Home // AP2PS 2011, The Third International Conference on Advances in P2P Systems // View article

On the Performance of OpenDPI in Identifying P2P Truncated Flows

Authors:
Jawad Khalife
Amjad Hajjar
Jesus Diaz-Verdejo

Keywords: IP traffic classification; p2p; peer to peer; deep packet inspection; DPI optimization

Abstract:
This paper aims to show the impact on classification accuracy and the level of computational gain that could be obtained in applying deep packet inspection on truncated peer to peer traffic flows instead of complete ones. Using one of the latest open source classifiers, experiments were conducted to evaluate classification performance on full and truncated network flows for different protocols, focusing on the detection of peer to peer. Despite minor exceptions, all the results show that with the latest deep packet inspection classifiers, which may incorporate different helper technologies, inspecting the first packets at the beginning of each flow, may still provide concrete computational gain while an acceptable level of classification accuracy is maintained. The present paper discusses this tradeoff and provides some recommendations on the number of packets to be inspected for the detection of peer to peer flows and some other common application protocols. As such, a new sampling approach is proposed, which accommodates samples to the stateful classifier’s algorithm, taking into consideration the characteristics of the protocols being classified.

Pages: 79 to 84

Copyright: Copyright (c) IARIA, 2011

Publication date: November 20, 2011

Published in: conference

ISBN: 978-1-61208-173-1

Location: Lisbon, Portugal

Dates: from November 20, 2011 to November 25, 2011