Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
An analysis of Internet chat systems
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
The CoralReef Software Suite as a Tool for System and Network Administrators
LISA '01 Proceedings of the 15th USENIX conference on System administration
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Byte me: a case for byte accuracy in traffic classification
Proceedings of the 3rd annual ACM workshop on Mining network data
ACM SIGCOMM Computer Communication Review
Offline/realtime traffic classification using semi-supervised learning
Performance Evaluation
Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Understanding IPv6 Usage: Communities and Behaviors
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Topnet: a network-aware top(1)
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Traffic classification using en-semble learning and co-training
AIC'08 Proceedings of the 8th conference on Applied informatics and communications
A nonlinear, recurrence-based approach to traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient application identification and the temporal and spatial stability of classification schema
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic discovery of botnet communities on large-scale communication networks
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Online Classification of Network Flows
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Accurate, Fine-Grained Classification of P2P-TV Applications by Simply Counting Packets
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Enhancing Application Identification by Means of Sequential Testing
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Review: Application classification using packet size distribution and port association
Journal of Network and Computer Applications
On the stability of the information carried by traffic flow features at the packet level
ACM SIGCOMM Computer Communication Review
Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Support Vector Machines for TCP traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Early traffic classification using support vector machines
Proceedings of the 5th International Latin American Networking Conference
On the use of compression algorithms for the classification of IP flows
SPECTS'09 Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems
Per flow packet sampling for high-speed network monitoring
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Distributed P2P traffic identification method
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
A network traffic identification method based on finite state machine
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Improving cost and accuracy of DPI traffic classifiers
Proceedings of the 2010 ACM Symposium on Applied Computing
Trends and differences in connection-behavior within classes of internet backbone traffic
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Impact of asymmetric routing on statistical traffic classification
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
An experimental evaluation of the computational cost of a DPI traffic classifier
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Hybrid traffic classification approach based on decision tree
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Optimizing statistical classifiers of network traffic
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Using GMM and SVM-based techniques for the classification of SSH-encrypted traffic
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A framework for tunneled traffic analysis
ICACT'10 Proceedings of the 12th international conference on Advanced communication technology
Towards software-friendly networks
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Relational network-service clustering analysis with set evidences
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Digging into HTTPS: flow-based classification of webmail traffic
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Internet traffic classification demystified: on the sources of the discriminative power
Proceedings of the 6th International COnference
Optimizing Deep Packet Inspection for High-Speed Traffic Analysis
Journal of Network and Systems Management
Analysis of the impact of sampling on NetFlow traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
KISS: stochastic packet inspection classifier for UDP traffic
IEEE/ACM Transactions on Networking (TON)
Improving matching performance of DPI traffic classifier
Proceedings of the 2011 ACM Symposium on Applied Computing
The network from above and below
Proceedings of the first ACM SIGCOMM workshop on Measurements up the stack
Session-based classification of internet applications in 3G wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the 23rd International Teletraffic Congress
Realtime classification for encrypted traffic
SEA'10 Proceedings of the 9th international conference on Experimental Algorithms
A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks
ACM Transactions on Knowledge Discovery from Data (TKDD)
Journal of Network and Computer Applications
Network flow classification based on the rhythm of packets
ICONIP'11 Proceedings of the 18th international conference on Neural Information Processing - Volume Part II
Network traffic classification using a parallel neural network classifier architecture
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Throttling Tor bandwidth parasites
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Statistical traffic classification by boosting support vector machines
Proceedings of the 7th Latin American Networking Conference
Wire-speed statistical classification of network traffic on commodity hardware
Proceedings of the 2012 ACM conference on Internet measurement conference
Measuring the impact of the copyright amendment act on New Zealand residential DSL users
Proceedings of the 2012 ACM conference on Internet measurement conference
Unsupervised traffic classification using flow statistical properties and IP packet payload
Journal of Computer and System Sciences
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Robust network traffic identification with unknown applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
ScrambleSuit: a polymorphic network protocol to circumvent censorship
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Reviewing traffic classification
DataTraffic Monitoring and Analysis
Hi-index | 0.00 |
The classification of IP ows according to the application that generated them is at the basis of any modern network management platform. However, classical techniques such as the ones based on the analysis of transport layer or application layer information are rapidly becoming ineffective. In this paper we present a ow classification mechanism based on three simple properties of the captured IP packets: their size, inter-arrival time and arrival order. Even though these quantities have already been used in the past to define classification techniques, our contribution is based on new structures called protocol fingerprints, which express such quantities in a compact and efficient way, and on a simple classification algorithm based on normalized thresholds. Although at a very early stage of development, the proposed technique is showing promising preliminary results from the classification of a reduced set of protocols.