On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Dynamics of IP traffic: a study of the role of variability and the impact of control
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Predicting users' requests on the WWW
UM '99 Proceedings of the seventh international conference on User modeling
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
A Longitudinal Study of P2P Traffic Classification
MASCOTS '06 Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Discriminating internet applications based on multiscale analysis
NGI'09 Proceedings of the 5th Euro-NGI conference on Next Generation Internet networks
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
| Hi-index | 0.00 |
Recent years have witnessed a huge increase in the number and variety of Internet applications, as well as on the number and diversity of security attacks to network users and systems. Consequently, the need for an accurate mapping of traffic to its corresponding applications has also raised in order to allow ISPs to provide better Quality-of-Service (QoS) standards, implement traffic engineering methodologies and deploy efficient security strategies. Several approaches have been proposed to identify Internet applications, starting from port-based identification and going into the detailed analysis of the packet's payload content or to the statistical analysis of the generated traffic flows. However, even the most efficient methodologies present some constraints that limit their applicability, namely some confidentiality constraints or difficulties to classify traffic with unknown behavior. This paper presents a new methodology for traffic classification that relies on the multiscale analysis of the sampled traffic by estimating the multifractal coefficients of the different traffic flows and grouping them, using clustering techniques, according to their multifractal behavior over different time scales. Besides applying this approach to classify traffic from three of the most important Internet protocols, the methodology's efficiency was also tested by identifying two of the most frequent network security attacks.