{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:39:06Z","timestamp":1771699146390,"version":"3.50.1"},"reference-count":64,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2020,12,20]],"date-time":"2020-12-20T00:00:00Z","timestamp":1608422400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006261","name":"Taif University","doi-asserted-by":"publisher","award":["TURSP-2020\/10"],"award-info":[{"award-number":["TURSP-2020\/10"]}],"id":[{"id":"10.13039\/501100006261","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Peer-to-peer (P2P) applications have been popular among users for more than a decade. They consume a lot of network bandwidth, due to the fact that network administrators face several issues such as congestion, security, managing resources, etc. Hence, its accurate classification will allow them to maintain a Quality of Service for various applications. Conventional classification techniques, i.e., port-based and payload-based techniques alone, have proved ineffective in accurately classifying P2P traffic as they possess significant limitations. As new P2P applications keep emerging and existing applications change their communication patterns, a single classification approach may not be sufficient to classify P2P traffic with high accuracy. Therefore, a multi-level P2P traffic classification technique is proposed in this paper, which utilizes the benefits of both heuristic and statistical-based techniques. By analyzing the behavior of various P2P applications, some heuristic rules have been proposed to classify P2P traffic. The traffic which remains unclassified as P2P undergoes further analysis, where statistical-features of traffic are used with the C4.5 decision tree for P2P classification. The proposed technique classifies P2P traffic with high accuracy (i.e., 98.30%), works with both TCP and UDP traffic, and is not affected even if the traffic is encrypted.<\/jats:p>","DOI":"10.3390\/sym12122117","type":"journal-article","created":{"date-parts":[[2020,12,21]],"date-time":"2020-12-21T04:12:01Z","timestamp":1608523921000},"page":"2117","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":52,"title":["Multi-Level P2P Traffic Classification Using Heuristic and Statistical-Based Techniques: A Hybrid Approach"],"prefix":"10.3390","volume":"12","author":[{"given":"Max","family":"Bhatia","sequence":"first","affiliation":[{"name":"Department of Computer Science Engineering, Lovely Professional University, Punjab 144001, India"}]},{"given":"Vikrant","family":"Sharma","sequence":"additional","affiliation":[{"name":"Department of Computer Science Engineering, Lovely Professional University, Punjab 144001, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0750-6309","authenticated-orcid":false,"given":"Parminder","family":"Singh","sequence":"additional","affiliation":[{"name":"Department of Computer Science Engineering, Lovely Professional University, Punjab 144001, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6019-7245","authenticated-orcid":false,"given":"Mehedi","family":"Masud","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia"}]}],"member":"1968","published-online":{"date-parts":[[2020,12,20]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"6417","DOI":"10.1016\/j.eswa.2010.09.114","article-title":"Genetic-based minimum classification error mapping for accurate identifying Peer-to-Peer applications in the internet traffic","volume":"38","author":"Mohammadi","year":"2011","journal-title":"Expert Syst. Appl."},{"key":"ref_2","first-page":"137","article-title":"Analyzing peer-to-peer traffic across large networks","volume":"12","author":"Sen","year":"2002","journal-title":"ACM J."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Dai, L., Yang, J., and Lin, L. (2010, January 24\u201326). A comprehensive system for P2P classification. Proceedings of the 2010 2nd IEEE International Conference on Network Infrastructure and Digital Content, Beijing, China.","DOI":"10.1109\/ICNIDC.2010.5657830"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Chu, H., Yi, H., and Zhang, X. (2011, January 27\u201329). A new P2P traffic identification methodology based on flow statistics. Proceedings of the 2011 IEEE 3rd International Conference on Communication Software and Networks, Xi\u2019an, China.","DOI":"10.1109\/ICCSN.2011.6014440"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1055","DOI":"10.1016\/j.comnet.2009.10.009","article-title":"A novel self-learning architecture for p2p traffic classification in high speed networks","volume":"54","author":"Keralapura","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Gomes, J.V., In\u00e1cio, P.R.M., Pereira, M., and Freire, M. (2013). Detection and classification of peer-to-peer traffic: A survey. ACM Comput. Surv., 45.","DOI":"10.1145\/2480741.2480747"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1182","DOI":"10.1007\/s12083-016-0471-2","article-title":"Identifying P2P traffic: A survey","volume":"10","author":"Bhatia","year":"2016","journal-title":"Peer-to-Peer Netw. Appl."