Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Traffic classification through simple statistical fingerprinting
ACM SIGCOMM Computer Communication Review
Identifying and discriminating between web and peer-to-peer traffic in the network core
Proceedings of the 16th international conference on World Wide Web
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Proceedings of the 2007 workshop on Large scale attack defense
What's going on?: learning communication rules in edge networks
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Unconstrained endpoint profiling (googling the internet)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Macroscope: end-point approach to networked application dependency discovery
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Identifying the use of data/voice/video-based P2P traffic by DNS-query behavior
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Profiling-By-Association: a resilient traffic profiling solution for the internet backbone
Proceedings of the 6th International COnference
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
| Hi-index | 0.00 |
Traffic causality graphs (TCGs) are proposed for visualizing and analyzing the temporal and spatial causality of flows to profile network applications without inspecting packet payload. A key idea of TCGs is to focus on the causality of individual flows composed of different application protocols rather than a set of host flows. This idea enables us to analyze temporal interactions between flows, such as the temporal manner of flow generation by identical application programs and interactions between incoming and outgoing flows. We demonstrate the effectiveness of TCGs for profiling network applications in case studies with ground truth datasets. The results show that the simple features of TCGs are discriminative for profiling network applications and that TCGs are also advantageous for profiling application programs, such as user agents of Web browsers and proxies that cannot be classified by existing approaches; this enables us to identify a specific application program that uses the same protocol as other programs. In addition to the TCG features, the visualization of TCGs reveals the causality of each flow, which consequently helps network operators to identify the root causes of other flows, such as malicious ones.