VoIP traffic classification in IPSec tunnels

Research in traffic classification has become more challenging with the emergence of new applications and new ways to hide the true nature of traffic. The accuracy of traffic identification methods has also become more important due to the greater use of delay sensitive applications such as VoIP and video over IP which need to be identified and given priority. Traditional techniques such as header and payload inspection are not providing sufficient information to identify traffic types due to the usage of non-standard ports, tunnelling and encryption. Promising methods have been proposed based around the statistical behaviour of traffic flow. Although these methods can achieve quite high accuracies in non-encrypted traffic flows, traffic identification of encrypted traffic flows is still in its early stages. In this paper, we will review the recent work done on encrypted traffic identification, particularly network layer encryption using statistical techniques and propose a remarkably simple technique for VoIP traffic identification in IPSec peer to peer tunnels. More importantly it is shown that VoIP/non-VoIP classification can be used to dramatically improve VoIP QoS and may be used to effectively block non-VoIP traffic in an IPSec tunnel. These results point to the usefulness of the technique and the desirability to find more discriminating VoIP identification algorithms for IPSec tunnels.