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1145\/1090191.1080119","article-title":"BLINC: Multilevel traffic classification in the dark","volume":"35","author":"Karagiannis","year":"2005","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_9","first-page":"1745","article-title":"In-the-dark network traffic classification using support vector machines","volume":"3","author":"Turkett","year":"2008","journal-title":"AAAI"},{"key":"ref_10","unstructured":"(2020, February 10). Global Internet Phenomena, Sandvine. Available online: https:\/\/www.sandvine.com\/phenomena."},{"key":"ref_11","unstructured":"(2020, September 21). Controlling P2P Traffic. Available online: https:\/\/www.lightreading.com\/controlling-p2p-traffic\/d\/d-id\/598203&page_number=2."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Reddy, J.M., and Hota, C. (2015, January 20\u201321). Heuristic-Based Real-Time P2P Traffic Identification. Proceedings of the 2015 International Conference on Emerging Information Technology and Engineering Solutions, Pune, India.","DOI":"10.1109\/EITES.2015.16"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Bozdogan, C., Gokcen, Y., and Zincir, I. (2015, January 11\u201315). A Preliminary Investigation on the Identification of Peer to Peer Network Applications. Proceedings of the Companion Publication of the 2015 on Genetic and Evolutionary Computation Conference\u2014GECCO Companion \u201915, Madrid, Spain.","DOI":"10.1145\/2739482.2768432"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Tseng, C.-M., Huang, G.-T., and Liu, T.-J. (2016, January 13\u201315). P2P traffic classification using clustering technology. Proceedings of the 2016 IEEE\/SICE International Symposium on System Integration (SII), Sapporo, Japan.","DOI":"10.1109\/SII.2016.7843994"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Chuan, L., Wang, C., Jixiong, H., and Ye, Z. (2017, January 22\u201325). Peer to peer traffic identification using support vector machine and bat-inspired optimization algorithm. Proceedings of the 2017 12th International Conference on Computer Science and Education (ICCSE), Houston, TX, USA.","DOI":"10.1109\/ICCSE.2017.8085541"},{"key":"ref_16","unstructured":"Ali, B.M., Jamil, H.A., Hamdan, M., Bassi, J.S., Ismail, I., and Marsono, M.N. (2017, January 27\u201329). Multi-stage feature selection for on-line flow peer-to-peer traffic identification. Proceedings of the Asian Simulation Conference, Melaka, Malaysia."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"131","DOI":"10.24018\/ejers.2019.4.10.1534","article-title":"Online P2P Internet Traffic Classification and Mitigation Based on Snort and ML","volume":"4","author":"Jamil","year":"2019","journal-title":"Eur. J. Eng. Res. Sci."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Nazari, Z., Noferesti, M., and Jalili, R. (2019, January 19\u201321). DSCA: An inline and adaptive application identification approach in encrypted network traffic. Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, Kuala Lumpur, Malaysia.","DOI":"10.1145\/3309074.3309102"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Ye, W., and Cho, K. (2013, January 3\u20135). Two-Step P2P Traffic Classification with Connection Heuristics. Proceedings of the 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Taichung, Taiwan.","DOI":"10.1109\/IMIS.2013.31"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1815","DOI":"10.1007\/s00500-014-1253-5","article-title":"Hybrid P2P traffic classification with heuristic rules and machine learning","volume":"18","author":"Ye","year":"2014","journal-title":"Soft Comput."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1315","DOI":"10.1007\/s00500-015-1863-6","article-title":"P2P and P2P botnet traffic classification in two stages","volume":"21","author":"Ye","year":"2015","journal-title":"Soft Comput."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Khan, R.U., Kumar, R., Alazab, M., and Zhang, X. (2019, January 8\u20139). A Hybrid Technique To Detect Botnets, Based on P2P Traffic Similarity. Proceedings of the 2019 Cybersecurity and Cyberforensics Conference (CCC), Melbourne, Australia.","DOI":"10.1109\/CCC.2019.00008"},{"key":"ref_23","unstructured":"(2020, July 11). Service Name and Transport Protocol Port Number Registry. Available online: https:\/\/www.iana.org\/assignments\/service-names-port-numbers\/service-names-port-numbers.xhtml."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Roughan, M., Sen, S., Spatscheck, O., and Duffield, N. (2004, January 25\u201327). Class of service mapping for QoS: A statistical signature-based approach to IP traffic classification. Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, Taormina Sicily, Italy.","DOI":"10.1145\/1028788.1028805"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Zuev, D., and Moore, A.W. (2005). Traffic classification using a statistical approach. International Workshop on Passive and Active Network Measurement, Springer.","DOI":"10.1007\/978-3-540-31966-5_25"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Moore, A.W., and Papagiannaki, K. (2005). Toward the accurate identification of network applications. International Workshop on Passive and Active Network Measurement, Springer.","DOI":"10.1007\/978-3-540-31966-5_4"},{"key":"ref_27","unstructured":"Karagiannis, T., Broido, A., Brownlee, N., Claffy, K.C., and Faloutsos, M. (December, January 29). Is p2p dying or just hiding? [p2p traffic measurement]. Proceedings of the IEEE Global Telecommunications Conference, Dallas, TX, USA."