Premium
An automatic application signature construction system for unknown traffic
Author(s) -
Wang Yu,
Xiang Yang,
Yu ShunZheng
Publication year - 2010
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.1603
Subject(s) - computer science , header , payload (computing) , traffic classification , data mining , network packet , cluster analysis , signature (topology) , preprocessor , trace (psycholinguistics) , traffic generation model , deep packet inspection , process (computing) , data pre processing , key (lock) , a priori and a posteriori , traffic analysis , real time computing , artificial intelligence , computer network , linguistics , philosophy , geometry , mathematics , computer security , epistemology , operating system
Identifying applications and classifying network traffic flows according to their source applications are critical for a broad range of network activities. Such a decision can be based on packet header fields, packet payload content, statistical characteristics of traffic and communication patterns of network hosts. However, most present techniques rely on some sort of a priori knowledge, which means they require labor‐intensive preprocessing before running and cannot deal with previously unknown applications. In this paper, we propose a traffic classification system based on application signatures, with a novel approach to fully automate the process of deriving signatures from unidentified traffic. The key idea is to integrate statistics‐based flow clustering with payload‐based signature matching method, so as to eliminate the requirement of pre‐labeled training data sets. We evaluate the efficiency of our approach using real‐world traffic trace, and the results indicate that signature classifiers built from clustered data and pre‐labeled data are able to achieve similar high accuracy better than 99%. Copyright © 2010 John Wiley & Sons, Ltd.