Elements of information theory
Elements of information theory
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
An analysis of Internet chat systems
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Transport layer identification of P2P traffic
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
Hyper customized processors for bio-sequence database scanning on FPGAs
Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ACAS: automated construction of application signatures
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Self-Learning IP traffic classification based on statistical flow characteristics
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Packet-level traffic measurements from the Sprint IP backbone
IEEE Network: The Magazine of Global Internetworking
Semi-automated discovery of application session structure
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Efficient sequence alignment of network traffic
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Byte me: a case for byte accuracy in traffic classification
Proceedings of the 3rd annual ACM workshop on Mining network data
Cloud control with distributed rate limiting
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Offline/realtime traffic classification using semi-supervised learning
Performance Evaluation
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
NetADHICT: a tool for understanding network traffic
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Discoverer: automatic protocol reverse engineering from network traces
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Implementation Issues of Early Application Identification
AINTEC '07 Proceedings of the 3rd Asian conference on Internet Engineering: Sustainable Internet
Advanced Network Fingerprinting
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A data mining approach for analysis of worm activity through automatic signature generation
Proceedings of the 1st ACM workshop on Workshop on AISec
Profiling and identification of P2P traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
On Metrics to Distinguish Skype Flows from HTTP Traffic
Journal of Network and Systems Management
Identify P2P Traffic by Inspecting Data Transfer Behaviour
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
On the impacts of human interactions in MMORPG traffic
Multimedia Tools and Applications
Early traffic classification using support vector machines
Proceedings of the 5th International Latin American Networking Conference
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Automated Behavioral Fingerprinting
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Graph-based P2P traffic classification at the internet backbone
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Identify P2P traffic by inspecting data transfer behavior
Computer Communications
Link homophily in the application layer and its usage in traffic classification
INFOCOM'10 Proceedings of the 29th conference on Information communications
AjaxTracker: active measurement system for high-fidelity characterization of AJAX applications
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Profiling-By-Association: a resilient traffic profiling solution for the internet backbone
Proceedings of the 6th International COnference
KISS: stochastic packet inspection classifier for UDP traffic
IEEE/ACM Transactions on Networking (TON)
Improving matching performance of DPI traffic classifier
Proceedings of the 2011 ACM Symposium on Applied Computing
Graption: A graph-based P2P traffic classification framework for the internet backbone
Computer Networks: The International Journal of Computer and Telecommunications Networking
ACM Transactions on the Web (TWEB)
Inferring protocol state machine from network traces: a probabilistic approach
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks
ACM Transactions on Knowledge Discovery from Data (TKDD)
Enforcing security with behavioral fingerprinting
Proceedings of the 7th International Conference on Network and Services Management
Automatic protocol signature generation framework for deep packet inspection
Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools
Journal of Network and Computer Applications
Statistical traffic classification by boosting support vector machines
Proceedings of the 7th Latin American Networking Conference
Automatic protocol reverse-engineering: Message format extraction and field semantics inference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Unsupervised traffic classification using flow statistical properties and IP packet payload
Journal of Computer and System Sciences
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Traffic classification combining flow correlation and ensemble classifier
International Journal of Wireless and Mobile Computing
Reviewing traffic classification
DataTraffic Monitoring and Analysis
Hi-index | 0.00 |
Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from debugging and security to analytics and policy support. Traditionally, managers have relied on application adherence to a well established global port mapping: Web traffic on port 80, mail traffic on port 25 and so on. However, a range of factors - including firewall port blocking, tunneling, dynamic port allocation, and a bloom of new distributed applications - has weakened the value of this approach. We analyze three alternative mechanisms using statistical and structural content models for automatically identifying traffic that uses the same application-layer protocol, relying solely on flow content. In this manner, known applications may be identified regardless of port number, while traffic from one unknown application will be identified as distinct from another. We evaluate each mechanism's classification performance using real-world traffic traces from multiple sites.