Article

Toward the accurate identification of network applications

Authors:

Andrew W. Moore,

Konstantina PapagiannakiAuthors Info & Claims

PAM'05: Proceedings of the 6th international conference on Passive and Active Network Measurement

Pages 41 - 54

https://doi.org/10.1007/978-3-540-31966-5_4

Published: 31 March 2005 Publication History

Publisher Site

Abstract

Well-known port numbers can no longer be used to reliably identify network applications. There is a variety of new Internet applications that either do not use well-known port numbers or use other protocols, such as HTTP, as wrappers in order to go through firewalls without being blocked. One consequence of this is that a simple inspection of the port numbers used by flows may lead to the inaccurate classification of network traffic. In this work, we look at these inaccuracies in detail. Using a full payload packet trace collected from an Internet site we attempt to identify the types of errors that may result from port-based classification and quantify them for the specific trace under study. To address this question we devise a classification methodology that relies on the full packet payload. We describe the building blocks of this methodology and elaborate on the complications that arise in that context. A classification technique approaching 100% accuracy proves to be a labor-intensive process that needs to test flow-characteristics against multiple classification criteria in order to gain sufficient confidence in the nature of the causal application. Nevertheless, the benefits gained from a content-based classification approach are evident. We are capable of accurately classifying what would be otherwise classified as unknown as well as identifying traffic flows that could otherwise be classified incorrectly. Our work opens up multiple research issues that we intend to address in future work.

References

[1]

Moore, D., Keys, K., Koga, R., Lagache, E., kc Claffy: CoralReef software suite as a tool for system and network administrators. In: Proceedings of the LISA 2001 15th Systems Administration Conference. (2001).

Crossref

Google Scholar

[2]

Connie Logg and Les Cottrell: Characterization of the Traffic between SLAC and the Internet (2003) http://www.slac.stanford.edu/comp/net/slac-netflow/html/SLACnetflow.html.

Google Scholar

[3]

Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., Rockell, R., Seely, T., Diot, C.: Packet-level traffic measurements from the sprint IP backbone. IEEE Network (2003) 6-16.

Crossref

Google Scholar

[4]

Choi, T., Kim, C., Yoon, S., Park, J., Lee, B., Kim, H., Chung, H., Jeong, T.: Content-aware Internet Application Traffic Measurement and Analysis. In: IEEE/IFIP Network Operations & Management Symposium (NOMS) 2004. (2004).

Google Scholar

[5]

Moore, A., Hall, J., Kreibich, C., Harris, E., Pratt, I.: Architecture of a Network Monitor. In: Passive & Active Measurement Workshop 2003 (PAM2003). (2003).

Google Scholar

[6]

Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: USENIX 13th Systems Administration Conference -- LISA '99, Seattle, WA (1999).

Crossref

Google Scholar

[7]

Orebaugh, A., Morris, G., Warnicke, E., Ramirez, G.: Ethereal Packet Sniffing. Syngress Publishing, Rockland, MA (2004).

Crossref

Google Scholar

[8]

Moore, A.: Discrete content-based classification -- a data set. Technical Report, Intel Research, Cambridge (2005).

Google Scholar

Cited By

View all

Swarnkar MSharma N(2024)OptiClass: An Optimized Classifier for Application Layer Protocols Using Bit Level SignaturesACM Transactions on Privacy and Security10.1145/363377727:1(1-23)Online publication date: 10-Jan-2024
https://dl.acm.org/doi/10.1145/3633777
Finamore AWang CKrolikowski JNavarro JChen FRossi DMontpetit MLeivadeas AUhlig SJaved M(2023)Replication: Contrastive Learning and Data Augmentation in Traffic Classification Using a Flowpic Input RepresentationProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624820(36-51)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624820
Li SXie YDing XYang X(2023)ChainDetector: Identifying Anonymous Blockchain TrafficProceedings of the 2023 International Conference on Frontiers of Artificial Intelligence and Machine Learning10.1145/3616901.3616932(136-139)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3616901.3616932
Show More Cited By

Toward the accurate identification of network applications
1. Networks
  1. Network services

