URL: http://www.thlab.net/~asoule/papiers/ccredito.pdf Entry Dates: 2009-02-09 Abstract: The early detection of applications associated with TCP flows is an essential step for network security and traffic engineering. The classic way to identify flows, i.e. looking at port numbers, is not effective anymore. On the other hand, state-of-the-art techniques cannot determine the application before the end of the TCP flow. In this editorial, we propose a technique that relies on the observation of the first five packets of a TCP connection to identify the application. This result opens a range of new possibilities for online traffic classification. Results:

• datasets: collected at the edge of a university network; includes packet payloads;
• k-means
• relies on the observation of the first five packets of a TCP connection to identify the application;
• correctly identify more than 80% of flows of almost all of the applications