Enhancements to Statistical Protocol IDentification (SPID) for Self-Organised QoS in LANs Christopher K¨ ohnen 1 , Christian ¨ Uberall 1 , Florian Adamsky 2 , Veselin Rakoˇ cevi´ c 1 , Muttukrishnan Rajarajan 1 , Rudolf J¨ ager 2 1 School of Engineering and Mathematical Sciences City University London Northampton Square, London EC1V 0HB, UK {Christopher.Koehnen.1, Christian.Ueberall.1, V.Rakocevic, R.Muttukrishnan}@city.ac.uk 2 Department for Information Technology, Electrical Engineering & Mechatronics University of Applied Sciences FH Giessen-Friedberg Wilhelm-Leuschner-Str. 13, D-61169 Friedberg Germany {Florian.Adamsky, Rudolf.Jaeger}@iem.fh-friedberg.de Abstract—Since most real-time audio and video applications lack of QoS support, QoS demand of such IP data streams shall be detected and applied automatically. To support QoS in LANs, especially in home environments, a system was developed which enables self-organised QoS for unmanaged networks through host implementations - in contrast to tradi- tional solutions, without network support. It supports per-link reservation and prioritisation and works without a need for application support. One part of this system is an automated traffic identification and classification system, which is subject of this paper. An efficient set of attribute meters, based on the Statistical Protocol IDentification (SPID), was investigated, enhanced and evaluated. We improved the performance, added support for UDP protocols and real-time identification. It was shown that using our implementation efficient near real-time protocol identification on per-flow basis is possible to support self-organised resource reservation. Keywords-Classification; Statistical Analysis; SPID; Packet Identification; QoS; I. I NTRODUCTION Today, multimedia services increase dramatically in home and private networks [1]. Television services over the net- work (IPTV) and voice over ip (VOIP) services have a demand for high bandwidth capacity and very strong quality of service (QoS) needs [2], [3]. To guarantee these, common QoS strategies like IntServ, using RSVP, or DiffServ have to be supported by the network. Since in most home or private networks low cost hardware is used, a support of these techniques cannot be assumed. Beside this, web video applications tunnel their streams using HTTP and are therefore not easily distinguishable from common Internet traffic. This results in less technology acceptance by users, since lacking QoS leads to a lower quality of experience (QoE) level [4]. Especially for IPTV providers the network plane inside the households is unpredictable, as providers only can influence the QoS level until the transfer point to the house. In addition to that is the network a shared medium, in contrast to the traditional TV cable, which leads to new challenges for a traditional service to achieve the accustomed QoE level. One approach to increase QoE in LANs is the QoSiLAN system [5]. It is based on several core technologies and works in three phases. In a first phase physical network discovery algorithms and QoS parameter tests run through, to generate a detailed map about the local network and its available resources. For this purpose, the Mircosoft LLTD protocol [6] was reimplemented extended to efficiently make use of its topology and QoS analysis functionality. In a second phase traffic monitoring, analysis and policing is performed. The research on this part is the subject of this paper. Finally network resources are reserved and prioritised for the monitored flow. Here signalling based on the NSIS protocol’s NSLP for QoS Signalling [7] framework is applied to coordinate QoS issues between the network hosts. In contrast to common QoS strategies QoSiLAN doesn’t depend on router or switch support to enable QoS, but makes use of it, if available. The central entity, which performed the mapping and monitoring advises all hosts in the network to shape and DSCP-mark their traffic according to its policies and advises. But only those traffic flows need to be shaped, whose data-paths affect physical links where current reservations apply. II. RELATED WORK A. Port-Based Identification The TCP/UDP-port-based packet identification is the sim- plest method to classify traffic. By using this method the port numbers of the packets are inspected and mapped to the IANA’s list of well-known ports. Moore et al. [8] showed