Abstract

The traffic dynamics of the Internet's dominant applications, such as peer-to-peer and multimedia, worsen the accuracy of the existing application traffic identification. There is a strong need for both practical and reliable identification methods with proof of accuracy. This paper proposes a hybrid approach of signature matching and session behavior mapping methods for accurate application traffic identification. In particular, the paper explores a priority-based signature matching scheme on early packet samples to replace conventional signature matching. It then uses session relationships to identify application traffic from the remaining, unidentified traffic. In validation, we present the accuracy analysis of applications using the Port Dependency Ratio (PDR) method for simulated traffic as well as real traffic.