Flow signatures of popular applications

Author

Perelman, Vladislav ; Melnikov, Nikolay ; Schönwälder, Jürgen

Author_Institution

Jacobs Univ. Bremen, Bremen, Germany

fYear

2011

fDate

23-27 May 2011

Firstpage

9

Lastpage

16

Abstract

Network flow data is widely used to analyze the protocol mix forwarded by a router or to identify anomalies that may be caused by hardware and software failures, configuration errors, or intrusion attempts. The goal of our research is to find application signatures in network flow traces that can be used to pinpoint certain applications, such as specific web browsers, mail clients, or media-players. Our starting point is the hypothesis that popular applications generate application specific flow signatures. In order to verify our hypothesis, we recorded traffic traces of several applications and we subsequently analyzed the traces to identify flow signatures of these applications. The flow signatures were formalized as queries of a stream-based flow query language. The queries have been executed on several flow traces in order to evaluate our approach.

Keywords

digital signatures; online front-ends; protocols; query languages; security of data; system recovery; telecommunication network routing; telecommunication security; Web browser; configuration error; flow signature; hardware failure; intrusion attempt; mail client; media-player; network flow data; network flow traces; protocol mix; router; software failure; stream-based flow query language; Fires; IP networks; Prefetching;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management (IM), 2011 IFIP/IEEE International Symposium on

Conference_Location

Dublin

Print_ISBN

978-1-4244-9219-0

Electronic_ISBN

978-1-4244-9220-6

Type

conf

DOI

10.1109/INM.2011.5990668

Filename

5990668