This paper introduces a new statistical classification technique that allows a coarse but effective estimation of the amount of bytes that different classes of protocols, such as Peer-to-Peer, web, e-mail, etc., carry over a given communication link. The technique works by observing only IP-level information and without requiring the reconstruction of transport-layer sessions, making it amenable to the monitoring of both clear-text and encrypted traffic aggregates. Results of practical experiments demonstrate that our coarse classifier can estimate with reasonable accuracy the amount of bytes carried on a communication link by a given traffic class both cumulatively and punctually, i.e., over both long and short time periods. Furthermore, preliminary results demonstrate the effectiveness of the technique in monitoring encrypted links, albeit under restrictive assumptions.
Mendeley saves you time finding and organizing research
Choose a citation style from the tabs below