Online P2P Internet Traffic Classification and Mitigation Based on Snort and ML


  •   Haitham Ahmed Jamil

  •   Bushra M. Ali

  •   Mosab Hamdan

  •   Ahmed E. Osman


Peer to peer applications have modified the nature of internet traffic.   It will consume high internet bandwidth and affect the performance of traditional traffic internet applications.   Therefore, the management and monitoring activity of internet traffic is the important activities involved in the optimization.   In order to detect and mitigate the P2P traffic, port, payload, and transport layer based methods were developed in the past.  Nevertheless, the performances of these methods were not up to the expectation.  Machine Learning (ML) is one of the promising methods to identify and mitigate the traffic of the Internet.   However, the classification accuracy is inconsistent.   The reason for the inconsistency is the relevant training datasets generation and feature selection.   In this research, a technique based on signature-based and ML is proposed to develop a model for online P2P traffic detection and mitigation.   The proposed work can be employed to evaluate the robustness of the online P2P machine learning classifier based on real network traffic traces containing flows labelled by SNORT tool and from special shared resources.  Analysis and validation were carried out on traffic traces of University Technology Malaysia.   The period of traffic was 2011 and 2013.   The output of research is revealing that the proposed work has spent less computation time for classification.  This method gives 99.7% accuracy which equals the classification performance attained for P2P using deep packet inspector. The findings show that classifying network traffic at the flow level can differentiate P2P over non-P2P (nP2P) with high confidence for online P2P mitigation.

Keywords: P2P Traffic Flow, Traffic Classification and Mitigation, SNORT, Machine Learning


Jamil, H.A. and B. M Ali, Classifying Internet Traffic Using an Efficient Classifier. International Journal of Recent Technology and Engineering (IJRTE), 2019. 8(3).

Jamil, H.A., Feature Selection and Machine Learning Classification for Live P2P Traffic. IJEOM, 2019.

Abdalla, B.M.A., et al. Multi-stage Feature Selection for On-Line Flow Peer-to-Peer Traffic Identification. in Asian Simulation Conference. 2017. Springer.

Jamil, H.A., A. Abdalla, and B. M K, Improving P2P Network Traffic Classification with ML multi-classifiers. International Journal of P2P Network Trends and Technology (IJPTT), 2014. 4(2).

Ibrahim, H.A.H., S.M. Nor, and H.A. Jamil. Online hybrid internet traffic classification algorithm based on signature statistical and port methods to identify internet applications. in 2013 IEEE International Conference on Control System, Computing and Engineering. 2013. IEEE.

Jamil, H.A., Detection and Mitigation Framework of Peer-to-Peer Traffic in Campus Networks. International Review on Computers and Software (I.RE.CO.S.), 2013. 8(8).

O. Mula-Valls, "A practical retraining mechanism for network traffic classification in operational environments," Master Thesis in Computer Architecture, Networks and Systems, Universitat Politecnica de Catalunya, 2011.

M. M. Hassan and M. Marsono, "A three-class heuristics technique: Generating training corpus for Peer-to-Peer traffic classification," in Internet Multimedia Services Architecture and Application (IMSAA), 2010 IEEE 4th International Conference on, 2010, pp. 1-5.

H. Lu and C. Wu, "Identification of P2P traffic in campus network," 2010, pp. V1-21-V1-23.

A. Moore and K. Papagiannaki, "Toward the accurate identification of network applications," Passive and Active Network Measurement, pp. 41-54, 2005.

A. W. Moore and D. Zuev, "Internet traffic classification using bayesian analysis techniques," 2005, pp. 50-60.

J. Erman, A. Mahanti, M. Arlitt, I. Cohen, and C. Williamson, "Offline/realtime traffic classification using semi-supervised learning," Performance Evaluation, vol. 64, pp. 1194-1213, 2007.

L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian, "Traffic classification on the fly," ACM SIGCOMM Computer Communication Review, vol. 36, pp. 23-26, 2006.

