implementation. Preparation of research tools for next task.
Apr 2012	Sep 2012	Survey and comparison of existing classification algorithms for usage in the research project.
Oct 2012	May 2013	Development of the key classification and anomaly signalization method by decision integration. Implementation prototype and preliminary performance evaluation.
June 2013	Aug 2013	Final software implementation of the system.
Sep 2013	Sep 2013	System performance evaluation.
Oct 2013	Nov 2013	Summary. Evaluation of the level of project goals fulfillment, suggestions for future research. Popularization of the results.

Deliverables

Research tool: a C library for capturing application network traffic using the Linux ptrace function.
Method for automated capture of network traffic samples from a particular application.
Survey and comparison of existing traffic classification methods.
Development of traffic classification and anomaly detection methods by combining multiple views on the traffic.
Implementation of the methods developed in the project as software running under Linux.
Publication of articles on findings of the project.

MuTriCs: Multilevel Traffic Classification

The project