DNS-Class: immediate classification of IP flows using DNS

In the last years, we have witnessed a tremendous growth of the Internet, especially in terms of the amount of data being transmitted through the networks and new protocols being implemented. This poses a challenge for network administrators, who need adequate traffic classification tools for network management, e.g. to implement Quality of Service (QoS) requirements. In this paper, we employ real traffic traces to assess the usefulness of Domain Name System (DNS) information for traffic classification. We show that by inspecting DNS packets, it is possible to immediately classify a highly significant portion of the traffic. We present DNS-Class: an innovative, fast, and reliable flow-based classifier that on average yields 99.2% of True Positives with <0.1% of False Positives. We argue that DNS-Class represents an important development in the field of traffic classification, and that it can be a major element of a modular traffic classification system. Copyright c © 0000 John Wiley & Sons, Ltd.