A measurement study of Napster and Gnutella as examples of peer-to-peer file sharing systems
ACM SIGCOMM Computer Communication Review
X-means: Extending K-means with Efficient Estimation of the Number of Clusters
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Estimation of entropy and mutual information
Neural Computation
On Effectiveness of Link Padding for Statistical Traffic Analysis Attacks
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
HMM profiles for network traffic classification
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Link analysis ranking
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
WWW '05 Proceedings of the 14th international conference on World Wide Web
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
ACAS: automated construction of application signatures
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Longitudinal Study of P2P Traffic Classification
MASCOTS '06 Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation
Identifying Known and Unknown Peer-to-Peer Traffic
NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A traffic identification method and evaluations for a pure p2p application
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Allergy attack against automatic signature generation
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
With the growing use of protocols obfuscation techniques,protocol identification for Q.O.S enforcement, traffic prohibition, and intrusiondetection has became a complex task. This paper address thisissue with a probabilistic identification analysis that combines multiplesadvanced identification techniques and returns an ordered list of probableprotocols. It combines a payload analysis with a classifier based onseveral discriminators, including packet entropy and size. We show withits implementation, that it overcomes the limitations of traditional portbasedprotocol identification when dealing with hard to classify protocolsuch as peer to peer protocols. We also details how it deals with tunneledsession and covert channel.