Muhammad ZIA, Nazar Abbas SAQIB, Yaqoot SHAKEEL, Moazzam Ali KHAN, Hasan MAHMOOD

An effective empirical approach to VoIP traffic classi cation

It is bene cial for telecommunication authorities and Internet service providers (ISPs) to classify and detectvoice traffic. It can help them to block unsubscribed users from using their services, which saves them huge revenues.Voice packets can be detected easily, but it becomes complicated when the application or port information in thepacket header is hidden due to some secure mechanism such as encryption. This work provides effective voice packetclassi cation and detection based on behavioral and statistical analysis, which is independent of any application, securityprotocol, or encryption mechanism. First we have made initial assessments through packet feature analysis followed bythe implementation of a voice detection algorithm to perform statistical analysis for classifying traffic over IP networks.The proposed voice detection algorithm is executed in three phases: registering of packet ow traces, signature-basedanalysis, and voice classi cation. In the rst phase, new packets are registered. In the second phase, registered packets aretested if they are already marked as detected. In the third phase, the voice detection algorithm works at distinguishingencrypted and nonencrypted voice ows by ne-tuning the parameters, which are chosen after a detailed statisticalanalysis of datasets on security protocols such as secure socket layer, secure session initiation protocol, and secure real-time transport protocol. Our results demonstrate a high true positive rate (TPR) and very low false alarm rate (FAR).The proposed methodology achieves a TPR of 93.6% for offline traces, 100% for the self-con gured voice setups, and95% for the online traffic. The FAR is 0.000084% for offline traces and 0.00020% for online traces, which shows that theproposed methodology is highly efficient and can be incorporated in contemporary telecommunication systems.

PDF

___

[1]Renals P, Jacoby GA. Blocking Skype through deep packet inspection. In: 42nd Hawaii International Conferenceon System Sciences; 5{8 January 2009; Waikoloa, HI, USA. New York, NY, USA: IEEE. pp. 1-5.
[2]Zhou LX, Zhi HJ, Song HM, Peng YF. Identi cation of P2P streaming traffic using application signatures. ApplRes Comp 2009; 6: 2214-2216.
[3]Dodge RC Jr. Skype ngerprint. In: 41st Hawaii International Conference on System Sciences; 7{10 January 2008,Waikoloa, HI, USA. New York, NY, USA: IEEE. p. 485.
[4]Karagiannis T, Papagiannaki K, Faloutsos M. BLINC: Multilevel traffic classi cation in the dark. In: 2005 Con-ference on Applications, Technologies, Architectures, and Protocols for Computer Communications; 22{26 August2005; Philadelphia, PA, USA. pp. 229-240.
[5]Lee S, Kim H, Barman D, Lee S, Kim C, Kwon T, Choi Y. NeTraMark: a network traffic classi cation benchmark.Comput Commun Rev 2011; 41: 22-30.
[6]Bernaille L, Teixeira R, Salamatian K. Early application identi cation. In: 2nd Conference on Future NetworkingTechnologies; 4{7 December 2006; New York, NY, USA. pp. 1-6.
[7]Wright CV, Monrose F, Masson GM. On inferring application protocol behaviors in encrypted network traffic. JMach Learn Res 2006; 7: 2745-2769.
[8]Bernaille L, Teixeira R, Akodkenou I, Soule A, Salamatian K. Traffic classi cation on the y. Comput CommunRev 2006; 36: 23-26.
[9]Alshammari R, Zincir-Heywood AN. Can encrypted traffic be identi ed without port numbers, IP addresses andpayload inspection? Comp Netw 2011; 55: 1326-1350.
[10]Yildirim T, Radcliffe P. VoIP traffic classi cation in IPSec tunnels. In: 2010 International Conference on Electronicsand Information Engineering; 1{3 August 2010; Kyoto, Japan. pp. 151-157.
[11]Crotti M, Dusi M, Gringoli F, Salgarelli L. Traffic classi cation through simple statistical ngerprinting. ComputCommun Rev 2007; 37: 7-16.
[12]Li W, Moore AW. A machine learning approach for efficient traffic classi cation. In: 20th International Symposiumon Modeling, Analysis and Simulation of Computer and Telecommunication Systems; 7{9 August 2012; Arlington,VA, USA. pp. 310-317.
[13]Karagiannis T, Broido A, Faloutsos M, Claffy KC. Transport layer identi cation of P2P traffic. In: 2004 InternetMeasurement Conference; 25{27 October 2004; Taormina, Italy. pp. 121-134.
[14]Alshammari R, Zincir-Heywood AN. Machine learning based encrypted traffic classi cation: Identifying SSH andSkype. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications; 8{10 July 2009;Ottawa, ON, Canada. New York, NY, USA: IEEE. pp. 1-8.
[15]Branch P, But J. Rapid and generalized identi cation of packetized voice traffic ows:In: 2012 IEEE 38th Conferenceon Local Computer Networks; 22{25 October 2012; Clearwater Beach, FL, USA. New York, NY, USA: IEEE. pp.85-92.
[16]Bon glio D, Mellia M, Meo M, Rossi D, Tofanelli P. Revealing skype traffic: when randomness plays with you. In:2007 Conference on Applications, Technologies, Architectures and Protocols for Computer Communications; 27{31August 2007; New York, NY, USA. pp. 37-48.
[17]Alshammari R, Zincir-Heywood AN. An investigation on the identi cation of VoIP traffic: case study on Gtalk andSkype. In: 6th International Conference on Network and Service Management; 25{29 October, 2010; Niagara Falls,ON, Canada. pp. 310-313.