CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Statistical Protocol IDentification with SPID: Preliminary Results

Erik Hjelmvik ; Wolfgang John (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) )
Swedish National Computer Networking Workshop (2009)
[Konferensbidrag, refereegranskat]

Identifying application layer protocols within network sessions is important when assigning Quality of Service (QoS) priorities as well as when conducting network security monitoring. This paper introduces a Statistical Protocol IDentification algorithm (SPID) utilizing various statistical flow and application layer data features. We have identified application layer protocols by comparing probability vectors created from observed network traffic to probability vectors of known protocols. Promising preliminary results are presented, showing average precision of 100% and recall of 92% for a small set of protocols within traffic traces from an access network. To further improve the results, a number of ongoing and future directions with SPID are discussed, such as optimization of the attribute meters and improving robustness against different network environments.

Nyckelord: Internet Measurement, Traffic Analysis, Traffic Classification

Denna post skapades 2009-04-23. Senast ändrad 2013-08-08.
CPL Pubid: 92877


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Nätverk och system (Chalmers)



Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:

Characterization and Classification of Internet Backbone Traffic