• DocumentCode
    2438479
  • Title

    High-Speed Flow Nature Identification

  • Author

    Khakpour, Amir R. ; Liu, Alex X.

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Michigan State Univ., East Lansing, MI, USA
  • fYear
    2009
  • fDate
    22-26 June 2009
  • Firstpage
    510
  • Lastpage
    517
  • Abstract
    This paper concerns the fundamental problem of identifying the content nature of a flow, namely text, binary, or encrypted, for the first time. We propose Iustitia, a tool for identifying flow nature on the fly. The key observation behind Iustitia is that text flows have the lowest entropy and encrypted flows have the highest entropy, while the entropy of binary flows stands in between. The basic idea of Iustitia is to classify flows using machine learning techniques where a feature is the entropy of every certain number of consecutive bytes. The key features of Iustitia are high speed (10% of average packet inter-arrival time) and high accuracy (86%).
  • Keywords
    learning (artificial intelligence); text analysis; Iustitia; encrypted flow; high-speed flow nature identification; machine learning; text flow; Cryptography; Entropy; Feature extraction; Internet; Intrusion detection; Law enforcement; Machine learning; Monitoring; Payloads; Telecommunication traffic; Flow identification; encrypted flows; flow classification;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Distributed Computing Systems, 2009. ICDCS '09. 29th IEEE International Conference on
  • Conference_Location
    Montreal, QC
  • ISSN
    1063-6927
  • Print_ISBN
    978-0-7695-3659-0
  • Electronic_ISBN
    1063-6927
  • Type

    conf

  • DOI
    10.1109/ICDCS.2009.34
  • Filename
    5158462
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2438479