Abstract
In recent years a growing number of researchers investigated the performance of machine learning based traffic classification using statistical properties – classification techniques that do not require packet payload inspection. Such techniques assist Internet Service Providers to work within any legal or technical limitations on direct payload inspection. Potential new applications include automated ‘market research’, automated traffic prioritisation, and Lawful Interception. For many of these new applications a de-coupling between the flow classification and subsequent flow treatment, such as blocking or shaping, is highly desirable. In the DIFFUSE project we are developing extensions for an existing packet filter that provide ML-based traffic classification based on statistical properties and de-couple flow classification from flow treatment. This report describes the selection of the existing packet filter extended, the design of the overall architecture and key components, as well as the machine learning techniques supported.