JOURNAL OF NETWORKS (JNW)
ISSN : 1796-2056
Volume : 4    Issue : 2    Date : April 2009

Towards the On-line Identification of Peer-to-peer Flow Patterns
Antonio Nogueira, Paulo Salvador, Andre Couto, and Rui Valadas
Page(s): 108-118
Full Text:
PDF (270 KB)


Abstract
The number and variety of IP applications have hugely increased in the last few years. Among them,
peer-to-peer (P2P) file-sharing applications have become very popular: more users are
continuously joining such systems and more objects are being made available, seducing even
more users to join. An accurate mapping of traffic to applications is important for a wide range of
network management tasks. Besides, traditional mapping approaches have become increasingly
inaccurate because many applications use non-default or ephemeral port numbers, use
well-known port numbers associated with other applications, change application signatures or use
traffic encryption. This paper proposes a framework to identify Internet applications that can be
mainly used in situations where existing identification frameworks are not efficient or can not be
used at all. The core block of the identification tool is based on neural networks and is able to
identify different flow patterns generated by various Internet applications. Neural network based
identification relies on a previous identification of the different IP applications that can be obtained
offline using any reliable method. In this way, the paper also presents a module to process IP traffic
flows and identify the underlying applications using payload analysis techniques. The identification
results obtained from this tool are used in the training phase of the neural network identification
framework. The accuracy of the identification framework was evaluated by performing a set of
intensive tests and the results obtained show that, when conveniently trained, neural networks
constitute a valuable tool to identify Internet applications while being, at the same time, immune to
the most important disadvantages presented by other identification methods.

Index Terms
Port matching, protocol analysis, semantic and syntactic analysis, neural networks, P2P
applications, traffic flows.