180 likes | 258 Vues
Treatment-Based Traffic Signatures. Mark Claypool Robert Kinicki Craig Wills. Computer Science Department Worcester Polytechnic Institute. http://www.cs.wpi.edu/~claypool/papers/cube/. P2P File Sharing. Web Browsing. Jitter Insensitive. Jitter Sensitive. Loss Insensitive.
E N D
Treatment-Based Traffic Signatures Mark Claypool Robert Kinicki Craig Wills Computer Science Department Worcester Polytechnic Institute http://www.cs.wpi.edu/~claypool/papers/cube/
P2P File Sharing Web Browsing Jitter Insensitive Jitter Sensitive Loss Insensitive Loss Sensitive Video Streaming Email Sensors Delay Insensitive Delay Sensitive Instant Messaging Network Games Voice over IP Remote Login Diversity of Internet Applications in the Home IMRG WACI, Cambridge, MA, USA
IP Phone Game Consoles Personal Computers Streaming Video Servers Printers and Faxes Wireless Access Point Hand Held Game Devices Mobile Phones (to Internet) Proliferation of Network Devices in the Home Opportunity… “Smart” AP • Automatically improves performance • Interoperable, easy-to-use But first… Need to classify applications • Then can apply treatment to improve QoS IMRG WACI, Cambridge, MA, USA
Outline • Introduction (done) • Goals + (next) • Classification • Preliminary Results • Ongoing Work IMRG WACI, Cambridge, MA, USA
Goals • Classification for purpose of QoS treatments (versus DoS prevention or billing or measurement or …) • Want match between signatures and potential treatments • Not classifying applications instead concentrate on nature of traffic for specific applications and devices • Different applications with same QoS requirements should get equal network treatments • e.g.VoIP and network game • Not all instances of a particular application yield the same signature, nor is that needed • e.g.Web for browsing, Web for download IMRG WACI, Cambridge, MA, USA
Related Approaches • Port classification alone does not work • Applications can share ports • e.g.Non Web apps use port 80 around firewalls • e.g.scp and ssh both over port 22 • Users run applications on non-standard ports • e.g.Web server on different port since 80 restricted • New applications not officially defined for ports • Payload examination alone does not work • Increased encryption at application layer • Can be computationally expensive • New applications cannot be identified this way • Machine learning alone does not work • Takes too long in real-time, so must be done offline first • Needs external validation, so does not work with new apps IMRG WACI, Cambridge, MA, USA
Domain • Provide classification in wireless Access Point (AP), the same point that provides QoS treatment • Home environment • Both directions of a flow travel through AP • Users are not trying to avoid classification • Can be customized and flexible per-flow treatments • Home APs carry few flows compared to core router • Needs to be real-time • Quick, so as to apply treatment to improve QoS IMRG WACI, Cambridge, MA, USA
Outline • Introduction (done) • Goals + (done) • Classification (next) • Preliminary Results • Ongoing Work IMRG WACI, Cambridge, MA, USA
Drop Packets Transmission Spacing Paced Space Packets As available Delay Packets Full Packet Size Tendency Push Packets Non-full Response-based Non-response-based Nature of Reverse Traffic Treatment-Based Classification streaming ftp p2p sensors web voip games telnet ssh IMRG WACI, Cambridge, MA, USA
Outline • Introduction (done) • Goals + (done) • Classification (done) • Preliminary Results (next) • Ongoing Work IMRG WACI, Cambridge, MA, USA
Preliminary Results • Captured 20-second traces from some representative applications • Nature of reverse traffic • Response based or Non-response based • Packet size tendency • Full or Non-full • Transmission spacing • Paced or As-available IMRG WACI, Cambridge, MA, USA
Nature of Reverse Traffic • TCP automatically makes it response-based • UDP is trickier - is a downstream packet sent in response to one upstream (or vice versa)? • First, try simple up/down count: ApplicationDownUp Streaming video1172521 Network game3931231 VoIP934935 • More work needed … IMRG WACI, Cambridge, MA, USA
ftp – large file wsm – video http – browsing cnn ssh – reading email Packet Size Tendency IMRG WACI, Cambridge, MA, USA
ftp – large file http – browsing cnn ssh – reading email wsm – video Transmission Spacing (1 of 2) IMRG WACI, Cambridge, MA, USA
Transmission Spacing (2 of 2) http – browsing http – download http – streaming IMRG WACI, Cambridge, MA, USA
voip – packet size game – packet size voip – transmission spacing game – transmission spacing Data for Some Other Applications IMRG WACI, Cambridge, MA, USA
Ongoing Work • Differentiation of “paced” and “as available” • Identification of “responsed-based” UDP • e.g.DNS or VoIP over DCCP • Definition of “full” packets • e.g.Streaming video packets of 1400 bytes • “Memory” of classification • e.g. in Second Life, interact on estate then teleport • Statistics: continuous, weighted, or windowed • Across flows for the same device • e.g. Game console (Xbox) versus PC • Need for more traces of applications in the home IMRG WACI, Cambridge, MA, USA
Treatment-Based Traffic Signatures Mark Claypool Robert Kinicki Craig Wills Computer Science Department Worcester Polytechnic Institute http://www.cs.wpi.edu/~claypool/papers/cube/