m (Scipediacontent moved page Draft Content 955208780 to Jaber Barakat 2009a) |
|||
| Line 3: | Line 3: | ||
One of the most important challenges for network administrators is the identification of applications behind the Internet traffic. This identification serves for many purposes as in network security, traffic engineering and monitoring. The classical methods based on standard port numbers or deep packet inspection are unfortunately becoming less and less efficient because of encryption and the utilization of non standard ports. In this paper we come up with an online iterative probabilistic method that identifies applications quickly and accurately by only using the size of packets. Our method associates a configurable confidence level to the port number carried in the transport header and is able to consider a variable number of packets at the beginning of a flow. By verification on real traces we observe that even in the case of no confidence in the port number, a very high accuracy can be obtained for well known applications after few packets were examined. | One of the most important challenges for network administrators is the identification of applications behind the Internet traffic. This identification serves for many purposes as in network security, traffic engineering and monitoring. The classical methods based on standard port numbers or deep packet inspection are unfortunately becoming less and less efficient because of encryption and the utilization of non standard ports. In this paper we come up with an online iterative probabilistic method that identifies applications quickly and accurately by only using the size of packets. Our method associates a configurable confidence level to the port number carried in the transport header and is able to consider a variable number of packets at the beginning of a flow. By verification on real traces we observe that even in the case of no confidence in the port number, a very high accuracy can be obtained for well known applications after few packets were examined. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| Line 15: | Line 10: | ||
* [https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf] | * [https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf] | ||
| + | |||
| + | * [http://link.springer.com/content/pdf/10.1007/978-3-642-01399-7_23 http://link.springer.com/content/pdf/10.1007/978-3-642-01399-7_23], | ||
| + | : [http://dx.doi.org/10.1007/978-3-642-01399-7_23 http://dx.doi.org/10.1007/978-3-642-01399-7_23] under the license http://www.springer.com/tdm | ||
| + | |||
| + | * [https://link.springer.com/chapter/10.1007/978-3-642-01399-7_23 https://link.springer.com/chapter/10.1007/978-3-642-01399-7_23], | ||
| + | : [http://www-sop.inria.fr/members/Chadi.Barakat/Networking2009.pdf http://www-sop.inria.fr/members/Chadi.Barakat/Networking2009.pdf], | ||
| + | : [https://www.scipedia.com/public/Jaber_Barakat_2009a https://www.scipedia.com/public/Jaber_Barakat_2009a], | ||
| + | : [https://dblp.uni-trier.de/db/conf/networking/networking2009.html#JaberB09 https://dblp.uni-trier.de/db/conf/networking/networking2009.html#JaberB09], | ||
| + | : [https://rd.springer.com/chapter/10.1007/978-3-642-01399-7_23 https://rd.springer.com/chapter/10.1007/978-3-642-01399-7_23], | ||
| + | : [https://academic.microsoft.com/#/detail/1576611803 https://academic.microsoft.com/#/detail/1576611803] | ||
Latest revision as of 15:11, 21 January 2021
Abstract
One of the most important challenges for network administrators is the identification of applications behind the Internet traffic. This identification serves for many purposes as in network security, traffic engineering and monitoring. The classical methods based on standard port numbers or deep packet inspection are unfortunately becoming less and less efficient because of encryption and the utilization of non standard ports. In this paper we come up with an online iterative probabilistic method that identifies applications quickly and accurately by only using the size of packets. Our method associates a configurable confidence level to the port number carried in the transport header and is able to consider a variable number of packets at the beginning of a flow. By verification on real traces we observe that even in the case of no confidence in the port number, a very high accuracy can be obtained for well known applications after few packets were examined.
Original document
The different versions of the original document can be found in:
- http://dx.doi.org/10.1007/978-3-642-01399-7_23 under the license http://www.springer.com/tdm
- http://www-sop.inria.fr/members/Chadi.Barakat/Networking2009.pdf,
- https://www.scipedia.com/public/Jaber_Barakat_2009a,
- https://dblp.uni-trier.de/db/conf/networking/networking2009.html#JaberB09,
- https://rd.springer.com/chapter/10.1007/978-3-642-01399-7_23,
- https://academic.microsoft.com/#/detail/1576611803
Document information
Published on 01/01/2009
Volume 2009, 2009
DOI: 10.1007/978-3-642-01399-7_23
Licence: CC BY-NC-SA license
Share this document
Keywords
claim authorship
Are you one of the authors of this document?