{"title":"UDP traffic classification using most distinguished port","authors":"Qianli Zhang, Yunlong Ma, Jilong Wang, Xing Li","doi":"10.1109/APNOMS.2014.6996569","DOIUrl":null,"url":null,"abstract":"Comparing to TCP traffic, the composition of UDP traffic is still unclear. Although it is observed that a large fraction of UDP traffic appears to be P2P applications, application level classification of UDP traffic is still very hard since most of these applications are private protocols based. In this paper, a novel method is proposed to classify UDP traffic. Based on the assumption that traffic from two communicating half-tuples identified by the <; IP address, portnumber > is from the same application, all half-tuples can be grouped into several connected subgraphs. The port numbers which are adopted by most links or half-tuples in each subgroup can thus be used to characterize the application types of the whole subgroup. Experiment results show that this approach is feasible and can classify UDP traffic only using flow level information. The port numbers adopted by most links or half-tuples are surprisingly stable among different time periods, for example, for Youku application remain the same for more than 90% of periods in all the 1429 periods.","PeriodicalId":269952,"journal":{"name":"The 16th Asia-Pacific Network Operations and Management Symposium","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 16th Asia-Pacific Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2014.6996569","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
Comparing to TCP traffic, the composition of UDP traffic is still unclear. Although it is observed that a large fraction of UDP traffic appears to be P2P applications, application level classification of UDP traffic is still very hard since most of these applications are private protocols based. In this paper, a novel method is proposed to classify UDP traffic. Based on the assumption that traffic from two communicating half-tuples identified by the <; IP address, portnumber > is from the same application, all half-tuples can be grouped into several connected subgraphs. The port numbers which are adopted by most links or half-tuples in each subgroup can thus be used to characterize the application types of the whole subgroup. Experiment results show that this approach is feasible and can classify UDP traffic only using flow level information. The port numbers adopted by most links or half-tuples are surprisingly stable among different time periods, for example, for Youku application remain the same for more than 90% of periods in all the 1429 periods.