[AusNOG] DIFFUSE v0.1: IPFW traffic classification using statistical properties
grenville armitage
garmitage at swin.edu.au
Mon Jan 17 09:13:56 EST 2011
Hi Ausnog,
We believe this may be of some interest to list members, and
apologise in advance for any duplicates you may receive.
We are pleased to announce DIFFUSE v0.1, our first release of a
system enabling FreeBSD's IPFW firewall subsystem to classify IP
traffic based on statistical traffic properties. Note that this
is research work-in-progress code so the usual caveats apply (may
burst into flames if looked at sideways, will not cook your eggs
just the way you like them, etc).
With DIFFUSE v0.1, IPFW computes statistics (such as packet lengths
or inter-packet time intervals) for observed flows, and uses
ML (machine learning) techniques to assign flows into classes.
In addition to traditional packet inspection rules, IPFW rules
may now also be expressed in terms of traffic statistics
or classes identified by ML classification. This can be helpful
when direct packet inspection is problematic (perhaps for administrative
reasons, or because port numbers do not reliably identify classes of
applications).
DIFFUSE also enables one instance of IPFW to send flow information
and classes to other IPFW instances, which then can act on such
traffic (e.g. prioritise, accept, deny, etc) according to its class.
This allows for distributed architectures, where classification at
one location in your network is used to control fire-walling or
rate-shaping actions at other locations.
DIFFUSE v0.1 contains an example classifier model for identifying
real-time first person shooter game traffic. In the next release we
will include a classifier model to detect Skype traffic.
The project site (http://caia.swin.edu.au/urp/diffuse) contains a more
comprehensive introduction, including application examples, links to
related work and documentation describing the design of our software.
DIFFUSE v0.1 is a set of patches for FreeBSD-CURRENT, and can be obtained
directly from http://caia.swin.edu.au/urp/diffuse/downloads.html
The software was developed as part of the DIFFUSE research project at
Swinburne University's Centre for Advanced Internet Architectures. The
project has been made possible in part by a grant from the Cisco
University Research Program Fund at Community Foundation Silicon Valley.
We welcome your feedback and hope you enjoy playing with the code and
tools.
Cheers,
Sebastian Zander and Grenville Armitage
--
Professor Grenville Armitage
Head, Telecommunications Engineering Academic Group
Director, Centre for Advanced Internet Architectures
Faculty of Information and Communication Technologies
Swinburne University of Technology, Australia
http://caia.swin.edu.au
More information about the AusNOG
mailing list