Identification of Traffic Flows Hiding behind TCP Port 80
- 1 May 2010
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Beyond Quality of Service and billing, one of the most important applications of traffic identification is in the field of network security. Despite their simplicity, current approaches based on port numbers are highly unreliable. This paper proposes an identification approach, based on a cascade of decision trees. The approach uses the sign pattern and payload size of the first four packets in each flow, thus remaining applicable to encrypted traffic too. The effectiveness of the proposed approach is evaluated on five real traffic traces collected in different time periods and over four different networks. The obtained overall accuracy gives us grounds to consider the adoption of this approach as stand-alone in on-line platforms for network traffic identification or in combination with classical firewall architectures.Keywords
This publication has 21 references indexed in Scilit:
- Classification of Network Traffic via Packet-Level Hidden Markov ModelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Offline/realtime traffic classification using semi-supervised learningPerformance Evaluation, 2007
- On Metrics to Distinguish Skype flows from HTTP trafficPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Comparing traffic classifiersACM SIGCOMM Computer Communication Review, 2007
- Traffic classification through simple statistical fingerprintingACM SIGCOMM Computer Communication Review, 2007
- Bayesian Neural Networks for Internet Traffic ClassificationIEEE Transactions on Neural Networks, 2007
- Early Recognition of Encrypted ApplicationsLecture Notes in Computer Science, 2007
- A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classificationACM SIGCOMM Computer Communication Review, 2006
- Early application identificationPublished by Association for Computing Machinery (ACM) ,2006
- BLINCACM SIGCOMM Computer Communication Review, 2005