Title :
Identification of Traffic Flows Hiding behind TCP Port 80
Author :
Dainotti, Alberto ; Gargiulo, Francesco ; Kuncheva, Ludmila I. ; Pescapè, Antonio ; Sansone, Carlo
Author_Institution :
Dept. of Comput. Sci. & Syst., Univ. of Napoli "Federico II", Naples, Italy
Abstract :
Beyond Quality of Service and billing, one of the most important applications of traffic identification is in the field of network security. Despite their simplicity, current approaches based on port numbers are highly unreliable. This paper proposes an identification approach, based on a cascade of decision trees. The approach uses the sign pattern and payload size of the first four packets in each flow, thus remaining applicable to encrypted traffic too. The effectiveness of the proposed approach is evaluated on five real traffic traces collected in different time periods and over four different networks. The obtained overall accuracy gives us grounds to consider the adoption of this approach as stand-alone in on-line platforms for network traffic identification or in combination with classical firewall architectures.
Keywords :
computer network security; decision trees; telecommunication traffic; TCP port 80; decision trees; encrypted traffic; firewall architecture; network security; network traffic identification; payload size; quality of service; sign pattern; traffic flows; Application software; Communications Society; Computer science; Cryptography; Inspection; Internet; Payloads; Protocols; Quality of service; Telecommunication traffic;
Conference_Titel :
Communications (ICC), 2010 IEEE International Conference on
Conference_Location :
Cape Town
Print_ISBN :
978-1-4244-6402-9
DOI :
10.1109/ICC.2010.5502266
