A first look at traffic classification in enterprise networks

Authors:
Taoufik En-Najjary;Guillaume Urvoy-Keller
Affiliations:
EURECOM, France;EURECOM, France
Venue:
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Year:
2010

Citing 10
Cited 0

Internet traffic classification using bayesian analysis techniques

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Traffic classification using clustering algorithms

Proceedings of the 2006 SIGCOMM workshop on Mining network data
Role classification of hosts within enterprise networks based on connection patterns

ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
A first look at modern enterprise traffic

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Early application identification

CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
How healthy are today's enterprise networks?

Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Efficient application identification and the temporal and spatial stability of classification schema

Computer Networks: The International Journal of Computer and Telecommunications Networking
Internet traffic classification demystified: myths, caveats, and the best practices

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Challenging statistical classification for operational usage: the ADSL case

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A survey of techniques for internet traffic classification using machine learning

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.00

Visualization

Abstract

Enterprise networks have a complexity that sometimes rival the one of the larger Internet. Still, enterprise traffic has received little attention so far from the research community. Most studies rely on port numbers to identify applications. In this work, we introduce a method to build statistical classifiers to detect specific intranet applications. We exemplify the approach with traces collected within the Eurecom network. We demonstrate that our statistical classifiers are able to classify the majority of the flows in our traces. For the cases when the traffic on a specific port cannot be fully identified with our application/protocol decoder, e.g., encrypted traffic, we demonstrate that our approach can be used to test the homogeneity of the traffic, i.e., that the corresponding flows share a common statistical signature that differs from the one of the rest of the traffic.