Identification of network traffic using port-based or payload-based analysis is becoming increasing difficult with many Peer-to-Peer (P2P) application using dynamic ports, masquerading techniques, and encryption to avoid detection. To overcome this problem, several machine learning technique were proposed to classify P2P traffics. But in the real P2P network environment, new communities of peers often attend and old communities of peers often leave. It requires the identification methods to be capable of coping with concept drift, and updating the model incrementally. In this paper, we present a concept-adapting algorithm CluMC which is based on streaming data mining techniques to identify P2P applications in Internet traffic. The CluMC use micro-cluster structures which contain potential micro-cluster structures and outlier micro-cluster structures to classify the P2P traffic and discover the concept drift with limited memory. Our performance study over a number of real data sets that we captured at a main gateway router demonstrates the effectiveness and efficiency of our method.

DOI: http://dx.doi.org/10.11591/telkomnika.v11i8.3030