Identification of Traffic Flows Hiding behind TCP Port 80

Author

Dainotti, Alberto ; Gargiulo, Francesco ; Kuncheva, Ludmila I. ; Pescapè, Antonio ; Sansone, Carlo

Author_Institution

Dept. of Comput. Sci. & Syst., Univ. of Napoli "Federico II", Naples, Italy

fYear

2010

fDate

23-27 May 2010

Firstpage

1

Lastpage

6

Abstract

Beyond Quality of Service and billing, one of the most important applications of traffic identification is in the field of network security. Despite their simplicity, current approaches based on port numbers are highly unreliable. This paper proposes an identification approach, based on a cascade of decision trees. The approach uses the sign pattern and payload size of the first four packets in each flow, thus remaining applicable to encrypted traffic too. The effectiveness of the proposed approach is evaluated on five real traffic traces collected in different time periods and over four different networks. The obtained overall accuracy gives us grounds to consider the adoption of this approach as stand-alone in on-line platforms for network traffic identification or in combination with classical firewall architectures.

Keywords

computer network security; decision trees; telecommunication traffic; TCP port 80; decision trees; encrypted traffic; firewall architecture; network security; network traffic identification; payload size; quality of service; sign pattern; traffic flows; Application software; Communications Society; Computer science; Cryptography; Inspection; Internet; Payloads; Protocols; Quality of service; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications (ICC), 2010 IEEE International Conference on

Conference_Location

Cape Town

ISSN

1550-3607

Print_ISBN

978-1-4244-6402-9

Type

conf

DOI

10.1109/ICC.2010.5502266

Filename

5502266