Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Role classification of hosts within enterprise networks based on connection patterns
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
A first look at modern enterprise traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
How healthy are today's enterprise networks?
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Efficient application identification and the temporal and spatial stability of classification schema
Computer Networks: The International Journal of Computer and Telecommunications Networking
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Challenging statistical classification for operational usage: the ADSL case
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A survey of techniques for internet traffic classification using machine learning
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
Enterprise networks have a complexity that sometimes rival the one of the larger Internet. Still, enterprise traffic has received little attention so far from the research community. Most studies rely on port numbers to identify applications. In this work, we introduce a method to build statistical classifiers to detect specific intranet applications. We exemplify the approach with traces collected within the Eurecom network. We demonstrate that our statistical classifiers are able to classify the majority of the flows in our traces. For the cases when the traffic on a specific port cannot be fully identified with our application/protocol decoder, e.g., encrypted traffic, we demonstrate that our approach can be used to test the homogeneity of the traffic, i.e., that the corresponding flows share a common statistical signature that differs from the one of the rest of the traffic.