article

BLINC: multilevel traffic classification in the dark

Authors:

Thomas Karagiannis,

Konstantina Papagiannaki,

Michalis FaloutsosAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 35, Issue 4

Pages 229 - 240

https://doi.org/10.1145/1090191.1080119

Published: 22 August 2005 Publication History

Abstract

We present a fundamentally different approach to classifying traffic flows according to the applications that generate them. In contrast to previous methods, our approach is based on observing and identifying patterns of host behavior at the transport layer. We analyze these patterns at three levels of increasing detail (i) the social, (ii) the functional and (iii) the application level. This multilevel approach of looking at traffic flow is probably the most important contribution of this paper. Furthermore, our approach has two important features. First, it operates in the dark, having (a) no access to packet payload, (b) no knowledge of port numbers and (c) no additional information other than what current flow collectors provide. These restrictions respect privacy, technological and practical constraints. Second, it can be tuned to balance the accuracy of the classification versus the number of successfully classified traffic flows. We demonstrate the effectiveness of our approach on three real traces. Our results show that we are able to classify 80%-90% of the traffic with more than 95% accuracy.

References

[1]

B. Aiello, C. Kalmanek, P. McDaniel, S. Sen, O. Spatscheck, and J. Van der Merwe. Analysis of Communities Of Interest in Data Networks. In PAM, 2005.

Digital Library

[2]

Bro. http://bro-ids.org/.

[3]

D. Chakrabarti, S. Papadimitriou, D. Modha, and C. Faloutsos. Fully Automatic Cross-associations. In KDD, August 2004.

Digital Library

[4]

k. claffy, H.-W. Braun, and G. Polyzos. A Parametrizable methodology for Internet traffic flow profiling. In JSAC, 1995.

[5]

C. Dewes, A. Wichmann, and A. Feldmann. An analysis of Internet chat systems. In ACM/SIGCOMM IMC, 2003.

Digital Library

[6]

C. Estan, S. Savage, and G. Varghese. Automatically Inferring Patterns of Resource Consumption in Network Traffic. In SIGCOMM, 2003.

Digital Library

[7]

F. Hernandez-Campos, A. B. Nobel, F. D. Smith, and K. Jeffay. Statistical Clustering of Internet Communication Patterns. Computing Science and Statistics, 35, July 2003.

[8]

T. Karagiannis, A.Broido, M. Faloutsos, and kc claffy. Transport layer identification of P2P traffic. In ACM/SIGCOMM IMC, 2004.

Digital Library

[9]

T. Karagiannis, A.Broido, N.Brownlee, kc claffy, and M.Faloutsos. Is P2P dying or just hiding? In IEEE Globecom 2004, GI.

[10]

T. Karagiannis, D. Papagiannaki, and M. Faloutsos. BLINC: Multilevel Traffic Classification in the Dark. Technical report, 2005. http://www.cs.ucr.edu/~tkarag/papers/BLINC_TR.pdf.

[11]

K. Keys, D. Moore, R. Koga, E. Lagache, M. Tesch, and k. claffy. The architecture of the CoralReef: Internet Traffic monitoring software suite. In PAM, 2001.

[12]

A. McGregor, M. Hall, P. Lorier, and J. Brunskill. Flow Clustering Using Machine Learning Techniques. In PAM, 2004.

[13]

A. Moore, J. Hall, C. Kreibich, E. Harris, and I. Pratt. Architecture of a Network Monitor. In PAM, 2003.

[14]

A. Moore and K. Papagiannaki. Toward the Accurate Identification of Network Applications. In PAM, March 2005.

Digital Library

[15]

A. W. Moore and D. Zuev. Internet Traffic Classification Using Bayesian Analysis Techniques. In ACM SIGMETRICS, 2005.

Digital Library

[16]

Pastry. http://research.microsoft.com/~antr/Pastry/.

[17]

Razor. http://razor.sourceforge.net/.

[18]

M. Roughan, S. Sen, O. Spatscheck, and N. Duffield. Class-of-Service Mapping for QoS: A Statistical Signature-based Approach to IP Traffic Classification. In ACM/SIGCOMM IMC, November 2004.

Digital Library

[19]

S. Sen, O. Spatscheck, and D. Wang. Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures. In WWW, 2004.

Digital Library

[20]

S. Sen and J. Wang. Analyzing Peer-to-Peer Traffic Across Large Networks. In ACM/SIGCOMM IMW, 2002.

Digital Library

[21]

SNORT. http://www.snort.org/.

[22]

tcpdump. http://www.tcpdump.org/.

[23]

K. Xu, Z. Zhang, and S. Bhattacharya. Profiling Internet Backbone Traffic: Behavior Models and Applications. In SIGCOMM, 2005.