},{"key":"ref_28","unstructured":"Madhukar, A., and Williamson, C. (2006, January 11\u201314). A longitudinal study of P2P traffic classification. Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation, Monterey, CA, USA."},{"key":"ref_29","unstructured":"Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., and Faloutsos, M. (2003). File-Sharing in the Internet: A Characterization of P2P Traffic in the Backbone, University of California."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"733","DOI":"10.1007\/s12083-014-0281-3","article-title":"Active learning for P2P traffic identification","volume":"8","author":"Liu","year":"2015","journal-title":"Peer-to-Peer Netw. Appl."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Gomes, J.V.P., In\u00e1cio, P.R.M., Freire, M.M., Pereira, M., and Monteiro, P.P. (2008, January 7\u20139). Analysis of Peer-to-Peer Traffic Using a Behavioural Method Based on Entropy. Proceedings of the 2008 IEEE International Performance, Computing and Communications Conference, Austin, TX, USA.","DOI":"10.1109\/PCCC.2008.4745138"},{"key":"ref_32","first-page":"36","article-title":"Identification and Analysis of Peer-to-Peer Traffic","volume":"1","author":"Dang","year":"2006","journal-title":"J. Commun."},{"key":"ref_33","first-page":"64","article-title":"P2P Traffic Identification Based on Host and Flow Behaviour Characteristics","volume":"13","author":"Yan","year":"2013","journal-title":"Cybern. Inf. Technol."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Wang, D., Zhang, L., Yuan, Z., Xue, Y., and Dong, Y. (2014, January 3\u20136). Characterizing Application Behaviors for classifying P2P traffic. Proceedings of the 2014 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA.","DOI":"10.1109\/ICCNC.2014.6785298"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Zhang, Q., Ma, Y., Zhang, P., Wang, J., and Li, X. (2014, January 18\u201320). Netflow based P2P detection in UDP traffic. Proceedings of the Fifth International Conference on Intelligent Control and Information Processing, Dalian, China.","DOI":"10.1109\/ICICIP.2014.7010349"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1016\/S1005-8885(10)60069-6","article-title":"Research of the traffic characteristics for the real time online traffic classification","volume":"18","author":"Sun","year":"2011","journal-title":"J. China Univ. Posts Telecommun."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Gong, J., Wang, W., Wang, P., and Sun, Z. (2014, January 7\u201310). P2P traffic identification method based on an improvement incremental SVM learning algorithm. Proceedings of the 2014 International Symposium on Wireless Personal Multimedia Communications (WPMC), Sydney, NSW, Australia.","DOI":"10.1109\/WPMC.2014.7014812"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Deng, S., Luo, J., Liu, Y., Wang, X., and Yang, J. (2014, January 19\u201321). Ensemble learning model for P2P traffic identification. Proceedings of the 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), Xiamen, China.","DOI":"10.1109\/FSKD.2014.6980874"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"424","DOI":"10.1007\/s12083-015-0350-2","article-title":"CUFTI: Methods for core users finding and traffic identification in P2P systems","volume":"9","author":"Qin","year":"2015","journal-title":"Peer-to-Peer Netw. Appl."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"391","DOI":"10.1631\/FITEE.1400267","article-title":"Fine-grained P2P traffic classification by simply counting flows","volume":"16","author":"He","year":"2015","journal-title":"Front. Inf. Technol. Electron. Eng."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1016\/j.measurement.2016.10.001","article-title":"A new approach for internet traffic classification: GA-WK-ELM","volume":"95","author":"Ertam","year":"2017","journal-title":"Measurement"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"920","DOI":"10.1016\/j.compeleceng.2018.03.005","article-title":"Network traffic classification based on transfer learning","volume":"69","author":"Sun","year":"2018","journal-title":"Comput. Electr. Eng."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Lim, H.-K., Kim, J.-B., Heo, J.-S., Kim, K., Hong, Y.-G., and Han, Y.-H. (2019, January 11\u201313). Packet-based network traffic classification using deep learning. Proceedings of the 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), Okinawa, Japan.","DOI":"10.1109\/ICAIIC.2019.8669045"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1007\/s11042-013-1760-x","article-title":"Methodology and implementation for tracking the file sharers using BitTorrent","volume":"74","author":"Park","year":"2013","journal-title":"Multimedia Tools Appl."