Premium
Network application profiling with traffic causality graphs
Author(s) -
Asai Hirochika,
Fukuda Kensuke,
Abry Patrice,
Borgnat Pierre,
Esaki Hiroshi
Publication year - 2014
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.1865
Subject(s) - computer science , discriminative model , data mining , feature vector , identification (biology) , network packet , profiling (computer programming) , graph , artificial intelligence , machine learning , pattern recognition (psychology) , theoretical computer science , biology , operating system , computer network , botany
SUMMARY A network application profiling framework is proposed that is based on traffic causality graphs (TCGs), representing temporal and spatial causality of flows to identify application programs. The proposed framework consists of three modules: the feature vector space construction using discriminative patterns extracted from TCGs by a graph‐mining algorithm; a feature vector supervised learning procedure in the constructed vector space; and an application identification program using a similarity measure in the feature vector space. Accuracy of the proposed framework for application identification is evaluated, making use of ground truth packet traces from seven peer‐to‐peer (P2P) application programs. It is demonstrated that this framework achieves an overall 90.0 % accuracy in application identification. Contributions are twofold: (1) using a graph‐mining algorithm, the proposed framework enables automatic extraction of discriminative patterns serving as identification features; 2) high accuracy in application identification is achieved, notably for P2P applications that are more difficult to identify because of their using random ports and potential communication encryption. Copyright © 2014 John Wiley & Sons, Ltd.