Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
The CoralReef Software Suite as a Tool for System and Network Administrators
LISA '01 Proceedings of the 15th USENIX conference on System administration
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
GTVS: Boosting the Collection of Application Traffic Ground Truth
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
On the stability of the information carried by traffic flow features at the packet level
ACM SIGCOMM Computer Communication Review
High-Speed Flow Nature Identification
ICDCS '09 Proceedings of the 2009 29th IEEE International Conference on Distributed Computing Systems
GT: picking up the truth from the ground for internet traffic
ACM SIGCOMM Computer Communication Review
On dominant characteristics of residential broadband internet traffic
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Machine learning based encrypted traffic classification: identifying SSH and skype
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
On the validation of traffic classification algorithms
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
A measurement-based study on the correlations of inter-domain Internet application flows
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Ground truth information for Internet traffic traces is often derived by means of port analysis and payload inspection (Deep Packet Inspection - DPI). In this paper we analyze the errors that DPI and port analysis commit when assigning protocol labels to traffic traces. We compare the ground truth provided by these approaches with that derived by gt, a tool that we developed, which provides error-free ground truth at the application level by construction. Experimental results demonstrate that, depending on the protocols composing a trace, ground truth information from port analysis and DPI can be incorrect for up to 91% and 26% of the labeled bytes, respectively.