Invited talk by Kang Li 15. December
Enabling High-speed Statistical-based Traffic Classification
This talk presents the project of StaRTraC (Statistical-based Real-time Traffic Classification). Traffic classification is an essential function of many modern network devices. The heart of current classification systems is signature-based packet inspection. Although being widely used and successful in many cases, the signature-based method is approaching its limit when it faces the increasing amount of unwanted adversarial traffic. The goal of the StaRTraC project is to enable statistical-based traffic classification at network speed. The idea of making classification based on statistical properties of input is not new, but most of early work focuses on classification accuracy. Despite the effectiveness of statistical based filters, their greater processing overhead can prevent them from scaling well for enterprise level network and servers. This project focuses on exploring techniques to enable practical uses of statistics-based classification methods at the network level. Two examples of speed up statistical-based classification are given in this talk. The first one is for the case of applying statistical-based method with rich content features from deep packet inspection. In this case, we demonstrated acceleration techniques (based on an extended Bloom filter) to speed up Naïve Bayesian spam filters. The second example is for the case with limited packet features. In this case, we speed up statistical-based classification to identify Skype and Vontage traffic. The StaRTraC project is ongoing at the University of Georgia, and it is sponsored by the Georgia Research Alliance and Cisco Systems.