Title :
Automatic Application Signature Construction from Unknown Traffic
Author :
Wang, Yu ; Xiang, Yang ; Yu, Shun-zheng
Author_Institution :
Centre for Intell. & Networked Syst., Central Queensland Univ., Rockhampton, QLD, Australia
Abstract :
Identifying applications and classifying network traffic flows according to their source applications are critical for a broad range of network activities. Such classifications can be based on information derived from packet header fields and payload content, or statistical characteristics of flows and communication patterns of hosts. However, most of present methods rely on some forms of priori knowledge. In this paper, an application signature based traffic classification system with a novel approach to fully automate the process of deriving signatures from unknown traffic is proposed. The key idea is to combine traffic clustering based on statistical flow properties in order to generate clusters dominated by a single application on the one hand, and application signature construction solely based on payload content from each cluster on the other hand. Evaluation using real-world traffic traces indicate that the proposed approach is highly effective.
Keywords :
telecommunication traffic; automatic application signature construction; communication patterns; network traffic flows; statistical flow properties; traffic classification system; unknown traffic; Access protocols; Conference management; Engineering management; Information management; Intelligent systems; Machine learning; Management information systems; Payloads; Telecommunication traffic; Traffic control; application identification; clustering; machine learning; traffic classification;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on
Conference_Location :
Perth, WA
Print_ISBN :
978-1-4244-6695-5
DOI :
10.1109/AINA.2010.120
