IPFW extension for traffic classification based on statistical
properties
Ivan Voras
ivoras at freebsd.org
Sat Dec 25 19:44:24 UTC 2010
On 24.12.2010 1:18, Sebastian Zander wrote:
> With DIFFUSE v0.1, IPFW computes statistics (such as packet lengths
> or inter-packet time intervals) for observed flows, and uses
> ML (machine learning) techniques to assign flows into classes.
> In addition to traditional packet inspection rules, IPFW rules
> may now also be expressed in terms of traffic statistics
> or classes identified by ML classification. This can be helpful
> when direct packet inspection is problematic (perhaps for administrative
> reasons, or because port numbers do not reliably identify classes of
> applications).
How successful (accurate) can something like this be?
For example, if there is torrent traffic on a network, it will
(probably) be a mixture of slow and fast connections which have
different latencies due to, among others, geographical distribution. If
you introduce e.g. web traffic on the one side and ssh sessions, IM
sessions and similar "interactive" traffic, do you have any results
showing you can correctly classify and prioritize the interactive
traffic (meaning ssh and IM, not bittorrent and web)?
(I'm not asking specifically for DIFFUSE but mostly about the general
approach).
More information about the freebsd-net
mailing list