m (Scipediacontent moved page Draft Content 955208780 to Jaber Barakat 2009a)
 
Line 3: Line 3:
  
 
One of the most important challenges for network administrators is the identification of applications behind the Internet traffic. This identification serves for many purposes as in network security, traffic engineering and monitoring. The classical methods based on standard port numbers or deep packet inspection are unfortunately becoming less and less efficient because of encryption and the utilization of non standard ports. In this paper we come up with an online iterative probabilistic method that identifies applications quickly and accurately by only using the size of packets. Our method associates a configurable confidence level to the port number carried in the transport header and is able to consider a variable number of packets at the beginning of a flow. By verification on real traces we observe that even in the case of no confidence in the port number, a very high accuracy can be obtained for well known applications after few packets were examined.
 
One of the most important challenges for network administrators is the identification of applications behind the Internet traffic. This identification serves for many purposes as in network security, traffic engineering and monitoring. The classical methods based on standard port numbers or deep packet inspection are unfortunately becoming less and less efficient because of encryption and the utilization of non standard ports. In this paper we come up with an online iterative probabilistic method that identifies applications quickly and accurately by only using the size of packets. Our method associates a configurable confidence level to the port number carried in the transport header and is able to consider a variable number of packets at the beginning of a flow. By verification on real traces we observe that even in the case of no confidence in the port number, a very high accuracy can be obtained for well known applications after few packets were examined.
 
Document type: Part of book or chapter of book
 
 
== Full document ==
 
<pdf>Media:Draft_Content_955208780-beopen989-1813-document.pdf</pdf>
 
  
  
Line 15: Line 10:
  
 
* [https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf]
 
* [https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf https://link.springer.com/content/pdf/10.1007%2F978-3-642-01399-7_23.pdf]
 +
 +
* [http://link.springer.com/content/pdf/10.1007/978-3-642-01399-7_23 http://link.springer.com/content/pdf/10.1007/978-3-642-01399-7_23],
 +
: [http://dx.doi.org/10.1007/978-3-642-01399-7_23 http://dx.doi.org/10.1007/978-3-642-01399-7_23] under the license http://www.springer.com/tdm
 +
 +
* [https://link.springer.com/chapter/10.1007/978-3-642-01399-7_23 https://link.springer.com/chapter/10.1007/978-3-642-01399-7_23],
 +
: [http://www-sop.inria.fr/members/Chadi.Barakat/Networking2009.pdf http://www-sop.inria.fr/members/Chadi.Barakat/Networking2009.pdf],
 +
: [https://www.scipedia.com/public/Jaber_Barakat_2009a https://www.scipedia.com/public/Jaber_Barakat_2009a],
 +
: [https://dblp.uni-trier.de/db/conf/networking/networking2009.html#JaberB09 https://dblp.uni-trier.de/db/conf/networking/networking2009.html#JaberB09],
 +
: [https://rd.springer.com/chapter/10.1007/978-3-642-01399-7_23 https://rd.springer.com/chapter/10.1007/978-3-642-01399-7_23],
 +
: [https://academic.microsoft.com/#/detail/1576611803 https://academic.microsoft.com/#/detail/1576611803]

Latest revision as of 15:11, 21 January 2021

Abstract

One of the most important challenges for network administrators is the identification of applications behind the Internet traffic. This identification serves for many purposes as in network security, traffic engineering and monitoring. The classical methods based on standard port numbers or deep packet inspection are unfortunately becoming less and less efficient because of encryption and the utilization of non standard ports. In this paper we come up with an online iterative probabilistic method that identifies applications quickly and accurately by only using the size of packets. Our method associates a configurable confidence level to the port number carried in the transport header and is able to consider a variable number of packets at the beginning of a flow. By verification on real traces we observe that even in the case of no confidence in the port number, a very high accuracy can be obtained for well known applications after few packets were examined.


Original document

The different versions of the original document can be found in:

http://dx.doi.org/10.1007/978-3-642-01399-7_23 under the license http://www.springer.com/tdm
http://www-sop.inria.fr/members/Chadi.Barakat/Networking2009.pdf,
https://www.scipedia.com/public/Jaber_Barakat_2009a,
https://dblp.uni-trier.de/db/conf/networking/networking2009.html#JaberB09,
https://rd.springer.com/chapter/10.1007/978-3-642-01399-7_23,
https://academic.microsoft.com/#/detail/1576611803
Back to Top

Document information

Published on 01/01/2009

Volume 2009, 2009
DOI: 10.1007/978-3-642-01399-7_23
Licence: CC BY-NC-SA license

Document Score

0

Views 0
Recommendations 0

Share this document

claim authorship

Are you one of the authors of this document?