Statistical Protocol IDentification with SPID: Preliminary Results
Paper i proceeding, 2009

Identifying application layer protocols within network sessions is important when assigning Quality of Service (QoS) priorities as well as when conducting network security monitoring. This paper introduces a Statistical Protocol IDentification algorithm (SPID) utilizing various statistical flow and application layer data features. We have identified application layer protocols by comparing probability vectors created from observed network traffic to probability vectors of known protocols. Promising preliminary results are presented, showing average precision of 100% and recall of 92% for a small set of protocols within traffic traces from an access network. To further improve the results, a number of ongoing and future directions with SPID are discussed, such as optimization of the attribute meters and improving robustness against different network environments.

Traffic Classification

Internet Measurement

Traffic Analysis


Erik Hjelmvik

Wolfgang John

Chalmers, Data- och informationsteknik, Nätverk och system

Swedish National Computer Networking Workshop