Recommendations

Toward Bayesian Classifiers with Accurate Probabilities
PAKDD '02: Proceedings of the 6th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining

In most data mining applications, accurate ranking and probability estimation are essential. However, many traditional classifiers aim at a high classification accuracy (or low error rate) only, even though they also produce probability estimates. Does ...
Identification of SSH Applications Based on Convolutional Neural Network
ICIEB '18: Proceedings of the 2018 1st International Conference on Internet and e-Business

SSH is an encrypted communication protocol. SSH tunnel may encapsulate some other unknown applications, which has a certain potential impact on network security, so it is necessary to identify these applications accurately. This paper uses Convolutional ...
Accurate and real time method for network packet classification
AIC'06: Proceedings of the 6th WSEAS International Conference on Applied Informatics and Communications

Evolution of Internet has been accompanied by the development of a range of network applications which introduce many interesting, challenging and tricky problem to the network traffic monitoring. The increasing numbers of applications cause network ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

PAM'05: Proceedings of the 6th international conference on Passive and Active Network Measurement

March 2005

373 pages

ISBN:3540255206

Editor:
Constantinos Dovrolis
College of Computing, Georgia Institute of Technology, Atlanta, Georgia

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 31 March 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

119
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Swarnkar MSharma N(2024)OptiClass: An Optimized Classifier for Application Layer Protocols Using Bit Level SignaturesACM Transactions on Privacy and Security10.1145/363377727:1(1-23)Online publication date: 10-Jan-2024
https://dl.acm.org/doi/10.1145/3633777
Finamore AWang CKrolikowski JNavarro JChen FRossi DMontpetit MLeivadeas AUhlig SJaved M(2023)Replication: Contrastive Learning and Data Augmentation in Traffic Classification Using a Flowpic Input RepresentationProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624820(36-51)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624820
Li SXie YDing XYang X(2023)ChainDetector: Identifying Anonymous Blockchain TrafficProceedings of the 2023 International Conference on Frontiers of Artificial Intelligence and Machine Learning10.1145/3616901.3616932(136-139)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3616901.3616932
Xiao YVarvello MWarrior MKuzmanovic A(2023)Decoding the Kodi EcosystemACM Transactions on the Web10.1145/356370017:1(1-36)Online publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1145/3563700
Dai JXu XGao HWang XXiao F(2023)SHAPE: A Simultaneous Header and Payload Encoding Model for Encrypted Traffic ClassificationIEEE Transactions on Network and Service Management10.1109/TNSM.2022.321375820:2(1993-2012)Online publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1109/TNSM.2022.3213758
Yu SXie XLi ZZhen WCai T(2023)A Network Traffic Anomaly Detection Method Based on Shapelet and KNNArtificial Intelligence Security and Privacy10.1007/978-981-99-9785-5_5(53-64)Online publication date: 3-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-9785-5_5
Chiu KLiu CChou L(2022)Reinforcement Learning-Based Service-Oriented Dynamic Multipath Routing in SDNWireless Communications & Mobile Computing10.1155/2022/13309932022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1330993
Wang CFinamore AYang LFauvel KRossi D(2022)AppClassNetACM SIGCOMM Computer Communication Review10.1145/3561954.356195852:3(19-27)Online publication date: 6-Sep-2022
https://dl.acm.org/doi/10.1145/3561954.3561958
Chen JBreen JPhillips JVan der Merwe J(2022)Practical and configurable network traffic classification using probabilistic machine learningCluster Computing10.1007/s10586-021-03393-225:4(2839-2853)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1007/s10586-021-03393-2
Zhang XGuo QLiu YGong X(2021)Auto-Recon: An Automated Network Reconnaissance System Based on Knowledge GraphAlgorithms and Architectures for Parallel Processing10.1007/978-3-030-95391-1_7(101-115)Online publication date: 3-Dec-2021
https://dl.acm.org/doi/10.1007/978-3-030-95391-1_7
Show More Cited By

Abstract

References

Cited By

Recommendations

Toward Bayesian Classifiers with Accurate Probabilities

Identification of SSH Applications Based on Convolutional Neural Network

Accurate and real time method for network packet classification

Comments

Information

Published In

Sponsors

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations