A Sampling Methodology for DPI Classifiers

In this paper we provide a general methodology for customizing sampling schemes used with DPI (Deep Packet inspection) based traffic classifiers. Sampling is supposed to optimize DPI classification by reducing the disclosed payload size for inspection and the associated computational overhead while providing better protection of the users' privacy. As a real case scenario, we choose a real traffic dataset captured on a campus network link on which we conduct a series of classification experiments joint with sampling using OpenDPI, as the DPI tool of choice. First, we attempt to statistically localize payload sections within a flow stream where application signatures are mostly matched by OpenDPI. Then, we specify the minimum required payload to be disclosed for inspection, on a per protocol basis. Finally, we recommend a methodology for generalizing one DPI sampling scheme.