Deakin home > Deakin University Library > Deakin Research Online > An automatic application signature construction system for unknown traffic

An automatic application signature construction system for unknown traffic

Wang, Yu, Xiang, Yang and Yu, Shun-Zheng 2010, An automatic application signature construction system for unknown traffic, Concurrency computation practice and experience, vol. 22, no. 13, pp. 1927-1944.

Attached Files (Some files may be inaccessible until you login with your Deakin Research Online credentials)
Name Description MIMEType Size Downloads

Title An automatic application signature construction system for unknown traffic
Author(s) Wang, Yu
Xiang, Yang
Yu, Shun-Zheng
Journal name Concurrency computation practice and experience
Volume number 22
Issue number 13
Start page 1927
End page 1944
Publisher John Wiley & Sons Ltd
Place of publication West Sussex, England
Publication date 2010-09-10
ISSN 1532-0626
1532-0634
Keyword(s) traffic classification
machine learning
clustering
feature selection
Summary Identifying applications and classifying network traffic flows according to their source applications are critical for a broad range of network activities. Such a decision can be based on packet header fields, packet payload content, statistical characteristics of traffic and communication patterns of network hosts. However, most present techniques rely on some sort of apriori knowledge, which means they require labor-intensive preprocessing before running and cannot deal with previously unknown applications. In this paper, we propose a traffic classification system based on application signatures, with a novel approach to fully automate the process of deriving signatures from unidentified traffic. The key idea is to integrate statistics-based flow clustering with payload-based signature matching method, so as to eliminate the requirement of pre-labeled training data sets. We evaluate the efficiency of our approach using real-world traffic trace, and the results indicate that signature classifiers built from clustered data and pre-labeled data are able to achieve similar high accuracy better than 99%.
Language eng
Field of Research 080503 Networking and Communications
Socio Economic Objective 890101 Fixed Line Data Networks and Services
HERDC Research category C1 Refereed article in a scholarly journal
HERDC collection year 2010
Copyright notice ©2010, John Wiley & Sons, Ltd.
Persistent URL http://hdl.handle.net/10536/DRO/DU:30034367

Document type: Journal Article
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in Deakin Research Online is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 5 times in TR Web of Science
Scopus Citation Count Cited 9 times in Scopus
Access Statistics: 164 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Mon, 18 Apr 2011, 13:16:07 EST by Sandra Dunoon