research-article

Wire-speed statistical classification of network traffic on commodity hardware

Authors:

Pedro M. Santiago del Rio,

Francesco Gringoli,

Luca Salgarelli,

Javier AracilAuthors Info & Claims

IMC '12: Proceedings of the 2012 Internet Measurement Conference

Pages 65 - 72

https://doi.org/10.1145/2398776.2398784

Published: 14 November 2012 Publication History

Abstract

In this paper we present a software-based traffic classification engine running on commodity multi-core hardware, able to process in real-time aggregates of up to 14.2 Mpps over a single 10 Gbps interface -- i.e., the maximum possible packet rate over a 10 Gbps Ethernet links given the minimum frame size of 64 Bytes.

This significant advance with respect to the current state of the art in terms of achieved classification rates are made possible by:(i) the use of an improved network driver, PacketShader, to efficiently move batches of packets from the NIC to the main CPU;(ii) the use of lightweight statistical classification techniques exploiting the size of the first few packets of every observed flow;(iii) a careful tuning of critical parameters of the hardware environment and the software application itself.

Supplementary Material

PDF File (1.pdf)

Summary Review Documentation for "Wire-speed Statistical Classification of Network Traffic on Commodity Hardware", Authors: P. Ró, D. Rossi, F. Gringoli, L. Nava, L. Salgarelli, J. Aracil

Download
62.77 KB

References

[1]

L. Bernaille, R. Teixeira, and K. Salamatian. Early application identification. In ACM CoNEXT 2006.

Digital Library

[2]

N. Bonelli, A. Di Pietro, S. Giordano, and G. Procissi. On multi-gigabit packet capturing with multi-core commodity hardware. In Passive and Active Measurement (PAM) 2012.

Digital Library

[3]

J. Bonwick. The slab allocator: An object-caching kernel memory allocator. In USENIX Summer Technical Conference 1994.

Digital Library

[4]

A. Cardigliano, J. Gasparakis, and F. Fusco. vPF\_RING: Towards wire-speed network monitoring using virtual machines. In ACM IMC 2011.

Digital Library

[5]

M. Crotti, M. Dusi, F. Gringoli, and L. Salgarelli. Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev., 37(1):5--16, 2007.

Digital Library

[6]

A. Dainotti, A. Pescape, and K. Claffy. Issues and future directions in traffic classification. Network, IEEE, 26(1):35 --40, 2012.

Digital Library

[7]

M. Danelutto, L. Deri, and D. De Sensi. Network monitoring on multicores with algorithmic skeletons. In International Conference on Parallel Computing (PARCO) 2011.

[8]

L. Deri. IP traffic monitoring at 10 Gbit and above. http://www.terena.org/activities/ngn-ws/ws2/deri-10g.pdf.

[9]

A. Finamore, M. Mellia, M. Meo, M. Munafo, and D. Rossi. Experiences of Internet traffic monitoring with Tstat. Network, IEEE, 25(3):8--14, 2011.

[10]

F. Fusco and L. Deri. High speed network traffic analysis with commodity multi-core systems. In ACM IMC 2010.

Digital Library

[11]

S. Han, K. Jang, K. Park, and S. Moon. PacketShader: a GPU-accelerated software router. In ACM SIGCOMM Comput. Commun. Rev., volume 40, pages 195--206, 2010.

Digital Library

[12]

C. Inacio and B. Trammell. YAF: yet another flowmeter. In International conference on Large installation system administration (LISA) 2010.

Digital Library

[13]

Intel. Intel ® 82599 10 GbE Controller Datasheet. October, (December), 2010.

[14]

H. Kim, K. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee. Internet traffic classification demystified: myths, caveats, and the best practices. In ACM CoNEXT 2008.

Digital Library

[15]

A. Lim and R. Kinsella. Data plane packet processing on embedded intel architecture platforms. http://download.intel.com/design/intarch/papers/322516.pdf.

[16]

Y. Lim, H. Kim, J. Jeong, C. Kim, T. Kwon, and Y. Choi. Internet traffic classification demystified: on the sources of the discriminative power. In ACM CoNEXT 2010.

Digital Library

[17]

Y. Liu, D. Xu, L. Sun, and D. Liu. Accurate traffic classification with multi-threaded processors. In IEEE International Symposium on Knowledge Acquisition and Modeling Workshop (KAM) 2008.

