A maximum entropy approach to natural language processing
Computational Linguistics
Logistic Regression, AdaBoost and Bregman Distances
COLT '00 Proceedings of the Thirteenth Annual Conference on Computational Learning Theory
Bayesian Networks Classifiers Applied to Documents
ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 1 - Volume 1
An analysis of Internet chat systems
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Traffic classification using a statistical approach
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Self-Learning IP traffic classification based on statistical flow characteristics
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Unexpected means of protocol inference
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Identifying and discriminating between web and peer-to-peer traffic in the network core
Proceedings of the 16th international conference on World Wide Web
Byte me: a case for byte accuracy in traffic classification
Proceedings of the 3rd annual ACM workshop on Mining network data
Offline/realtime traffic classification using semi-supervised learning
Performance Evaluation
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Unconstrained endpoint profiling (googling the internet)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Agent-Based Network Protection Against Malicious Code
CEEMAS '07 Proceedings of the 5th international Central and Eastern European conference on Multi-Agent Systems and Applications V
Improve Flow Accuracy and Byte Accuracy in Network Traffic Classification
ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Artificial Intelligence
Advanced Network Fingerprinting
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Traffic classification using en-semble learning and co-training
AIC'08 Proceedings of the 8th conference on Applied informatics and communications
Characterizing network traffic by means of the NetMine framework
Computer Networks: The International Journal of Computer and Telecommunications Networking
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Online Classification of Network Flows
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Identify P2P Traffic by Inspecting Data Transfer Behaviour
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Classifying SSH encrypted traffic with minimum packet header features using genetic programming
Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers
On the impacts of human interactions in MMORPG traffic
Multimedia Tools and Applications
Discriminating internet applications based on multiscale analysis
NGI'09 Proceedings of the 5th Euro-NGI conference on Next Generation Internet networks
Automated Behavioral Fingerprinting
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Traffic Classification Based on Flow Similarity
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Detection of illicit traffic based on multiscale analysis
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Graph-based P2P traffic classification at the internet backbone
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Machine learning based encrypted traffic classification: identifying SSH and skype
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
A novel self-learning architecture for p2p traffic classification in high speed networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Traffic classification - towards accurate real time network applications
HCI'07 Proceedings of the 12th international conference on Human-computer interaction: applications and services
An SVM-based machine learning method for accurate internet traffic classification
Information Systems Frontiers
Composite lightweight traffic classification system for network management
International Journal of Network Management
Probabilistic identification for hard to classify protocol
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Identify P2P traffic by inspecting data transfer behavior
Computer Communications
Fine-grained traffic classification with netflow data
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Identifying the use of data/voice/video-based P2P traffic by DNS-query behavior
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Link homophily in the application layer and its usage in traffic classification
INFOCOM'10 Proceedings of the 29th conference on Information communications
Digging into HTTPS: flow-based classification of webmail traffic
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Internet traffic classification demystified: on the sources of the discriminative power
Proceedings of the 6th International COnference
Analysis of the impact of sampling on NetFlow traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
KISS: stochastic packet inspection classifier for UDP traffic
IEEE/ACM Transactions on Networking (TON)
Graption: A graph-based P2P traffic classification framework for the internet backbone
Computer Networks: The International Journal of Computer and Telecommunications Networking
Inferring users' online activities through traffic analysis
Proceedings of the fourth ACM conference on Wireless network security
Inferring protocol state machine from network traces: a probabilistic approach
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Session-based classification of internet applications in 3G wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the 23rd International Teletraffic Congress
A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks
ACM Transactions on Knowledge Discovery from Data (TKDD)
Automatic protocol signature generation framework for deep packet inspection
Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools
Journal of Network and Computer Applications
Entropy based discriminators for p2p teletraffic characterization
ICONIP'11 Proceedings of the 18th international conference on Neural Information Processing - Volume Part II
Feature selection for optimizing traffic classification
Computer Communications
Machine learning-based classification of encrypted internet traffic
MLDM'12 Proceedings of the 8th international conference on Machine Learning and Data Mining in Pattern Recognition
Timely and continuous machine-learning-based classification for interactive IP traffic
IEEE/ACM Transactions on Networking (TON)
Automatic protocol reverse-engineering: Message format extraction and field semantics inference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Robust network traffic identification with unknown applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Toward an efficient and scalable feature selection approach for internet traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Traffic classification combining flow correlation and ensemble classifier
International Journal of Wireless and Mobile Computing
Reviewing traffic classification
DataTraffic Monitoring and Analysis
Fake View Analytics in Online Video Services
Proceedings of Network and Operating System Support on Digital Audio and Video Workshop
| Hi-index | 0.00 |
An accurate mapping of traffic to applications is important for a broad range of network management and measurement tasks. Internet applications have traditionally been identified using well-known default server network-port numbers in the TCP or UDP headers. However this approach has become increasingly inaccurate. An alternate, more accurate technique is to use specific application-level features in the protocol exchange to guide the identification. Unfortunately deriving the signatures manually is very time consuming and difficult.In this paper, we explore automatically extracting application signatures from IP traffic payload content. In particular we apply three statistical machine learning algorithms to automatically identify signatures for a range of applications. The results indicate that this approach is highly accurate and scales to allow online application identification on high speed links. We also discovered that content signatures still work in the presence of encryption. In these cases we were able to derive content signature for unencrypted handshakes negotiating the encryption parameters of a particular connection.