C4.5: programs for machine learning
C4.5: programs for machine learning
Bayesian classification (AutoClass): theory and results
Advances in knowledge discovery and data mining
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Automated Traffic Classification and Application Identification using Machine Learning
LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Inferring the source of encrypted HTTP connections
Proceedings of the 13th ACM conference on Computer and communications security
Traffic classification through simple statistical fingerprinting
ACM SIGCOMM Computer Communication Review
Identifying and discriminating between web and peer-to-peer traffic in the network core
Proceedings of the 16th international conference on World Wide Web
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
Semi-supervised network traffic classification
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A Machine Learning Approach for Efficient Traffic Classification
MASCOTS '07 Proceedings of the 2007 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
A survey of techniques for internet traffic classification using machine learning
IEEE Communications Surveys & Tutorials
| Hi-index | 0.00 |
Research in traffic classification is reaching into ever more difficult areas. Traditional techniques such as header and payload inspection are not providing sufficient information due to usage of non-standard ports and encryption. Promising alternative methods have been proposed based on the statistical behaviour of traffic flows. Although these methods can achieve quite high accuracies in non-encrypted traffic flows, traffic identification of encrypted traffic flows is still in its early stages. We argue that the results to date for encrypted traffic cannot help a network device such as a firewall make any useful decision, nor are there any indications that this may be achieved in the future. We propose a novel approach to cope with encrypted peer to peer network layer tunnels which are a particular problem in schools, universities, and larger corporate networks. First statistical techniques are used to identify the protocols present, a process that may take in the order of seconds. Next, based on the protocols discovered, and enterprise policies, a network device is advised to block, band-limit, or allow the whole tunnel, or a range of packet sizes within that tunnel. Preliminary research has concluded that VoIP traffic can be successfully handled by this approach and that advise to a network device can be practically useful. Work continues to apply these techniques to other protocols and mixes of protocols within a peer to peer tunnels.