[18]

A. Mitra, W. Najjar, and L. Bhuyan. Compiling PCRE to FPGA for accelerating SNORT IDS. In ACM/IEEE Symposium on Architecture for networking and communications systems (ANCS) 2007.

Digital Library

[19]

D. Moore, K. Keys, R. Koga, E. Lagache, and K. C. Claffy. The CoralReef software suite as a tool for system and network administrators. In USENIX conference on System administration 2001.

Digital Library

[20]

T. Nguyen and G. Armitage. A survey of techniques for Internet traffic classification using machine learning. Communications Surveys & Tutorials, IEEE, 10(4):56--76, 2008.

Digital Library

[21]

NVIDIA Corporation. NVIDIA GPUDirect Technology. http://developer.download.nvidia.com/devzone//devcenter/cuda/docs/GPUDirect_Technology_Overview.pdf.

[22]

Y. Qi, B. Xu, F. He, B. Yang, J. Yu, and J. Li. Towards high-performance flow-level packet processing on multi-core network processors. In ACM/IEEE Symposium on Architecture for networking and communications systems (ANCS) 2007.

Digital Library

[23]

L. Rizzo. netmap: a novel framework for fast packet I/O. In USENIX Annual Technical Conference 2012.

Digital Library

[24]

L. Rizzo, M. Carbone, and G. Catalli. Transparent acceleration of software packet forwarding using netmap. In IEEE INFOCOM 2012.

[25]

D. Rossi and M. Mellia. Real-time TCP/IP analysis with common hardware. In IEEE ICC 2006.

[26]

D. Rossi, S. Valenti, P. Veglia, D. Bonfiglio, M. Mellia, and M. Meo. Pictures from the Skype. ACM Performance Evaluation Review (PER), 36(2):83--86, 2008.

Digital Library

[27]

G. Szabó, I. Gódor, A. Veres, S. Malomsoky, and S. Molnár. Traffic classification over Gbit speed with commodity hardware. IEEE J. Communications Software and Systems, 5, 2010.

[28]

G. Vasiliadis, M. Polychronakis, and S. Ioannidis. MIDeA: a multi-parallel intrusion detection architecture. In ACM conference on Computer and communications security (CSS) 2011.

Digital Library

[29]

C. Walsworth, E. Aben, k. claffy, and D. Andersen. The CAIDA anonymized 2009 Internet traces. http://www.caida.org/data/passive/passive_2009_dataset.xml.

[30]

D. Wang, Y. Xue, and Y. D. Memory-efficient hypercube flow table for packet processing on multi-cores. In IEEE GLOBECOM 2011.

[31]

W. Wu, P. DeMar, and M. Crawford. Why can some advanced Ethernet NICs cause packet reordering? IEEE Communications Letters, 15(2):253--255, 2011.

Cited By

Bovenzi GNascita AYang LFinamore AAceto GCiuonzo DPescapé ARossi D(2024)Benchmarking Class Incremental Learning in Deep Learning Traffic ClassificationIEEE Transactions on Network and Service Management10.1109/TNSM.2023.328743021:1(51-69)Online publication date: Feb-2024
https://doi.org/10.1109/TNSM.2023.3287430
Jang YKim NLee B(2023)Traffic classification using distributions of latent space in software-defined networks: An experimental evaluationEngineering Applications of Artificial Intelligence10.1016/j.engappai.2022.105736119(105736)Online publication date: Mar-2023
https://doi.org/10.1016/j.engappai.2022.105736
Wang CFinamore AYang LFauvel KRossi D(2022)AppClassNetACM SIGCOMM Computer Communication Review10.1145/3561954.356195852:3(19-27)Online publication date: 6-Sep-2022
https://dl.acm.org/doi/10.1145/3561954.3561958
Show More Cited By

Index Terms

Wire-speed statistical classification of network traffic on commodity hardware
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

Performance comparison of hardware virtualization platforms
NETWORKING'11: Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I

Hosting virtual servers on a shared physical hardware by means of hardware virtualization is common use at data centers, web hosters, and research facilities. All platforms include isolation techniques that restrict resource consumption of the virtual ...
Hardware implementation of configurable bandwidth estimation module in high speed networks
ACOS'07: Proceedings of the 6th Conference on WSEAS International Conference on Applied Computer Science - Volume 6

