IPFW extension for traffic classification based on statistical properties

Eugene Grosbein egrosbein at rdtc.ru
Fri Dec 24 05:22:33 UTC 2010 

On 24.12.2010 06:18, Sebastian Zander wrote:
> Hi all,
> 
> We believe this may be of some interest to list members, and
> apologise in advance for any duplicates you may receive.
> 
> We are pleased to announce DIFFUSE v0.1, our first release of a
> system enabling FreeBSD's IPFW firewall subsystem to classify IP
> traffic based on statistical traffic properties.
> 
> With DIFFUSE v0.1, IPFW computes statistics (such as packet lengths
> or inter-packet time intervals) for observed flows, and uses
> ML (machine learning) techniques to assign flows into classes.
> In addition to traditional packet inspection rules, IPFW rules
> may now also be expressed in terms of traffic statistics
> or classes identified by ML classification. This can be helpful
> when direct packet inspection is problematic (perhaps for administrative
> reasons, or because port numbers do not reliably identify classes of
> applications).
> 
> DIFFUSE also enables one instance of IPFW to send flow information
> and classes to other IPFW instances, which then can act on such
> traffic (e.g. prioritise, accept, deny, etc) according to its class.
> This allows for distributed architectures, where classification at
> one location in your network is used to control fire-walling or
> rate-shaping actions at other locations.
> 
> DIFFUSE v0.1 contains an example classifier model for identifying
> real-time first person shooter game traffic. In the next release we
> will include a classifier model to detect Skype traffic.
> 
> The project site (http://caia.swin.edu.au/urp/diffuse) contains a more
> comprehensive introduction, including  application examples, links to
> related work and documentation describing the design of our software.
> 
> DIFFUSE v0.1 is a set of patches for FreeBSD-CURRENT, and can be 
> obtained directly from
> http://caia.swin.edu.au/urp/diffuse/downloads.html
> 
> The software was developed as part of the DIFFUSE research project at
> Swinburne University's Centre for Advanced Internet Architectures. The
> project has been made possible in part by a grant from the Cisco
> University Research Program Fund at Community Foundation Silicon Valley.
> 
> We welcome your feedback and hope you enjoy playing with the code and
> tools.
> 
> Cheers,
> 
> Sebastian Zander and Grenville Armitage
> 
> http://caia.swin.edu.au

It would be nice to provide patches for RELENG_8 to get broader testing.

Eugene Grosbein

More information about the freebsd-net mailing list