Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization
Authors: Anatoly Shusterman , Chen Finkelstein , Ofir Gruner , Yarin Shani , Yossi Oren
Venue: Elsevier Computer Networks Volume 200, December 2021
Abstract
It is important for network operators to carry out traffic and application characterization to gain insights into the activity of their networks. Several studies proposed methods that extract features from network traffic to characterize it, or to classify the application that produced it, based on a “man in the middle” network interception point that can analyze the entire network traffic of an organization. This network topology, however, is increasingly becoming irrelevant, due to mobile and remote traffic joining the corporate network by passing through VPN channels or relay networks.
In this work we propose an edge-oriented lightweight traffic characterization method, based on measuring contention on the last-level CPU cache. In contrast to previous traffic characterization methods, which track network traffic from a central location, our method performs measurements directly on user machines, using an unprivileged JavaScript-based webpage. Our evaluation shows that the accuracy of our cache-based method is equivalent to that of network-based methods, both over VPN and over non-VPN networks.
Draft version
Artifact Repository