The increasing demand of network security, access control, and service differentiation over IP networks drives Internet Service Providers and network administrators to deploy ever more sophisticated and faster traffic recognition mechanisms. Unfortunately this is complicated by the continuous development of new application protocols, increasing network bandwidth, and spreading of complicated tunneling and encryption techniques. In this paper we describe a statistical technique for blind recognition and classification of application sessions amongst aggregated traffic. Packets are assigned to known applications/protocols on the basis of a restricted set of information extracted from each packet: packet addresses, sizes, and timestamps. We analyzed three modes with different degrees of correlation among packets belonging to the same session. Albeit its simplicity, the studied technique has demonstrated very good performances, also when used for real-time classification.

A statistical blind technique for recognition of internet traffic with dependence enforcement / Pecori, Riccardo; Veltri, Luca. - (2014), pp. 328-333. (Intervento presentato al convegno 10th International Wireless Communications and Mobile Computing Conference, IWCMC 2014 tenutosi a cyp nel 2014) [10.1109/IWCMC.2014.6906378].

A statistical blind technique for recognition of internet traffic with dependence enforcement

PECORI, Riccardo;VELTRI, Luca
2014-01-01

Abstract

The increasing demand of network security, access control, and service differentiation over IP networks drives Internet Service Providers and network administrators to deploy ever more sophisticated and faster traffic recognition mechanisms. Unfortunately this is complicated by the continuous development of new application protocols, increasing network bandwidth, and spreading of complicated tunneling and encryption techniques. In this paper we describe a statistical technique for blind recognition and classification of application sessions amongst aggregated traffic. Packets are assigned to known applications/protocols on the basis of a restricted set of information extracted from each packet: packet addresses, sizes, and timestamps. We analyzed three modes with different degrees of correlation among packets belonging to the same session. Albeit its simplicity, the studied technique has demonstrated very good performances, also when used for real-time classification.
2014
9781479909599
9781479909599
A statistical blind technique for recognition of internet traffic with dependence enforcement / Pecori, Riccardo; Veltri, Luca. - (2014), pp. 328-333. (Intervento presentato al convegno 10th International Wireless Communications and Mobile Computing Conference, IWCMC 2014 tenutosi a cyp nel 2014) [10.1109/IWCMC.2014.6906378].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11381/2800909
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 1
social impact