P2P traffic has always been a dominant portion of Internet traffic since its emergence in the late 1990s. The method used to accurately classify P2P traffic remains a key problem for Internet Service Producers (ISPs) and network managers. This paper proposes a novel approach to the accurate classification of P2P traffic at a fine-grained level, which depends solely on the number of special flows during small time intervals. These special flows, named Clustering Flows (CFs), are defined as the most frequent and steady flows generated by P2P applications. Hence we are able to classify P2P applications by detecting the appearance of corresponding CFs. Compared to existing approaches, our classifier can realise high classification accuracy by exploiting only several generic properties of flows, instead of extracting sophisticated features from host behaviours or transport layer data. We validate our framework on a large set of P2P traffic traces using a Support Vector Machine (SVM). Experimental results show that our approach correctly classifies P2P applications with an average true positive rate of above 98% and a negligible false positive rate of about 0.01%.

• 出版日期2013-11
• 单位中国人民解放军国防科学技术大学