Classification Plugins

Name Features based on Classification approach Current Status Collaborations and contributions from the community
Port L4 protocol ports Port-based available Developed by University of Napoli - signatures from CAIDA [1]
L7 Payload Deep Payload Inspection available Developed by University of Napoli - signatures and code from Linux L7-filter [2]
OpenDPI Payload content/size, packet size, payload lines Deep Payload Inspection available Joint work: University of Napoli, TU Munchen - signatures and code from OpenDPI [3]
nDPI Payload content/size, packet size, payload lines, SSL certificate domain Deep Payload Inspection [4] soon available Developed by University of Napoli - signatures and code from nDPI [4]
nDPIng Payload content/size, packet size, payload lines, SSL certificate domain Deep Payload Inspection [12] soon available Developed by University of Napoli - signatures and code from nDPIng [12]
PortLoad Payload Lightweight payload inspection [5] licensable Developed by University of Napoli
Import Any available feature Imports classification results in arff or tie format [6] available Developed by University of Napoli in collaboration with more than six research groups (e.g., THALES Communication and Security, Tokyo Institute of Technology, etc.)
Weka Any available feature Runs WEKA classifiers into TIE soon available Developed by Universidad de la Republica of Montevideo
GMM-PS First few packet sizes Gaussian Mixture Models [7] unstable Developed by University of Napoli
HMM Packet size and inter-packet time Hidden Markov Models [8] unstable Developed by University of Napoli
FPT Packet size and inter-packet time Statistical [9] unstable Joint work: University of Napoli, University of Brescia.
Joint Packet size and inter-packet time Nearest Neighbor [10] unstable Joint work: University of Napoli, CAIDA, Seoul National University
GT Information from hosts Oracle-based [11] unstable Joint work: University of Napoli, University of Brescia

[1] http://www.caida.org/tools/measurement/coralreef/

[2] http://l7-filter.sourceforge.net/

[3] http://www.opendpi.org/

[4] http://www.ntop.org/products/ndpi/

[5] G. Aceto, A. Dainotti, W. de Donato, A. Pescapè, “PortLoad: taking the best of two worlds in traffic classification”, IEEE INFOCOM 2010 Work in Progress (WiP), San Diego, CA, USA, March 15-19, 2010

[6] A. Dainotti, A. Pescape, and C. Sansone, “Early classification of network traffic through multi-classification”, Traffic Monitoring and Analysis. Springer, 2011, pp. 122–135.

[7] L. Bernaille, R. Teixeira, and K. Salamatian, “Early application identification,” Proceedings of the 2006 ACM CoNEXT conference, 2006, p. 6

[8] A. Dainotti, W. de Donato, A. Pescapè, P. Salvorossi “Classification of Network Traffic via Packet-Level Hidden Markov Models”, IEEE GLOBECOM 2008

[9] M. Crotti, F. Gringoli, P. Pelosato, L. Salgarelli, “A Statistical Approach to IP-level classification of network traffic”, IEEE ICC 2006

[10] A. Dainotti, A. Pescapé, and H. chul Kim, “Traffic classification through joint distributions of packet-level statistics,” IEEE Global Telecommunications Conference, 2011, pp. 1–6.

[11] F. Gringoli, L. Salgarelli, M. Dusi, N. Cascarano, F. Risso, and k. claffy, “GT: picking up the truth from the ground for Internet traffic”, ACM SIGCOMM Computer Communication Review (CCR), Oct 2009.

[12] https://shop.ntop.org/svn/ntop/trunk/nDPIng/

sections/documentation/classifiers.txt · Last modified: 2016/05/09 13:29 by w.dd
CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Copyright 2008-2012 COMICS Research Group, Computer Science Department, University of Naples "Federico II"