Analyzing peer-to-peer traffic across large networks
IEEE/ACM Transactions on Networking (TON)
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
YALE: rapid prototyping for complex data mining tasks
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
FANMOD: a tool for fast network motif detection
Bioinformatics
In-the-dark network traffic classification using support vector machines
IAAI'08 Proceedings of the 20th national conference on Innovative applications of artificial intelligence - Volume 3
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Graption: A graph-based P2P traffic classification framework for the internet backbone
Computer Networks: The International Journal of Computer and Telecommunications Networking
Classifying Wikipedia articles using network motif counts and ratios
Proceedings of the Eighth Annual International Symposium on Wikis and Open Collaboration
Hi-index | 0.00 |
Identifying application types in network traffic is a difficult problem for administrators who must secure and manage network resources, further complicated by the use of encrypted protocols and nonstandard port numbers. This paper takes a unique approach to this problem by modeling and analyzing application graphs, structures which describe the application-level (e.g., HTTP, FTP) communications between hosts. These graphs are searched for motifs: recurring, significant patterns of interconnections that can be used to help determine the network application in use. Motif-based analysis has been applied predominantly to biological networks to hypothesize key functional regulatory units, but never to network traffic as it is here. For the proposed method, a description of each node is generated based on its participation in statistically significant motifs. These descriptions, or profiles, are data points in multidimensional space that are used as input to a k-nearest neighbor (k-NN) classifier to predict the application. This work also compares the performance of motif-based analysis to an alternative profile type based on "traditional" graph measures such as path lengths, clustering coefficients and centrality measures. The results show that motif profiles perform better than traditional profiles, and are able to correctly identify the actions of 85% of the hosts examined across seven protocols.