J. Erman, M. Arlitt, and A. Mahanti, "Traffic classification using clustering algorithms," in ACM SIGCOMM 2006 - Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, September 11, 2006 - September 15, 2006, Pisa, Italy, 2006, pp. 281-286.

N. Williams, S. Zander, and G. Armitage, "A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification," ACM SIGCOMM Computer Communication Review, vol. 36, pp. 5-16, 2006.

T. Auld, A. W. Moore, and S. F. Gull, "Bayesian neural networks for internet traffic classification," Neural Networks, IEEE Transactions on, vol. 18, pp. 223-239, 2007.

Y. Ma, Z. Qian, G. Shou, and Y. Hu, "Study of information network traffic identification based on C4. 5 algorithm," 2008, pp. 1-5.

Y. Luo, "Survey on P2P traffic managements," vol. 145 AISC, ed. Bali, 2012, pp. 191-196.

K. Salah and A. Kahtani, "Performance evaluation comparison of Snort NIDS under Linux and Windows Server," Journal of Network and Computer Applications, vol. 33, pp. 6-15, Jan 2010.

K. Salah and F. Haidari, "Performance evaluation and comparison of four network packet rate estimators," Aeu-International Journal of Electronics and Communications, vol. 64, pp. 1015-1023, 2010.

D. A. Carvalho, M. Pereira, and M. M. Freire, "Towards the Detection of Encrypted BitTorrent Traffic through Deep Packet Inspection," in Security Technology, ed: Springer, 2009, pp. 265-272.

(2012). Emergingthreats (ET) Rules. Available:

J.-j. Zhao, X.-h. Huang, Q. Sun, and Y. Ma, "Real-time feature selection in traffic classification," The Journal of China Universities of Posts and Telecommunications, vol. 15, Supplement, pp. 68-72, 2008.

H. A. Jamil, R. Zarei, N. O. Fadlelssied, M. Aliyu, S. M. Nor, and M. N. Marsono, "Analysis of features selection for P2P traffic detection using support vector machine," in Information and Communication Technology (ICoICT), 2013 International Conference of, 2013, pp. 116-121.

A. W. Moore, D. Zuev, and M. Crogan, "Discriminators for use in flow-based classification," Technical report, Intel Research, Cambridge2005.

(2012). Support vector machines (SVM). Available:

R. Wang, Y. Liu, Y. Yang, and H. Wang, "A new method for P2P traffic identification based on support vector machine," Artificial Intelligence Markup Language. Egypt: IEEE Computer Society, pp. 58-63, 2006.

A. Nogueira, P. Salvador, A. Couto, and R. Valadas, "Towards the On-line Identification of Peer-to-peer Flow Patterns," Journal of Networks, vol. 4, 2009.

(2012). Peer-to-Peer rules for snort. Available:

(2012). SOURCEfire. Available:

(2013). SANS detecting-torrents-snort. Available:

(2012). Snort community-rules. Available:

H. A. Jamil, A. M, A. Hamza, S. M. Nor, and M. N. Marsono, "Selection of online Features for Peer-to-Peer Network Traffic Classification," in Recent Advances in Intelligent Informatics. vol. 235, ed: Springer International Publishing, 2014, pp. 379-390.

(2010). Wireshark. Available:

SNORT Network Intrusion Detection System. Available:

(2013, 10 April 2013). The Cooperative Association for Internet Data Analysis. Available:

(19 Nov). Università Brescia data sets. Available:

(18 nov 2012). Cambridge data sets. Available:

H. L. Zhang, G. Lu, M. T. Qassrawi, Y. Zhang, and X. Z. Yu, "Feature selection for optimizing traffic classification," Computer Communications, vol. 35, pp. 1457-1471, Jul 1 2012.


Download data is not yet available.


How to Cite
Jamil, H., Ali, B., Hamdan, M. and Osman, A. 2019. Online P2P Internet Traffic Classification and Mitigation Based on Snort and ML. European Journal of Engineering Research and Science. 4, 10 (Oct. 2019), 131-137. DOI: