As part of a broader organisational restructure, data networking research at Swinburne University of Technology has moved from the Centre for Advanced Internet Architecture (CAIA) to the Internet For Things (I4T) Research Lab.

Although CAIA no longer exists, this website reflects CAIA's activities and outputs between March 2002 and February 2017, and is being maintained as a service to the broader data networking research community.

Inverted Capacity Extended Engineering Experiment (ICE3)

Traffic Classification

Traffic classification is often mentioned in the context of prioritisation. On non-broadband links, prioritisation was unimportant as the link capacity was too low to truly support multiple concurrent network flows. As broadband became more widely adopted, through the availability of ADSL and DOCSIS technologies, managing network traffic became more important. Concurrent networked applications often interacted with each other causing both real, and user-perceived, issues with network and application performance. These issues became evident when traffic was competing for the contrained bandwidth over the broadband last-mile link.

In order to improve outcomes for both network operators and users, prioritisation schemes would be deployed to manage which traffic had priority when accessing the constrained link.

It could be argued that in a high-speed broadband environment traffic classification and subsequent prioritisation is no longer relevant, however their are many reasons that traffic classification is still a useful tool.

Classification and Prioritisation in a High-Speed Broadband Environment

In an ICE3-type environment, the last-mile link may no longer be the bottleneck link. This does not imply that bottlenecks no longer exist in the network, just that they move to an alternate location, possibly bringing a new set of issues. We expect that it may still be relevant to deploy traffic prioritisation schemes within the networks of the future.

Even so, there will always be scope for obtaining an understanding of what applications are running over existing and future network links. A better understanding will lead to better management of existing networks, and planning for future deployments.

Classification for Analysis Purposes

We have previously discussed why we need to perform an analysis on network traffic how we can process the data. However as more bandwidth becomes available to users, new types of networked applications - beyond web and email - are becoming more prevalent.

These applications include real-time media based applications (such as VoIP and Skype), gaming applications, and Peer-2-Peer (P2P) applications (such as BitTorrent). These newer applications also use more complex protocols, that often deploy random port numbers and encrypted data payloads (for privacy and security reasons). This means that it can be difficult to determine which network traffic is generated by these applications.

We need to turn to more advanced traffic classification - some of which have been developed by CAIA - using Machine Learning techniques. These techniques allow for classification of unknown traffic, without having to analyse the packet contents in detail to determine the generating application type. This also means that less processing power is required to perform the analysis.

The outcomes of traffic classification can be used to allocate traffic to different applications and application types on the network. This information can be used to:

  • Further investigate how different application classes interact with each other in different parts of the network
  • Better determine which applications are being used in the network
  • Observe how the availability of high-speed broadband changes the mix of network traffic generated

Traffic Classification Using Machine Learning Techniques

Applications such as Skype and BitTorrent utilise random port numbers and may encrypt data payloads. This makes it impossible to classify traffic based solely on source/destination information, or on the contents of the network communications. As such, we have to consider alternate means to determine which application class the network traffic belongs to.

CAIA has pioneered work into real-time classification of network traffic using statiscal based Machine Learning techniques. Using this approach, statistical properties of known application class traffic are calculated to obtain a "fingerprint" of the traffic properties. This fingerprint is then provided to a Machine Learning tool in a Training Stage to build a classifier. Later, we calculate the same statistical properties of unknown traffic which the previously built classifier can use to determine which application generated the traffic.

This approach was later modified to enable classification before the network flow had terminated, essentially allowing real-time, or near real-time, classification. The initial work in this area was performed by Dr. Thuy Nguyen as part of her PhD. This work has been further developed in a number of projects undertaken at CAIA:

  • DSTC - Is a Cisco funded (URP) program to explore the potential of using Machine Learning techniques to develop a dyanmic traffic classification system
  • ANGEL - Within the scope of the SIT-CRC funded by the Australian government, ANGEL provides a prototype distributed traffic classification system that can use a generic ML-based classifier to classify unknown traffic and provide instruction to registered nodes (typically gateway routers/modems) to automatically prioritise flows which match a particular classification
  • LIFE - Looks primarily at Lawful Interception on network traffic. A lot of the work on Skype and VoIP classification also finds a home here
  • DIFFUSE - Is a Cisco funded (URP) program to build a practical implementation of a traffic classification and prioritisation framework for the FreeBSD Operating System.
Within the scope of ICE3, we are currently using these traffic classification techniques to develop models to successfully classify BitTorrent, Skype and other VoIP network traffic.

Last Updated: Monday 29-Aug-2011 12:04:37 AEST | Maintained by: Jason But (jbut@swin.edu.au) | Authorised by: Grenville Armitage ( garmitage@swin.edu.au)