Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lin, Ying-Dar | en_US |
dc.contributor.author | Lu, Chun-Nan | en_US |
dc.contributor.author | Lai, Yuan-Cheng | en_US |
dc.contributor.author | Peng, Wei-Hao | en_US |
dc.contributor.author | Lin, Po-Ching | en_US |
dc.date.accessioned | 2014-12-08T15:08:48Z | - |
dc.date.available | 2014-12-08T15:08:48Z | - |
dc.date.issued | 2009-09-01 | en_US |
dc.identifier.issn | 1084-8045 | en_US |
dc.identifier.uri | http://dx.doi.org/10.1016/j.jnca.2009.03.001 | en_US |
dc.identifier.uri | http://hdl.handle.net/11536/6726 | - |
dc.description.abstract | Traffic classification is an essential part in common network management applications such as intrusion detection and network monitoring. Identifying traffic by looking at port numbers is only suitable to well-known applications, while signature-based classification is not applicable to encrypted messages. Our preliminary observation shows that each application has distinct packet size distribution (PSD) of the connections. Therefore, it is feasible to classify traffic by analyzing the variances of packet sizes of the connections without analyzing packet payload. Ill this work, each connection is first transformed into a point in a multi-dimensional space according to its PSD. Then it is compared with the representative points of pre-defined applications and recognized as the application having a minimum distance. Once a connection is identified as a specific application, Port association is used to accelerate the classification by combining it with the other connections of the same session because applications usually use consecutive ports during a session. Using the proposed techniques, packet size distribution and port association, a high accuracy rate, 96% oil average, and low false positive and false negative rates, 4-5%, are achieved. Our proposed method not only works well for encrypted traffic but also can be easily incorporated with a signature-based method to provide better accuracy. (C) 2009 Elsevier Ltd. All rights reserved. | en_US |
dc.language.iso | en_US | en_US |
dc.subject | Traffic classification | en_US |
dc.subject | Transport layer behaviors | en_US |
dc.subject | Packet size distribution | en_US |
dc.subject | Ports association | en_US |
dc.title | Application classification using packet size distribution and port association | en_US |
dc.type | Review | en_US |
dc.identifier.doi | 10.1016/j.jnca.2009.03.001 | en_US |
dc.identifier.journal | JOURNAL OF NETWORK AND COMPUTER APPLICATIONS | en_US |
dc.citation.volume | 32 | en_US |
dc.citation.issue | 5 | en_US |
dc.citation.spage | 1023 | en_US |
dc.citation.epage | 1030 | en_US |
dc.contributor.department | 資訊工程學系 | zh_TW |
dc.contributor.department | Department of Computer Science | en_US |
dc.identifier.wosnumber | WOS:000268516100008 | - |
dc.citation.woscount | 11 | - |
Appears in Collections: | Articles |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.