Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A Model of Stateful Firewalls and Its Properties
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Towards Context-Based Flow Classification
ICAS '06 Proceedings of the International Conference on Autonomic and Autonomous Systems
A comparative analysis of web and peer-to-peer traffic
Proceedings of the 17th international conference on World Wide Web
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
A traffic identification method and evaluations for a pure p2p application
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Hi-index | 0.00 |
A key aspect of traffic classification is the early identification of individual flows which may utilise strategies such as ephemeral ports and transport later encryption to `hide' on the network. This paper focuses on P2P and HTTP - the two main producers of network traffic - to determine the characteristics of their individual flows. We propose a heuristic based classification system to distinguish HTTP and P2P flows using only the structure of how packets are passed and the lengths of the individual packets. The classification system is then tested on real network traffic and results presented to show it can accurately detect P2P and HTTP within the early part of a TCP flow.