Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : bib : networking : entries : haffner05acas.xml
Bibliography Details
P. Haffner, S. Sen, O. Spatscheck, and D. Wang, "Acas: Automated Construction of Application Signatures", in ACM SIGCOMM 2005, Aug 2005.
Acas: Automated Construction of Application Signatures
Authors: P. Haffner
S. Sen
O. Spatscheck
D. Wang
Published: ACM SIGCOMM, 2005
URL:http://conferences.sigcomm.org/sigcomm/2005/paper-HafSen.pdf
Entry Dates: 2009-02-11
Abstract: An accurate mapping of traffic to applications is important for a broad range of network management and measurement tasks. Internet applications have traditionally been identified using well-known default server network-port numbers in the TCP or UDP headers. However this approach has become increasingly inaccurate. An alternate, more accurate technique is to use specific application-level features in the protocol exchange to guide the identification. Unfortunately deriving the signatures manually is very time consuming and difficult. In this paper, we explore automatically extracting application signatures from IP traffic payload content. In particular we apply three statistical machine learning algorithms to automatically identify signatures for a range of applications. The results indicate that this approach is highly accurate and scales to allow online application identification on high speed links. We also discovered that content signatures still work in the presence of encryption. In these cases we were able to derive content signature for unencrypted handshakes negotiating the encryption parameters of a particular connection.
Results:
  • datasets: 100Gbyte of packet traces on a high speed access network serving more than 500 residential customers; the training data was collected in August 2004, the test data was collected in August 2004 and March 2005;
  • use machine learning algorithms: Naive Bayes, AdaBoost, Maximum Entropy;
  • explore the feasiblity of automatically identifying application signautes; the resluting signatures remain highly accurate t otraffic variations on the time of serveral months;
  Last Modified: Thu Oct-19-2017 14:15:33 PDT
  Page URL: http://www.caida.org/publications/bib/networking/entries/haffner05acas.xml