I need to classify TCP traffic base on video and non-video. So i need to find characteristics of each flow. My classification is Flow-based and one of my variables is incoming packet length. but it is not accurate as
P(video|1200Bytes)= 0.04 P(non-Video|1200Bytes) = 0.22
I need some help to find some variables, at least two more to decide more accurately if a flow containing a video or not.
Can anyone help me please?
Thanks
Checking a single packet by itself may not yield a good result, why don't you try profiling based on the source of the packet? If a source sends so much linked TCP packets, then it could be video.