Fine-grained P2P traffic classification by simply counting flows

  • Jie He
  • Yue-xiang Yang
  • Yong Qiao
  • Wen-ping Deng


The continuous emerging of peer-to-peer (P2P) applications enriches resource sharing by networks, but it also brings about many challenges to network management. Therefore, P2P applications monitoring, in particular, P2P traffic classification, is becoming increasingly important. In this paper, we propose a novel approach for accurate P2P traffic classification at a fine-grained level. Our approach relies only on counting some special flows that are appearing frequently and steadily in the traffic generated by specific P2P applications. In contrast to existing methods, the main contribution of our approach can be summarized as the following two aspects. Firstly, it can achieve a high classification accuracy by exploiting only several generic properties of flows rather than complicated features and sophisticated techniques. Secondly, it can work well even if the classification target is running with other high bandwidth-consuming applications, outperforming most existing host-based approaches, which are incapable of dealing with this situation. We evaluated the performance of our approach on a real-world trace. Experimental results show that P2P applications can be classified with a true positive rate higher than 97.22% and a false positive rate lower than 2.78%.

Key words

Traffic classification Peer-to-peer (P2P) Fine-grained Host-based 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Auld, T., Moore, A.W., Gull, S.F., 2007. Bayesian neural networks for Internet traffic classification. IEEE Trans. Neur. Netw., 18(1):223–239. [doi: 10.1109/TNN.2006.883010]CrossRefGoogle Scholar
  2. Ban, T., Guo, S., Eto, M., et al., 2012. A study on cost-effective P2P traffic classification. Proc. Int. Joint Conf. on Neural Networks, p.1–7. [doi: 10.1109/IJCNN.2012.6252672]Google Scholar
  3. Basher, N., Mahanti, A., Mahanti, A., et al., 2008. A comparative analysis of web and peer-to-peer traffic. Proc. 17th Int. Conf. on World Wide Web, p.287–296. [doi: 10.1145/1367497.1367537]Google Scholar
  4. Bermolen, P., Mellia, M., Meo, M., et al., 2011. Abacus: accurate behavioral classification of P2P-TV traffic. Comput. Netw., 55(6):1394–1411. [doi: 10.1016/j.comnet.2010.12.004]CrossRefGoogle Scholar
  5. Chen, J.B., 2011. Fuzzy based approach for P2P file sharing detection. J. Internet Technol., 12(6):921–930.Google Scholar
  6. Dainotti, A., Pescapè, A., Claffy, K.C., 2012. Issues and future directions in traffic classification. IEEE Network, 26(1):35–40. [doi: 10.1109/MNET.2012.6135854]CrossRefGoogle Scholar
  7. Dhamankar, R., King, R., 2007. Protocol Identification via Statistical Analysis (PISA). White Paper, Tipping Point.Google Scholar
  8. Este, A., Gringoli, F., Salgarelli, L., 2009. On the stability of the information carried by traffic flow features at the packet level. ACM SIGCOMM Comput. Commun. Rev., 39(3):13–18. [doi: 10.1145/1568613.1568616]CrossRefGoogle Scholar
  9. Finamore, A., Mellia, M., Meo, M., et al., 2010. KISS: stochastic packet inspection classifier for UDP traffic. IEEE/ACM Trans. Netw., 18(5):1505–1515. [doi: 10.1109/TNET.2010.2044046]CrossRefGoogle Scholar
  10. Gallagher, B., Iliofotou, M., Eliassi-Rad, T., et al., 2010. Link homophily in the application layer and its usage in traffic classification. Proc. IEEE INFOCOM, p.1–5. [doi: 10.1109/INFCOM.2010.5462239]Google Scholar
