A fast string searching algorithm
Communications of the ACM
Cluster ensembles --- a knowledge reuse framework for combining multiple partitions
The Journal of Machine Learning Research
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
The changing usage of a mature campus-wide wireless network
Proceedings of the 10th annual international conference on Mobile computing and networking
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Unexpected means of protocol inference
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Traffic classification using a statistical approach
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Traffic classification through simple statistical fingerprinting
ACM SIGCOMM Computer Communication Review
Identifying and discriminating between web and peer-to-peer traffic in the network core
Proceedings of the 16th international conference on World Wide Web
A markovian signature-based approach to IP traffic classification
Proceedings of the 3rd annual ACM workshop on Mining network data
Byte me: a case for byte accuracy in traffic classification
Proceedings of the 3rd annual ACM workshop on Mining network data
ACM SIGCOMM Computer Communication Review
Offline/realtime traffic classification using semi-supervised learning
Performance Evaluation
Unconstrained endpoint profiling (googling the internet)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Implementation Issues of Early Application Identification
AINTEC '07 Proceedings of the 3rd Asian conference on Internet Engineering: Sustainable Internet
Pattern Recognition Approaches for Classifying IP Flows
SSPR & SPR '08 Proceedings of the 2008 Joint IAPR International Workshop on Structural, Syntactic, and Statistical Pattern Recognition
A nonlinear, recurrence-based approach to traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient application identification and the temporal and spatial stability of classification schema
Computer Networks: The International Journal of Computer and Telecommunications Networking
Profiling and identification of P2P traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic discovery of botnet communities on large-scale communication networks
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Online Classification of Network Flows
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Inferring undesirable behavior from P2P traffic analysis
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
TIE: A Community-Oriented Traffic Classification Platform
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Revealing the Unknown ADSL Traffic Using Statistical Methods
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Accurate, Fine-Grained Classification of P2P-TV Applications by Simply Counting Packets
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Enhancing Application Identification by Means of Sequential Testing
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
On the stability of the information carried by traffic flow features at the packet level
ACM SIGCOMM Computer Communication Review
Regularized Linear Models in Stacked Generalization
MCS '09 Proceedings of the 8th International Workshop on Multiple Classifier Systems
Support Vector Machines for TCP traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Early traffic classification using support vector machines
Proceedings of the 5th International Latin American Networking Conference
Challenging statistical classification for operational usage: the ADSL case
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
On traffic characteristics of a broadband wireless internet access
NGI'09 Proceedings of the 5th Euro-NGI conference on Next Generation Internet networks
Per flow packet sampling for high-speed network monitoring
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
A network traffic identification method based on finite state machine
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Impact of asymmetric routing on statistical traffic classification
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
An experimental evaluation of the computational cost of a DPI traffic classifier
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
LCGT: a low-cost continuous ground truth generation method for traffic classification
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Emulation platform for network wide traffic sampling and monitoring
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Estimating routing symmetry on single links by passive flow measurements
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Fine-grained traffic classification with netflow data
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Optimizing statistical classifiers of network traffic
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
A first look at traffic classification in enterprise networks
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
A signal processing view on packet sampling and anomaly detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Proceedings of the 2010 Workshop on Economics of Networks, Systems, and Computation
Digging into HTTPS: flow-based classification of webmail traffic
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Experience with high-speed automated application-identification for network-management
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Profiling-By-Association: a resilient traffic profiling solution for the internet backbone
Proceedings of the 6th International COnference
Internet traffic classification demystified: on the sources of the discriminative power
Proceedings of the 6th International COnference
Optimizing Deep Packet Inspection for High-Speed Traffic Analysis
Journal of Network and Systems Management
Properties and Evolution of Internet Traffic Networks from Anonymized Flow Data
ACM Transactions on Internet Technology (TOIT)
Quantifying the accuracy of the ground truth associated with Internet traffic traces
Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of the impact of sampling on NetFlow traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
KISS: stochastic packet inspection classifier for UDP traffic
IEEE/ACM Transactions on Networking (TON)
Host-Based P2P Flow Identification and Use in Real-Time
ACM Transactions on the Web (TWEB)
Graption: A graph-based P2P traffic classification framework for the internet backbone
Computer Networks: The International Journal of Computer and Telecommunications Networking
On profiling residential customers
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Early classification of network traffic through multi-classification
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Mining unclassified traffic using automatic clustering techniques
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
The network from above and below
Proceedings of the first ACM SIGCOMM workshop on Measurements up the stack
Using of time characteristics in data flow for traffic classification
AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
Salting public traces with attack traffic to test flow classifiers
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Computer Networks: The International Journal of Computer and Telecommunications Networking
Session-based classification of internet applications in 3G wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
SMILER: Towards Practical Online Traffic Classification
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Uncovering relations between traffic classifiers and anomaly detectors via graph theory
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Kiss to abacus: a comparison of P2P-TV traffic classifiers
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
TCP traffic classification using markov models
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
K-dimensional trees for continuous traffic classification
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Realtime classification for encrypted traffic
SEA'10 Proceedings of the 9th international conference on Experimental Algorithms
A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks
ACM Transactions on Knowledge Discovery from Data (TKDD)
Performance evaluation with hidden markov models
PERFORM'10 Proceedings of the 2010 IFIP WG 6.3/7.3 international conference on Performance Evaluation of Computer and Communication Systems: milestones and future challenges
Statistical traffic classification by boosting support vector machines
Proceedings of the 7th Latin American Networking Conference
Wire-speed statistical classification of network traffic on commodity hardware
Proceedings of the 2012 ACM conference on Internet measurement conference
Measuring the impact of the copyright amendment act on New Zealand residential DSL users
Proceedings of the 2012 ACM conference on Internet measurement conference
Application traffic classification at the early stage by characterizing application rounds
Information Sciences: an International Journal
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Network protocol identification ensemble with EA optimization
Proceedings of the 15th annual conference companion on Genetic and evolutionary computation
IEEE/ACM Transactions on Networking (TON)
Reviewing traffic classification
DataTraffic Monitoring and Analysis
| Hi-index | 0.00 |
The automatic detection of applications associated with network traffic is an essential step for network security and traffic engineering. Unfortunately, simple port-based classification methods are not always efficient and systematic analysis of packet payloads is too slow. Most recent research proposals use flow statistics to classify traffic flows once they are finished, which limit their applicability for online classification. In this paper, we evaluate the feasibility of application identification at the beginning of a TCP connection. Based on an analysis of packet traces collected on eight different networks, we find that it is possible to distinguish the behavior of an application from the observation of the size and the direction of the first few packets of the TCP connection. We apply three techniques to cluster TCP connections: K-Means, Gaussian Mixture Model and spectral clustering. Resulting clusters are used together with assignment and labeling heuristics to design classifiers. We evaluate these classifiers on different packet traces. Our results show that the first four packets of a TCP connection are sufficient to classify known applications with an accuracy over 90% and to identify new applications as unknown with a probability of 60%.