KISS: Stocastic Packet Inspection for UDP Traffic Classification

This paper proposes KISS, a novel Internet classification engines. Motivated by the expected raise of UDP traffic, which stems from the momentum of P2P streaming applications, we propose a novel payload-based classification framework which leverages on statistical characterization of payload. Statistical signatures are automatically inferred from training data, by the means of a Chi-Square like test, which extracts the protocol “format”, but ignores the protocol semantic and synchronization rules. The signatures feed a decision engine based either on a simple geometric decision process, or on Support Vector Machines. KISS is very efficient, and its signatures are intrinsically robust to packet sampling, reordering, and flow asymmetry, so that is can be used on almost any network. KISS is tested in different scenarios, considering both data, VoIP, and traditional P2P Internet applications. Results are astonishing. The average True Positive percentage is 99.6%, with the worst case equal 98.7%. Less than 0.05% of False Positives are raised. But KISS is also proved to provide almost perfect results when facing new P2P streaming applications, such as Joost, PPLive, SopCast and TVants.