k. c. claffy

Workshop on Internet Economics (WIE2009) Report

By: 
k. c. claffy
Appears in: 
CCR April 2010

On September 23, 2009, CAIDA hosted a virtual Workshop on Internet Economics to bring together network technology and policy researchers, commercial Internet facilities and service providers, and communications regulators to explore a common goal: framing a concrete agenda for the emerging but empirically stunted field of Internet infrastructure economics. With participants stretching from Washington D.C. to Queensland, Australia, we used the electronic conference hosting facilities supported by the California Institute of Technology (CalTech) EVO Collaboration Network.

The workshop on active internet measurements (AIMS) report

By: 
k. c. claffy, Marina Fomenkov, Ethan Katz-Bassett, Robert Beverly, Beverly A. Cox, and Matthew Luckie
Appears in: 
CCR October 2009

Measuring the global Internet is a perpetually challenging task for technical, economic and policy reasons, which leaves scientists as well as policymakers navigating critical questions in their field with little if any empirical grounding. On February 12-13, 2009, CAIDA hosted the Workshop on Active Internet Measurements (AIMS) as part of our series of Internet Statistics and Metrics Analysis (ISMA) workshops which provide a venue for researchers, operators, and policymakers to exchange ideas and perspectives.

GT: picking up the truth from the ground for internet traffic

By: 
F. Gringoli, Luca Salgarelli, M. Dusi, N. Cascarano, F. Risso, and k. c. claffy
Appears in: 
CCR October 2009

Much of Internet traffic modeling, firewall, and intrusion detection research requires traces where some ground truth regarding application and protocol is associated with each packet or flow. This paper presents the design, development and experimental evaluation of gt, an open source software toolset for associating ground truth information with Internet traffic traces. By probing the monitored host’s kernel to obtain information on active Internet sessions, gt gathers ground truth at the application level.

Public Review By: 
Pablo Rodriguez

Traffic classification has received widespread attention in the last few years. This can be explained by the continuous tussle between network operators that sometimes try to ‘peek’ into their client’s application usage and network services and applications that add layers of evasion to escape such eavesdropping. Accurately assigning applications to observed flows can also help with management, security as well as provisioning of IP networks. A plethora of traffic classification techniques have consequently been developed to address each of the layers of evasion added by applications. All such techniques need reliable inputs to quantify their effectiveness. Such input comes in the form of previously labeled traffic traces and is usually referred to as ground truth.
Two main techniques were used so far to produce traffic that provides such ground truth. The first one manually or programmatically triggers applications on different machines and labels the corresponding generated flows. This has limitations, since the traffic traces can still contain background traffic and the generated workload is not similar to a workload generated by human users. The second technique employs Deep Packet Inspection and tries to match signatures inside each packet. However, multiple signatures might match and also this approach breaks when dealing with encrypted traffic.
This paper presents a client tool called gt that helps to provide ground truth information to evaluate different traffic classification methods by monitoring a host's kernel. This is extremely valuable for validation purposes. The authors show that the gt tool developed addresses some of above limitations: it seemingly integrates with a user’s normal computer usage, keeping a low CPU load (less than 5%), and achieves close to 100% completeness in flow tagging on all operating systems. The gt tool can also help augment exiting classification techniques like DPI to give better results. In fact, the gt tool can be used to address the limitations of existing Deep Packet Inspection techniques both by reducing the number of signatures that need to be matched and by enhancing the accuracy of the matches. One potential avenue for further research that the authors could explore is to evaluate and characterize existing traffic classification methods such as BLINC using the ground truth information generated with the gt tool, thus proving invaluable to help finetune such approaches.

Syndicate content