Network traffic classification finds its applications in a variety of network management tasks such as quality of service, security monitoring, traffic engineering, etc. Deep Packet Inspection is one of the methods to identify applications. With the number of proprietary protocols on the rise and network protocols using bit level information for encoding, recently it has been shown that bit level signatures are effective for identifying applications. In this paper, we propose BitProb which generates probabilistic bit signatures for traffic classification. It uses the probability of a bit at a particular position being either 0 or 1 and generates a space efficient signature represented as a state transition machine. Subsequently, it uses the overall probability of an ${n}$ bit binary string extracted from a network flow to identify which application generated the flow. We experiment with three datasets covering twenty protocols (text, binary and proprietary) and show that BitProb classifies network flows with high accuracy and has a minimum number of misclassifications.
Read full abstract