Full metadata record
DC FieldValueLanguage
dc.contributor.authorLin, Ying-Daren_US
dc.contributor.authorLu, Chun-Nanen_US
dc.contributor.authorLai, Yuan-Chengen_US
dc.contributor.authorPeng, Wei-Haoen_US
dc.contributor.authorLin, Po-Chingen_US
dc.date.accessioned2014-12-08T15:08:48Z-
dc.date.available2014-12-08T15:08:48Z-
dc.date.issued2009-09-01en_US
dc.identifier.issn1084-8045en_US
dc.identifier.urihttp://dx.doi.org/10.1016/j.jnca.2009.03.001en_US
dc.identifier.urihttp://hdl.handle.net/11536/6726-
dc.description.abstractTraffic classification is an essential part in common network management applications such as intrusion detection and network monitoring. Identifying traffic by looking at port numbers is only suitable to well-known applications, while signature-based classification is not applicable to encrypted messages. Our preliminary observation shows that each application has distinct packet size distribution (PSD) of the connections. Therefore, it is feasible to classify traffic by analyzing the variances of packet sizes of the connections without analyzing packet payload. Ill this work, each connection is first transformed into a point in a multi-dimensional space according to its PSD. Then it is compared with the representative points of pre-defined applications and recognized as the application having a minimum distance. Once a connection is identified as a specific application, Port association is used to accelerate the classification by combining it with the other connections of the same session because applications usually use consecutive ports during a session. Using the proposed techniques, packet size distribution and port association, a high accuracy rate, 96% oil average, and low false positive and false negative rates, 4-5%, are achieved. Our proposed method not only works well for encrypted traffic but also can be easily incorporated with a signature-based method to provide better accuracy. (C) 2009 Elsevier Ltd. All rights reserved.en_US
dc.language.isoen_USen_US
dc.subjectTraffic classificationen_US
dc.subjectTransport layer behaviorsen_US
dc.subjectPacket size distributionen_US
dc.subjectPorts associationen_US
dc.titleApplication classification using packet size distribution and port associationen_US
dc.typeReviewen_US
dc.identifier.doi10.1016/j.jnca.2009.03.001en_US
dc.identifier.journalJOURNAL OF NETWORK AND COMPUTER APPLICATIONSen_US
dc.citation.volume32en_US
dc.citation.issue5en_US
dc.citation.spage1023en_US
dc.citation.epage1030en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.identifier.wosnumberWOS:000268516100008-
dc.citation.woscount11-
Appears in Collections:Articles


Files in This Item:

  1. 000268516100008.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.