Towards Context-Based Flow Classification Roel Ocampo 1,2 1 Department of Electrical and Electronics Engineering, University of the Philippines Alex Galis Chris Todd 2 Department of Electronic and Electrical Engineering, University College London Hermann De Meer Faculty of Mathematics and Computer Science, University of Passau Abstract An essential functionality for context-aware networks would be the ability to classify traffic into logical flows and to determine the characteristics of these flows, for various purposes such as QoS provisioning, traffic limiting and shaping, security filtering and access control, policy-based routing, adaptation, service triggering, and long-term network monitoring and management. In this paper we explore a multi-dimensional scheme of classifying flows based on both their intrinsic characteristics and on some relevant external factors, that is, we classify flows based on their context. We demonstrate the use of ontologies to formally model flow context for software design purposes and as a vocabulary for runtime context exchange and processing, and describe the implementation of a system that demonstrates context- based flow classification. 1. Introduction An essential functionality for context-aware networks would be the ability to classify the data units they transport into logical flows and to determine the characteristics of these flows, for various purposes such as QoS provisioning, traffic limiting and shaping, security filtering and access control, policy-based routing, adaptation, service triggering, and long-term network monitoring and management. The traditional process of flow classification involves mapping sequences of packets into sets, based on some criteria, and then aggregating or inferring further information about the set through its examination over time. While several techniques for traffic classification exist, such as by examining packet headers, the packet sequence's content [1,2] or its statistical properties [3- 6], most schemes use these techniques separately rather than in joint, coordinated and synergistic fashion. It would be good to have a framework that integrates and combines the strengths of these different schemes and allows knowledge gained from one to be taken into account with the others simultaneously and cooperatively. Additionally, existing classification schemes typically rely only on information that may be directly sensed within the flow itself, such as within individual packet headers, the payload, or by observing sequences of packets and payloads. However, relying on the limited amount of information that can be gained from within the flow itself can lead to insufficient dimensionality in classifying them [7]. Currently, it is not possible to consider and classify flows comprehensively in terms of their wider context, simultaneously considering parameters that are internal and external to the flow itself such as: • What kind of application generated the flow? • What are the characteristics of the device that will be consuming the flow? • What are the activities of the user who generated the flow? • What kind of links did the flow traverse? In this paper we explore a multi-dimensional scheme of classifying flows based on both their intrinsic characteristics and on some external factors that are relevant to their situation, that is, we classify flows based on flow context. In Section 2 we provide an overview of the flow concept and offer a broad working definition. We then introduce a concept called flow context and explain how it is potentially useful in multi-dimensional flow classification. In order to translate the idea of classifying flows based on context into real and practical implementations, we need formal, and if possible, standardized ways of defining flows, their context, and their different classifications and properties. In Section 3 we introduce an ontology that can serve not only as a basis for the common understanding of flow context and context-based flow classification among humans, but also as a formal representation scheme that can be 0-7695-2653-5/06/$20.00 (c) 2006 IEEE