Accurate P2P traffic identification based on data transfer behavior

Peer-to-Peer (P2P) technology is one of the most popular techniques nowadays, and accurate identification of P2P traffic is important for many network activities. The classification of network traffic by using port-based or payload-based analysis is becoming increasingly difficult when many applications use dynamic port numbers, masquerading techniques, and encryption to avoid detection. A novel method for P2P traffic identification is proposed in this work, and the methodology relies only on the statistics of end-point, which is a pair of destination IP address and destination port. Features of end-point behaviors are extracted and with which the Support Vector Machine classification model is built. The experimental results demonstrate that this method can classify network applications by using TCP or UDP protocol effectively. A large set of experiments has been carried over to assess the performance of this approach, and the results prove that the proposed approach has good performance both at accuracy and robustness.