Independent comparison of popular DPI tools for traffic classification

@article{Bujlow2015IndependentCO,
  title={Independent comparison of popular DPI tools for traffic classification},
  author={Tomasz Bujlow and Valent{\'i}n Carela-Espa{\~n}ol and Pere Barlet-Ros},
  journal={Comput. Networks},
  year={2015},
  volume={76},
  pages={75-89}
}

Tables from this paper

PGSM-DPI: Precisely Guided Signature Matching of Deep Packet Inspection for Traffic Analysis

  • Haonan YanHui Li Fenghua Li
  • Computer Science
    2019 IEEE Global Communications Conference (GLOBECOM)
  • 2019
This paper proposes a novel method from a different angle called Precisely Guided Signature Matching (PGSM), which uses supervised learning to automate the rules of specific protocol in PGSM to reduce the number of aimless matches in DPI.

DPI Solutions in Practice: Benchmark and Comparison

An evaluation of the performance of four open-source Deep Packet Inspection (DPI) solutions, namely nDPI, Libprotoident, Tstat and Zeek, and confirms that DPI solutions still perform satisfactorily for well-known protocols, but struggle with some P2P traffic and security scenarios.

QCF for deep packet inspection

A new variant of membership query data structure, called quotient-based Cuckoo filter (QCF), that reflects a merging process between QF and CF to minimise the calculation overhead and employing it in a DPI system is proposed.

FlowPic: A Generic Representation for Encrypted Traffic Classification and Applications Identification

This work introduces a novel approach for encrypted Internet traffic classification and application identification by transforming basic flow data into an intuitive picture, a FlowPic, and then using known image classification deep learning techniques, CNNs, to identify the flow category and the application in use.

Clustering-based separation of media transfers in DPI-classified cellular video and VoIP traffic

It is shown that the majority of flows falls into clusters that are easily identifiable as belonging to one of the traffic sub-groups, and that a surprising majority of DPIlabeled VoIP and video traffic is non-media related.

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

A systematic review is introduced based on the steps to achieve traffic classification by using ML techniques to identify the procedures followed by the existing works to achieve their goals and to outline future directions for ML-based traffic classification.

Improving Network Security - A Comparison between nDPI and L7-Filter

This research recommends the use of nDPI and L7-filter by network administrators on existing open source firewalls and concludes that the development of next-generation deep packet inspection is important for the future of system and network security.

Using Burstiness for Network Applications Classification

A novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic.

A Deep Learning-Based Encrypted VPN Traffic Classification Method Using Packet Block Image

A traffic classification method based on deep learning is provided, where the concept of Packet Block is proposed, which is the aggregation of continuous packets in the same direction, and the accuracy is higher than the state-of-the-art methods.
...

References

SHOWING 1-10 OF 47 REFERENCES

Extended Independent Comparison of Popular Deep Packet Inspection (DPI) Tools for Traffic Classification

This report introduced and shortly describing several well-known DPI tools, which later will be evaluated: PACE, OpenDPI, L7-filter, NDPI, Libprotoident, and NBAR, and implemented a heuristic method for detection of non-HTTP flows, which belong to the specific services.

PortLoad: Taking the Best of Two Worlds in Traffic Classification

A novel approach to traffic classification - named PortLoad - that takes the advantages of both worlds: the speed, simplicity and reduced invasiveness of port-based approaches, on one side, and the classification accuracy of DPI on the other one.

Measuring the accuracy of open-source payload-based traffic classifiers using popular Internet applications

  • S. AlcockR. Nelson
  • Computer Science
    38th Annual IEEE Conference on Local Computer Networks - Workshops
  • 2013
The results show that nDPI and libprotoident provide the highest accuracy among the evaluated traffic classifiers, whereas L7 Filter is unreliable and should not be used as a source of ground truth.

On Detection Accuracy of L7-filter and OpenDPI

  • Chaofan ShenLeijun Huang
  • Computer Science
    2012 Third International Conference on Networking and Distributed Computing
  • 2012
This paper analyzes the architectures of two popular open-source DPI solutions, L7-filter and OpenDPI, along with their capabilities and limitations, and presents an extension to L 7-filter-U, which improves the detection accuracy on UDP flows.

Is Our Ground-Truth for Traffic Classification Reliable?

The results present PACE, a commercial tool, as the most reliable solution for ground-truth generation, however, among the open-source tools available, NDPI and especially Libprotoident, also achieve very high precision, while other, more frequently used tools are not reliable enough and should not be used in their current form.

Performance of OpenDPI in Identifying Sampled Network Traffic

This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, with sampled network traffic, and some conclusions are drawn to show how far DPI methods could be optimised through traffic sampling.

Reviewing Traffic Classification

The main trend in the field of traffic classification is discussed, some of the main proposals of the research community are described and two examples of behavioral classifiers are developed: both use supervised machine learning algorithms for classifications, but each is based on different features to describe the traffic.

On the Performance of OpenDPI in Identifying P2P Truncated Flows

The present paper discusses this tradeoff and provides some recommendations on the number of packets to be inspected for the detection of peer to peer flows and some other common application protocols, and proposes a new sampling approach, which accommodates samples to the stateful, taking into consideration the characteristics of the protocols being classified.

Internet traffic classification demystified: myths, caveats, and the best practices

This work critically revisit traffic classification by conducting a thorough evaluation of three classification approaches, based on transport layer ports, host behavior, and flow features, and extracts insights and recommendations for both the study and practical application of traffic classification.

nDPI: Open-source high-speed deep packet inspection

Network traffic analysis was traditionally limited to packet header, because the transport protocol and application ports were usually sufficient to identify the application protocol. With the advent