A nonlinear, recurrence-based approach to traffic classification

The ability to accurately classify and identify the network traffic associated with different applications is a central issue for many network operation and research topics including Quality of Service enforcement, traffic engineering, security, monitoring and intrusion-detection. However, traditional classification approaches for traffic to higher-level application mapping, such as those based on port or payload analysis, are highly inaccurate for many emerging applications and hence useless in actual networks. This paper presents a recurrence plot-based traffic classification approach based on the analysis of non-stationary “hidden” transition patterns of IP traffic flows. Such nonlinear properties cannot be affected by payload encryption or dynamic port change and hence cannot be easily masqueraded. In performing a quantitative assessment of the above transition patterns, we used recurrence quantification analysis, a nonlinear technique widely used in many fields of science to discover the time correlations and the hidden dynamics of statistical time series. Our model proved to be effective for providing a deterministic interpretation of recurrence patterns derived by complex protocol dynamics in end-to-end traffic flows, and hence for developing qualitative and quantitative observations that can be reliably used in traffic classification.