ACM SIGCOMM Computer Communication Review
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Hi-index | 0.00 |
Previous studies have shown the feasibility of deriving simple indicators of file transfers, human-interactivity, and other important behavioural characteristics. We are proposing a practical implementation and use of such indicators with NetMate. In its current state as a work in progress, our extended version of NetMate will already be of interest to network security practitioners conducting incident analysis. The tool can be used to post-process traffic traces containing suspicious flows in order to obtain a behavioural description of the incident and surrounding traffic activities. With further development, the approach has great potential for other use cases such as intrusion detection, insider threat detection, and traffic classification.