Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
HMM profiles for network traffic classification
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
A survey of techniques for internet traffic classification using machine learning
IEEE Communications Surveys & Tutorials
Network traffic classification via HMM under the guidance of syntactic structure
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
This paper presents a novel traffic classification approach which classifies TCP connections with help of observable Markov models. As traffic properties, payload length, direction, and position of the first packets of a TCP connection are considered. We evaluate the accuracy of the classification approach with help of packet traces captured in a real network, achieving higher accuracies than the cluster-based classification approach of Bernaille [1]. As another advantage, the complexity of the proposed Markov classifier is low for both training and classification. Furthermore, the classification approach provides a certain level of robustness against changed usage of applications.