Traffic analysis based on IP packet size

Tomasz Bilski


The paper discusses traffic analysis/classification problem. First part deals with some problems and limitations of analysis with a use of port numbers. Main part of the paper presents a concept of packet size based traffic classification. Exemplary application is provided in the last part of the paper.


data security; firewall; IDS; IP packet

Full Text:

PDF (Polski)


Bace R. G.: Intrusion Detection. Macmillan Technical Publishing, Indianapolis, 2000.

Huang N.-F., Jai G.-Y., Chao H.-C.: A high accurate machine-learning algorithm for identifying application traffic in early stage, [w:] Proceedings of the IEEE ICC, 2008.

Joyce S.: Traffic on the Internet - Report,, 2000.

McGregor A., Hall M., Lorier P., Brunskill J.: Flow clustering using machine learning techniques. W: Proceedings of the fifth passive and active measurement workshop (PAM 2004). March 2004.

Moore A., Zuev D.: Internet traffic classification using Bayesian analysis techniques, [w:] Proceedings of ACM international conference on measurement and modeling of computer systems (SIGMETERICS), 2005.

Ying-Dar L. i inni: Application classification using packet size distribution and port association, Journal of Network and Computer Applications, Vol. 32, Issue 5, September 2009, s. 1023-1030.