Analyzing peer-to-peer traffic across large networks
IEEE/ACM Transactions on Networking (TON)
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Identifying Known and Unknown Peer-to-Peer Traffic
NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Unexpected means of protocol inference
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Role classification of hosts within enterprise networks based on connection patterns
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Revealing skype traffic: when randomness plays with you
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Forensic Analysis for Epidemic Attacks in Federated Networks
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Unconstrained endpoint profiling (googling the internet)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
SS'08 Proceedings of the 17th conference on Security symposium
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
On the stability of the information carried by traffic flow features at the packet level
ACM SIGCOMM Computer Communication Review
Challenging statistical classification for operational usage: the ADSL case
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Graph-based P2P traffic classification at the internet backbone
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Using network motifs to identify application protocols
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Proceedings of the ACM SIGCOMM 2010 conference
Profiling-By-Association: a resilient traffic profiling solution for the internet backbone
Proceedings of the 6th International COnference
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
A survey of techniques for internet traffic classification using machine learning
IEEE Communications Surveys & Tutorials
Methodology for detection and restraint of p2p applications in the network
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
A measurement-based study on the correlations of inter-domain Internet application flows
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Monitoring network traffic and classifying applications are essential functions for network administrators. Current traffic classification methods can be grouped in three categories: (a) flow-based (e.g., packet sizing/timing features), (b) payload-based, and (c) host-based. Methods from all three categories have limitations, especially when it comes to detecting new applications, and classifying traffic at the backbone. In this paper, we propose the use of Traffic Dispersion Graphs (TDGs) to remedy these limitations. Given a set of flows, a TDG is a graph with an edge between any two IP addresses that communicate; thus TDGs capture network-wide interactions. Using TDGs, we develop an application classification framework dubbed Graption (Graph-based classification). Our framework provides a systematic way to classify traffic by using information from the network-wide behavior and flow-level characteristics of Internet applications. As a proof of concept, we instantiate our framework to detect P2P traffic, and show that it can identify 90% of P2P flows with 95% accuracy in backbone traces, which are particularly challenging for other methods.