The purpose of self-sizing networks is to provide efficient utilization of network resources while ensuring appropriate Quality of Service (QoS) for each class of traffic. Bandwidth estimation, which estimates the amount of a traffic bandwidth, is ...
A platform for high performance and flexible virtual routers on commodity hardware

Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for software router virtualization. In this context, we present the design of a new platform for virtual routers on modern PC hardware. We ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '12: Proceedings of the 2012 Internet Measurement Conference

November 2012

572 pages

ISBN:9781450317054

DOI:10.1145/2398776

General Chairs:
John Byers
Boston University
,
Jim Kurose
University of Massachusetts Amherst
,
Program Chairs:
Ratul Mahajan
Microsoft Research
,
Alex C. Snoeren
UC San Diego

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMETRICS: ACM Special Interest Group on Measurement and Evaluation
SIGCOMM: ACM Special Interest Group on Data Communication
USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IMC '12

Sponsor:

SIGMETRICS
SIGCOMM
USENIX Assoc

IMC '12: Internet Measurement Conference

November 14 - 16, 2012

Massachusetts, Boston, USA

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
324
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bovenzi GNascita AYang LFinamore AAceto GCiuonzo DPescapé ARossi D(2024)Benchmarking Class Incremental Learning in Deep Learning Traffic ClassificationIEEE Transactions on Network and Service Management10.1109/TNSM.2023.328743021:1(51-69)Online publication date: Feb-2024
https://doi.org/10.1109/TNSM.2023.3287430
Jang YKim NLee B(2023)Traffic classification using distributions of latent space in software-defined networks: An experimental evaluationEngineering Applications of Artificial Intelligence10.1016/j.engappai.2022.105736119(105736)Online publication date: Mar-2023
https://doi.org/10.1016/j.engappai.2022.105736
Wang CFinamore AYang LFauvel KRossi D(2022)AppClassNetACM SIGCOMM Computer Communication Review10.1145/3561954.356195852:3(19-27)Online publication date: 6-Sep-2022
https://dl.acm.org/doi/10.1145/3561954.3561958
Garcia JCoello Coello C(2020)A surrogate-assisted GA enabling high-throughput ML by optimal feature and discretization selectionProceedings of the 2020 Genetic and Evolutionary Computation Conference Companion10.1145/3377929.3398092(1632-1640)Online publication date: 8-Jul-2020
https://dl.acm.org/doi/10.1145/3377929.3398092
Garcia JKorhonen T(2020)DIOPT: Extremely Fast Classification Using Lookups and Optimal Feature Discretization2020 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN48605.2020.9207037(1-8)Online publication date: Jul-2020
https://doi.org/10.1109/IJCNN48605.2020.9207037
Alqudah NYaseen Q(2020)Machine Learning for Traffic Analysis: A ReviewProcedia Computer Science10.1016/j.procs.2020.03.111170(911-916)Online publication date: 2020
https://doi.org/10.1016/j.procs.2020.03.111
Li Z(2018)HPSRouter: A high performance software router based on DPDK2018 20th International Conference on Advanced Communication Technology (ICACT)10.23919/ICACT.2018.8323810(503-506)Online publication date: Feb-2018
https://doi.org/10.23919/ICACT.2018.8323810
Høiland-Jørgensen TBrouer JBorkmann DFastabend JHerbert TAhern DMiller DDimitropoulos XDainotti AVanbever LBenson T(2018)The eXpress data pathProceedings of the 14th International Conference on emerging Networking EXperiments and Technologies10.1145/3281411.3281443(54-66)Online publication date: 4-Dec-2018
https://dl.acm.org/doi/10.1145/3281411.3281443
Julián-Moreno GLeira Rde Vergara JGómez-Arribas FGonzález IHaddad HWainwright RChbeir R(2018)On the feasibility of 40 gbps network data capture and retention with general purpose hardwareProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167238(970-978)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167238
Barach DLinguaglossa LMarion DPfister PPontarelli SRossi D(2018)High-Speed Software Data Plane via Vectorized Packet ProcessingIEEE Communications Magazine10.1109/MCOM.2018.180006956:12(97-103)Online publication date: Dec-2018
https://doi.org/10.1109/MCOM.2018.1800069
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents