Statistical Protocol IDentification with SPID: Preliminary Results
作者: Erik Hjelmvik , Wolfgang John
DOI:
关键词: Computer network 、 Data mining 、 Computer science 、 Quality of service 、 Robustness (computer science) 、 Application layer 、 Access network 、 Small set 、 Network security 、 Traffic classification 、 Traffic analysis
摘要: Identifying application layer protocols within network sessions is important when assigning Quality of Service (QoS) priorities as well conducting network security monitoring. This paper introduces a Statistical Protocol IDentification algorithm (SPID) utilizing various statistical flow and data features. We have identified by comparing probability vectors created from observed traffic to known protocols. Promising preliminary results are presented, showing average precision 100% recall 92% for small set traces an access network. To further improve the results, number ongoing future directions with SPID discussed, such optimization of the attribute meters improving robustness against different environments.
chalmers.se
sourceforge.net 
researchgate.net 参考文章(16)
A. Madhukar, C. Williamson, A Longitudinal Study of P2P Traffic Classification modeling, analysis, and simulation on computer and telecommunication systems. pp. 179- 188 ,(2006) , 10.1109/MASCOTS.2006.6
Andrew W. Moore, Konstantina Papagiannaki, Toward the Accurate Identification of Network Applications Lecture Notes in Computer Science. pp. 41- 54 ,(2005) , 10.1007/978-3-540-31966-5_4
Sven Tafvelin, Wolfgang John, Experiences from Passive Internet Traffic Measurements Chalmers University of Technology. ,(2008)
Elie Bursztein, Probabilistic identification for hard to classify protocol international conference on information security. pp. 49- 63 ,(2008) , 10.5555/1789374.1789380
Géza Szabó, Dániel Orincsay, Szabolcs Malomsoky, István Szabó, On the validation of traffic classification algorithms passive and active network measurement. pp. 72- 81 ,(2008) , 10.1007/978-3-540-79232-1_8
S. Kullback, R. A. Leibler, On Information and Sufficiency Annals of Mathematical Statistics. ,vol. 22, pp. 79- 86 ,(1951) , 10.1214/AOMS/1177729694
Hyunchul Kim, KC Claffy, Marina Fomenkov, Dhiman Barman, Michalis Faloutsos, KiYoung Lee, Internet traffic classification demystified: myths, caveats, and the best practices conference on emerging network experiment and technology. pp. 11- ,(2008) , 10.1145/1544012.1544023
Wolfgang John, Sven Tafvelin, Heuristics to Classify Internet Backbone Traffic based on Connection Patterns international conference on information networking. pp. 1- 5 ,(2008) , 10.1109/ICOIN.2008.4472818
Subhabrata Sen, Oliver Spatscheck, Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures Proceedings of the 13th conference on World Wide Web - WWW '04. pp. 512- 521 ,(2004) , 10.1145/988672.988742
Marios Iliofotou, Hyun-chul Kim, Michalis Faloutsos, Michael Mitzenmacher, Prashanth Pappu, George Varghese, Graph-Based P2P Traffic Classification at the Internet Backbone IEEE INFOCOM Workshops 2009. pp. 37- 42 ,(2009) , 10.1109/INFCOMW.2009.5072151