  11. Gomes, J.V., Inácio, P.R.M., Pereira, M., et al., 2013. Detection and classification of peer-to-peer traffic: a survey. ACM Comput. Surv., 45(3), Article 30. [doi: 10.1145/2480741.2480747]
  12. He, J., Yang, Y., Qiao, Y., et al., 2013. Accurate classification of P2P traffic by clustering flows. China Commun., 10(11):42–51. [doi: 10.1109/CC.2013.6674209]CrossRefGoogle Scholar
  13. Huang, N.F., Jai, G.Y., Chao, H.C., 2008. Early identifying application traffic with application characteristics. Proc. IEEE Int. Conf. on Communications, p.5788–5792. [doi: 10.1109/ICC.2008.1083]Google Scholar
  14. Hullár, B., Laki, S., Gyorgy, A., 2011. Early identification of peer-to-peer traffic. Proc. IEEE Int. Conf. on Communications, p.1–6. [doi: 10.1109/icc.2011.5963023]Google Scholar
  15. Hurley, J., Garcia-Palacios, E., Sezer, S., 2011. Host-based P2P flow identification and use in real-time. ACM Trans. Web, 5(2), Article 7. [doi: 10.1145/1961659.1961661]
  16. Iliofotou, M., Kim, H., Faloutsos, M., et al., 2011. Graption: a graph-based P2P traffic classification framework for the Internet backbone. Comput. Netw., 55(8):1909–1920. [doi: 10.1016/j.comnet.2011.01.020]CrossRefGoogle Scholar
  17. Karagiannis, T., Papagiannaki, K., Faloutsos, M., 2005. BLINC: multilevel traffic classification in the dark. ACM SIGCOMM Comput. Commun. Rev., 35(4):229–240. [doi: 10.1145/1090191.1080119]CrossRefGoogle Scholar
  18. Moore, A., Zuev, D., Crogan, M., 2005. Discriminators for Use in Flow-Based Classification. Technical Report, University of London, UK.Google Scholar
  19. Nguyen, T.T.T., Armitage, G., 2008. Clustering to assist supervised machine learning for real-time IP traffic classification. Proc. IEEE Int. Conf. on Communications, p.5857–5862. [doi: 10.1109/ICC.2008.1095]Google Scholar
  20. Ohzahata, S., Hagiwara, Y., Terada, M., et al., 2005. A traffic identification method and evaluations for a pure P2P application. Proc. 6th Int. Workshop on Passive and Active Network Measurement, p.55–68. [doi: 10.1007/978-3-540-31966-5_5]CrossRefGoogle Scholar
  21. Sandvine, 2014. Global Internet Phenomena Report 1H 2014. Technical Report. Sandvine Incorporated ULC, Waterloo, Ontario, Canada.Google Scholar
  22. Tabatabaei, T.S., Adel, M., Karray, F., et al., 2012. Machine learning-based classification of encrypted Internet traffic. Proc. 8th Int. Conf. on Machine Learning and Data Mining in Pattern Recognition, p.578–592. [doi: 10.1007/978-3-642-31537-4_45]CrossRefGoogle Scholar
  23. Valenti, S., Rossi, D., 2011. Identifying key features for P2P traffic classification. Proc. IEEE Int. Conf. on Communications, p.1–6. [doi: 10.1109/icc.2011.5963018]Google Scholar
  24. Yang, D., Zhang, Y., Zhang, H., et al., 2009. Multi-factors oriented study of P2P Churn. Int. J. Commun. Syst., 22(9):1089–1103. [doi: 10.1002/dac.1001]CrossRefGoogle Scholar
  25. Zhang, T., Ramakrishnan, R., Livny, M., 1996. BIRCH: an efficient data clustering method for very large databases. ACM SIGMOD Rec., 25(2):103–114. [doi: 10.1145/235968.233324]CrossRefGoogle Scholar

Copyright information

© Journal of Zhejiang University Science Editorial Office and Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Jie He
    • 1
  • Yue-xiang Yang
    • 1
  • Yong Qiao
    • 2
  • Wen-ping Deng
    • 1
  1. 1.College of ComputerNational University of Defense TechnologyChangshaChina
  2. 2.The Research InstitutionChina Electronic Equipment & System Engineering CompanyBeijingChina

Personalised recommendations