Ack Utilization For Traffic Classification

Network traffic classification is an essential feature for network users and administrators. It allows detailed information about the various applicatious traversing the network, thus enabling traffic shaping, accounting, anomaly detection etc.In this paper, we suggest a novel fingerprinting techmque to automatieally classify ongoing TCP and UDP flows according to the various applications which created them, thus allowing classification with high accuracy. Specifically, for TCP flows, we suggest a fingerprint based on zero-length packets, which enables efficiently classifying flows based on a single Content-Addressable. Memory (CAM) rule and a limited sample set, yet With very high accuracy. Moreover, our fingerprint is robust to network conditions such as congestion, fragmentation, delay, retransmissions, duplications and losses. For UDP flows, we utilize a similar approach based on the UDP length field.The fingerprinting schemes are evaluated on a variety of real traffic traces. Results show that the schemes attain very high accuracy. In particular, our scheme attains about 97% overall accuracy for a large variety of applications, by sampling small fraction of the traffic. The UDP scheme attains over 98% accuracy, by sampling all the UDP traffic.