Digital Library

Cited By

Mei YLuktarhan NZhao GYang X(2024)An Encrypted Traffic Classification Approach Based on Path Signature Features and LSTMElectronics10.3390/electronics1315306013:15(3060)Online publication date: 2-Aug-2024
https://doi.org/10.3390/electronics13153060
Krämer PBaier BLanderer NDiederich PGriessel AHohlfeld OBlenk AMieth MKellerer W(2024)ProFi: Scalable and Efficient Website FingerprintingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.331850821:1(1271-1286)Online publication date: Mar-2024
https://doi.org/10.1109/TNSM.2023.3318508
Lyu MHabibi Gharakheili HSivaraman V(2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3419068
Show More Cited By

Index Terms

BLINC: multilevel traffic classification in the dark
1. Networks
  1. Network services

Recommendations

BLINC: multilevel traffic classification in the dark
SIGCOMM '05: Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications

We present a fundamentally different approach to classifying traffic flows according to the applications that generate them. In contrast to previous methods, our approach is based on observing and identifying patterns of host behavior at the transport ...
Optimizing statistical classifiers of network traffic
IWCMC '10: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference

Supervised statistical approaches for the classification of network traffic are quickly moving from research laboratories to advanced prototypes, which in turn will become actual products in the next few years. While the research on the classification ...
Byte me: a case for byte accuracy in traffic classification
MineNet '07: Proceedings of the 3rd annual ACM workshop on Mining network data

Numerous network traffic classification approaches have recently been proposed. In general, these approaches have focused on correctly identifying a high percentage of total flows. However, on the Internet a small number of "elephant" flows contribute a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 35, Issue 4

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications

October 2005

324 pages

ISSN:0146-4833

DOI:10.1145/1090191

Issue’s Table of Contents

SIGCOMM '05: Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
August 2005
350 pages
ISBN:1595930094
DOI:10.1145/1080091
General Chair:
Roch Guerin
University of Pennsylvania
,
Program Chairs:
Ramesh Govindan
University of Southern California
,
Greg Minshall
Unaffiliated

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 August 2005

Published in SIGCOMM-CCR Volume 35, Issue 4

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

884
Total Citations
View Citations
4,341
Total Downloads

Downloads (Last 12 months)192
Downloads (Last 6 weeks)25

Reflects downloads up to 27 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mei YLuktarhan NZhao GYang X(2024)An Encrypted Traffic Classification Approach Based on Path Signature Features and LSTMElectronics10.3390/electronics1315306013:15(3060)Online publication date: 2-Aug-2024
https://doi.org/10.3390/electronics13153060
Krämer PBaier BLanderer NDiederich PGriessel AHohlfeld OBlenk AMieth MKellerer W(2024)ProFi: Scalable and Efficient Website FingerprintingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.331850821:1(1271-1286)Online publication date: Mar-2024
https://doi.org/10.1109/TNSM.2023.3318508
Lyu MHabibi Gharakheili HSivaraman V(2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3419068
Bian KPriyadarshi R(2024)Machine Learning Optimization Techniques: A Survey, Classification, Challenges, and Future Research IssuesArchives of Computational Methods in Engineering10.1007/s11831-024-10110-wOnline publication date: 29-Mar-2024
https://doi.org/10.1007/s11831-024-10110-w
Yang TJiang RDeng HLi QLiu Z(2023)AE-DTI: An Efficient Darknet Traffic Identification Method Based on Autoencoder ImprovementApplied Sciences10.3390/app1316935313:16(9353)Online publication date: 17-Aug-2023
https://doi.org/10.3390/app13169353
Jang YKim NLee B(2023)Traffic classification using distributions of latent space in software-defined networks: An experimental evaluationEngineering Applications of Artificial Intelligence10.1016/j.engappai.2022.105736119(105736)Online publication date: Mar-2023
https://doi.org/10.1016/j.engappai.2022.105736
Jafari Siavoshani MKhajehpour ABideh AGatmiri ATaheri A(2023)Machine learning interpretability meets TLS fingerprintingSoft Computing10.1007/s00500-023-07949-927:11(7191-7208)Online publication date: 28-Mar-2023
https://doi.org/10.1007/s00500-023-07949-9
Ahmed DDas AZaffar F(2022)Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things DevicesProceedings on Privacy Enhancing Technologies10.2478/popets-2022-00572022:2(578-600)Online publication date: 3-Mar-2022
https://doi.org/10.2478/popets-2022-0057
Zheng JZeng ZFeng T(2022)GCN-ETASecurity and Communication Networks10.1155/2022/42741392022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4274139
Powell B(2022)Role-based lateral movement detection with unsupervised learningIntelligent Systems with Applications10.1016/j.iswa.2022.20010616(200106)Online publication date: Nov-2022
https://doi.org/10.1016/j.iswa.2022.200106
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents