A Sketch Framework for Fast, Accurate and Fine-Grained Analysis of Application Traffic

Abstract

Abstract Nowadays, with the continuous increase in internet traffic, the demand for real-time and high-speed traffic analysis has grown significantly. However, existing traffic analysis technologies are either limited by specific applications or data, unable to expand for widespread implementation, or in offline mode are unable to keep up with dynamic adjustments required in certain network management scenarios. A promising approach is to utilize sketch technology to enhance real-time traffic analysis. Unfortunately, existing technologies suffer from defects, such as overly coarse-grained statistics that cannot perform precise application-level traffic analysis, and irreversibility, which cannot support real-time queries in a friendly way. To achieve real-time fine-grained application traffic analysis in general scenarios, we propose AppSketch, a real-time network traffic measurement tool. AppSketch adopts a one-pass approach to classify and label the application information of each packet in the network flows. It then hashes the flow, identified with the application tag, into a carefully designed multiple-key sketch, for gathering application-specific statistics. We conducted extensive experiments using a real-world network traffic dataset collected on a university campus. The results showed that AppSketch achieved high accuracy while requiring less update time than other alternatives. Moreover, AppSketch occupies limited memory ($ {\leq }$64KB), making it suitable for online network devices.