Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
Concept
Traffic classification
Summary
Traffic classification is an automated process which categorises computer network traffic according to various parameters (for example, based on port number or protocol) into a number of traffic classes. Each resulting traffic class can be treated differently in order to differentiate the service implied for the data generator or consumer.
Packets are classified to be differently processed by the network scheduler. Upon classifying a traffic flow using a particular protocol, a predetermined policy can be applied to it and other flows to either guarantee a certain quality (as with VoIP or media streaming service) or to provide best-effort delivery. This may be applied at the ingress point (the point at which traffic enters the network, typically an edge device) with a granularity that allows traffic management mechanisms to separate traffic into individual flows and queue, police and shape them differently.
Classification is achieved by various means.
Fast
Low resource-consuming
Supported by many network devices
Does not implement the application-layer payload, so it does not compromise the users' privacy
Useful only for the applications and services, which use fixed port numbers
Easy to cheat by changing the port number in the system
Inspects the actual payload of the packet
Detects the applications and services regardless of the port number, on which they operate
Slow
Requires a lot of processing power
Signatures must be kept up to date, as the applications change very frequently
Encryption makes this method impossible in many cases
Matching bit patterns of data to those of known protocols is a simple widely used technique. An example to match the BitTorrent protocol handshaking phase would be a check to see if a packet began with character 19 which was then followed by the 19-byte string 'BitTorrent protocol'.
A comprehensive comparison of various network traffic classifiers, which depend on Deep Packet Inspection (PACE, OpenDPI, 4 different configurations of L7-filter, NDPI, Libprotoident, and Cisco NBAR), is shown in the Independent Comparison of Popular DPI Tools for Traffic Classification.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.