Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
An analysis of Internet chat systems
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Unexpected means of protocol inference
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Traffic classification through simple statistical fingerprinting
ACM SIGCOMM Computer Communication Review
Revealing skype traffic: when randomness plays with you
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Offline/realtime traffic classification using semi-supervised learning
Performance Evaluation
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
KISS: Stochastic Packet Inspection
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Measuring IP and TCP behavior on edge nodes with Tstat
Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
A survey of techniques for internet traffic classification using machine learning
IEEE Communications Surveys & Tutorials
IEEE Communications Magazine
Mining unclassified traffic using automatic clustering techniques
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Uncovering the big players of the web
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Unmasking the growing UDP traffic in a campus network
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Exploiting packet-sampling measurements for traffic characterization and classification
International Journal of Network Management
Unsupervised traffic classification using flow statistical properties and IP packet payload
Journal of Computer and System Sciences
Robust network traffic identification with unknown applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
An information-theoretical approach to high-speed flow nature identification
IEEE/ACM Transactions on Networking (TON)
Reviewing traffic classification
DataTraffic Monitoring and Analysis
Hi-index | 0.00 |
This paper proposes KISS, a novel Internet classification engine. Motivated by the expected raise of UDP traffic, which stems from the momentum of Peer-to-Peer (P2P) streaming applications, we propose a novel classification framework that leverages on statistical characterization of payload. Statistical signatures are derived by the means of a Chi-Square (χ2)-like test, which extracts the protocol "format," but ignores the protocol "semantic" and "synchronization" rules. The signatures feed a decision process based either on the geometric distance among samples, or on Support Vector Machines. KISS is very accurate, and its signatures are intrinsically robust to packet sampling, reordering, and flow asymmetry, so that it can be used on almost any network. KISS is tested in different scenarios, considering traditional client-server protocols, VoIP, and both traditional and new P2P Internet applications. Results are astonishing. The average True Positive percentage is 99.6%, with the worst case equal to 98.1,% while results are almost perfect when dealing with new P2P streaming applications.