Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : bib : networking : entries : crotti07traffic.xml
Bibliography Details
M. Crotti, M. Dusi, F. Gringoli, and L. Salgarelli, "Traffic Classification through Simple Statistical Fingerprinting", in ACM SIGCOMM 2007, Aug 2007.
Traffic Classification through Simple Statistical Fingerprinting
Authors: M. Crotti
M. Dusi
F. Gringoli
L. Salgarelli
Published: ACM SIGCOMM, 2007
URL:http://ccr.sigcomm.org/online/files/p7-v37n1b-crotti.pdf
Entry Dates: 2009-02-06
Abstract: The classification of IP flows according to the application that generated them is at the basis of any modern network management platform. However, classical techniques such as the ones based on the analysis of transport layer or application layer information are rapidly becoming ineffective. In this paper we present a flow classification mechanism based on three simple properties of the captured IP packets: their size, inter-arrival time and arrival order. Even though these quantities have already been used in the past to define classification techniques, our contribution is based on new structures called protocol fingerprints, which express such quantities in a compact and efficient way, and on a simple classification algorithm based on normalized thresholds. Although at a very early stage of development, the proposed technique is showing promising preliminary results from the classification of a reduced set of protocols.
Results:
  • datasets: collected at the edge gateway of faculty's campus network;
  • flow classfication mechanism based on three properties of the captured IP packets: their size, inter-arrival time and arrival order;
  • define the notion of protocol fingerprints; introduce a relatively simple classification algorithm, based on the use of protocol fingerprints;show how it is effective at classifying a set of protocols;focus on the classification of IP flows produced by network applications exchanging data through TCP connections such as HTTP, SMTP, SSH, etc;
  Last Modified: Tue Oct-8-2019 11:20:57 PDT
  Page URL: http://www.caida.org/publications/bib/networking/entries/crotti07traffic.xml