The identification of application flows is a critical task in order to manage bandwidth requirements of different kind of services (i.e. VOIP, Video, ERP). Moreover encryption of traffic (e.g. VPN) makes ineffective current traffic classification systems based on ports and payload inspection, i.e. Deep Packet Inspection. We have developed a real time traffic classification method based on cluster analysis to identify TCP application flows from statistical parameters, such as length, arrival times and direction of IP packets. By exploiting traffic traces taken at the Networking Lab of our Department and traces from CAIDA, we define data sets made up of thousands of flows of different application protocols. With the classic approach of training and test data sets we show that cluster analysis yields very good results in spite of the little information it is based on, to stick to the real time decision requirement. Moreover, our method works also for identifying applications encoded into SSH tunnels. In this paper we describe our approach and relevant obtained results. We achieved average detection rate up to 95.43% for TCP based application flows and accuracy up to 99.88 % for application flows carried within SSH tunnels, such as SCP, SFTP and HTTP over SSH.
On the fly application flows identification by exploiting K-Means based classifiers / Maiolini, G; Molina, G; Baiocchi, Andrea; Rizzi, Antonello. - In: JOURNAL OF INFORMATION ASSURANCE AND SECURITY. - ISSN 1554-1010. - 4:2(2009), pp. 142-150.
On the fly application flows identification by exploiting K-Means based classifiers
BAIOCCHI, Andrea;RIZZI, Antonello
2009
Abstract
The identification of application flows is a critical task in order to manage bandwidth requirements of different kind of services (i.e. VOIP, Video, ERP). Moreover encryption of traffic (e.g. VPN) makes ineffective current traffic classification systems based on ports and payload inspection, i.e. Deep Packet Inspection. We have developed a real time traffic classification method based on cluster analysis to identify TCP application flows from statistical parameters, such as length, arrival times and direction of IP packets. By exploiting traffic traces taken at the Networking Lab of our Department and traces from CAIDA, we define data sets made up of thousands of flows of different application protocols. With the classic approach of training and test data sets we show that cluster analysis yields very good results in spite of the little information it is based on, to stick to the real time decision requirement. Moreover, our method works also for identifying applications encoded into SSH tunnels. In this paper we describe our approach and relevant obtained results. We achieved average detection rate up to 95.43% for TCP based application flows and accuracy up to 99.88 % for application flows carried within SSH tunnels, such as SCP, SFTP and HTTP over SSH.| File | Dimensione | Formato | |
|---|---|---|---|
|
Maiolini_On-the-fly-application_2009.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
411.25 kB
Formato
Adobe PDF
|
411.25 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
