IRP Banner

Traffic Analysis

Blind Traffic Classification

BLINC embodies a fundamentally different approach to classifying traffic flows according to the applications that generate them. In contrast to previous methods, BLINC is based on observing and identifying patterns of host behavior at the transport layer. We analyze these patterns at three levels of increasing detail (i) the social, (ii) the functional and (iii) the application level. BLINC has two important features. First, it operates in the dark, having (a) no access to packet payload, (b) no knowledge of port numbers and (c) no additional information other than what current flow collectors provide. These restrictions respect privacy, technological and practical constraints. Second, it can be tuned to balance the accuracy of the classification versus the number of successfully classified traffic flows. Using real traces we have shown that we are able to classify 80%- 90% of the traffic with more than 95% accuracy.
  • T. Karagiannis, K. Papagiannaki, and M. Faloutsos.
    BLINC: Multilevel Traffic Classification in the Dark.
    In ACM Sigcomm, Philadelphia, PA, August, 2005.
    Download: (pdf)

Impact of p2p content distribution on ISP traffic

P2P networks are emerging as an alternative to large scale content distribution without requiring major infrastructure investments. Recently, several major content providers have started exploring the opportunity offered by such P2P file delivery systems. However, there seems to be a growing concern among ISPs regarding the cost of supporting such P2P solutions. In this work we explore the potential impact of future file delivery solutions based on P2P as seen from three different points of view, i) the content provider, ii) the ISPs, and iii) the content consumer. Using a diverse set of measurements that includes tracker logs as well as full-payload packet traces collected at the edge of a 20,000 user access network we quantify the impact of alternative file delivery solutions on network performance and resource consumption. We further compare it with the performance expected from more traditional solutions based on large server farms and Content Distribution networks.
  • T. Karagiannis, P. Rodriguez, and K. Papagiannaki.
    Should Internet Service Providers Fear Peer-Assisted Content Distribution?
    In ACM Internet Measurement Conference, New Orleans, LA, Octob er, 2005.
    Download: (pdf)

Security

In parallel, I am contemplating several security topics, but it is too early to say anything concrete:-)