ACAS: automated construction of application signatures

13 years 11 months ago
ACAS: automated construction of application signatures
An accurate mapping of traffic to applications is important for a broad range of network management and measurement tasks. Internet applications have traditionally been identified using well-known default server network-port numbers in the TCP or UDP headers. However this approach has become increasingly inaccurate. An alternate, more accurate technique is to use specific application-level features in the protocol exchange to guide the identification. Unfortunately deriving the signatures manually is very time consuming and difficult. In this paper, we explore automatically extracting application signatures from IP traffic payload content. In particular we apply three statistical machine learning algorithms to automatically identify signatures for a range of applications. The results indicate that this approach is highly accurate and scales to allow online application identification on high speed links. We also discovered that content signatures still work in the presence of en...
Patrick Haffner, Subhabrata Sen, Oliver Spatscheck
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Authors Patrick Haffner, Subhabrata Sen, Oliver Spatscheck, Dongmei Wang
Comments (0)