Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A fast string searching algorithm
Communications of the ACM
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Unexpected means of protocol inference
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Traffic classification using a statistical approach
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Hi-index | 0.00 |
The automatic identification of applications associated with network traffic is an essential step to apply quality-of-service policies and profile network usage. Our prior work proposes Early Application Identification, a method that accurately identifies the application after the first four packets of a TCP connection. However, an online implementation of this method faces two challenges: it needs to run at high speed and with limited memory. This paper addresses these issues. We propose an algorithm that implements Early Application Identificationplus a number of computation and memory optimizations. An evaluation using traffic traces collected at our university network shows that this implementation can classify traffic at up to 6 Gbit/s. This speed is more than enough to classify traffic at current edge networks.