Traffic Labeller: Collecting Internet traffic samples with accurate application information

Author

Peng Lizhi ; Zhang Hongli ; Yang Bo ; Chen Yuehui ; Wu Tong

Author_Institution

Sch. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin, China

Volume

11

Issue

1

fYear

2014

fDate

Jan. 2014

Firstpage

69

Lastpage

78

Abstract

Traffic classification research has been suffering from a trouble of collecting accurate samples with ground truth. A model named Traffic Labeller (TL) is proposed to solve this problem. TL system captures all user socket calls and their corresponding application process information in the user mode on a Windows host. Once a sending data call has been captured, its 5-tuple {source I P, destination I P, source port, destination port and transport layer protocol}, associated with its application information, is sent to an intermediate NDIS driver in the kernel mode. Then the intermediate driver writes application type information on TOS field of the IP packets which match the 5-tuple. In this way, each IP packet sent from the Windows host carries their application information. Therefore, traffic samples collected on the network have been labelled with the accurate application information and can be used for training effective traffic classification models.

Keywords

IP networks; Internet; telecommunication traffic; transport protocols; IP packets; Internet traffic samples; TOS field; Windows host; accurate application information; data call; destination port; intermediate NDIS driver; kernel mode; source port; traffic classification research; traffic labeller; transport layer protocol; user mode; Classification; IP networks; Internet; Ports (Computers); Telecommunication network management; Telecommunication traffic; data collection; ground truth; network measurement; traffic classification;

fLanguage

English

Journal_Title

Communications, China

Publisher

ieee

ISSN

1673-5447

Type

jour

DOI

10.1109/CC.2014.6821309

Filename

6821309