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Cruz, M., Ocampo, R., Montes, I., and Atienza, R. (2017, January 19\u201322). Fingerprinting BitTorrent Traffic in Encrypted Tunnels Using Recurrent Deep Learning. Proceedings of the 2017 Fifth International Symposium on Computing and Networking (CANDAR), Aomori, Japan.","DOI":"10.1109\/CANDAR.2017.74"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Jiang, Q., Hu, H., and Hu, G. (2016, January 27\u201327). Real-Time Identification of Users under the New Structure of Skype. Proceedings of the 2016 IEEE International Conference on Sensing, Communication and Networking (SECON Workshops), London, UK.","DOI":"10.1109\/SECONW.2016.7746809"},{"key":"ref_47","first-page":"117","article-title":"A joint port and statistical analysis based technique to detect encrypted VoIP traffic","volume":"14","author":"Munir","year":"2016","journal-title":"Int. J. Comput. Sci. Inf. Secur."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Lee, S.-H., Goo, Y.-H., Park, J.-T., Ji, S.-H., and Kim, M.-S. (2017, January 27\u201329). Sky-Scope: Skype application traffic identification system. Proceedings of the 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS), Seoul, Korea.","DOI":"10.1109\/APNOMS.2017.8094123"},{"key":"ref_49","first-page":"85","article-title":"Improving SIEM capabilities through an enhanced probe for encrypted Skype traffic detection","volume":"38","year":"2018","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"888","DOI":"10.3906\/elk-1501-126","article-title":"An effective empirical approach to VoIP traffic classification","volume":"25","author":"Saqib","year":"2017","journal-title":"Turk. J. Electr. Eng. Comput. Sci."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Wang, R., Zhang, J., Zhang, Y., Yin, M., and Xu, J. (2019, January 10\u201312). A Real-Time Identification System for VoIP Traffic in Large-Scale Networks. Proceedings of the 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC\/SmartCity\/DSS), Zhangjiajie, China.","DOI":"10.1109\/HPCC\/SmartCity\/DSS.2019.00098"},{"key":"ref_52","first-page":"101","article-title":"Hybrid internet traffic classification technique","volume":"26","author":"Li","year":"2009","journal-title":"J. Electron."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"685","DOI":"10.1016\/j.asoc.2008.09.010","article-title":"Online hybrid traffic classifier for Peer-to-Peer systems based on network processors","volume":"9","author":"Chen","year":"2009","journal-title":"Appl. Soft Comput."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Nair, L.M., and Sajeev, G.P. (2015, January 27\u201329). Internet Traffic Classification by Aggregating Correlated Decision Tree Classifier. Proceedings of the 2015 Seventh International Conference on Computational Intelligence, Modelling and Simulation (CIMSim), Kuantan, Malaysia.","DOI":"10.1109\/CIMSim.2015.15"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Sajeev, G.P., and Nair, L.M. (2016, January 21\u201324). LASER: A novel hybrid peer to peer network traffic classification technique. Proceedings of the 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Jaipur, India.","DOI":"10.1109\/ICACCI.2016.7732238"},{"key":"ref_56","unstructured":"(2020, August 10). jNetPcap. Available online: https:\/\/sourceforge.net\/projects\/jnetpcap\/."},{"key":"ref_57","unstructured":"(2020, August 10). Weka. Available online: https:\/\/www.cs.waikato.ac.nz\/ml\/weka."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1002\/nem.1901","article-title":"A survey of methods for encrypted traffic classification and analysis","volume":"25","author":"Velan","year":"2015","journal-title":"Int. J. Netw. Manag."},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Karagiannis, T., Broido, A., Faloutsos, M., and Claffy, K. (2004, January 25\u201327). Transport layer identification of P2P traffic. Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, Taormina Sicily, Italy.","DOI":"10.1145\/1028788.1028804"},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"260","DOI":"10.1016\/j.comnet.2011.09.007","article-title":"Session level flow classification by packet size distribution and session grouping","volume":"56","author":"Lu","year":"2012","journal-title":"Comput. Netw."},{"key":"ref_61","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1109\/SURV.2008.080406","article-title":"A survey of techniques for internet traffic classification using machine learning","volume":"10","author":"Nguyen","year":"2008","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1145\/1629607.1629610","article-title":"Gt: Picking up the truth from the ground for internet traffic","volume":"39","author":"Gringoli","year":"2009","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_63","doi-asserted-by":"crossref","first-page":"1158","DOI":"10.1016\/j.comnet.2010.11.006","article-title":"Quantifying the accuracy of the ground truth associated with Internet traffic traces","volume":"55","author":"Dusi","year":"2011","journal-title":"Comput. Netw."},{"key":"ref_64","unstructured":"(2020, August 10). Wireshark. Available online: https:\/\/www.wireshark.org."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/12\/2117\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:47:34Z","timestamp":1760179654000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/12\/2117"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,20]]},"references-count":64,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2020,12]]}},"alternative-id":["sym12122117"],"URL":"https:\/\/doi.org\/10.3390\/sym12122117","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12,20]]}}}