Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association
碩士 === 國立交通大學 === 網路工程研究所 === 95 === Signature based classification methodology has been used for a long time, but it can't be applied to encrypted protocol message. Some researches try to find out useful characteristics of separate applications from their transport layer behaviorsthat can be d...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2007
|
Online Access: | http://ndltd.ncl.edu.tw/handle/96702524118063479907 |
id |
ndltd-TW-095NCTU5726019 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-095NCTU57260192015-10-13T13:59:36Z http://ndltd.ncl.edu.tw/handle/96702524118063479907 Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association 真實網路流量分類演算法:利用封包大小分佈與連接埠關聯性之流量辨識 Wei-Hao Peng 彭偉豪 碩士 國立交通大學 網路工程研究所 95 Signature based classification methodology has been used for a long time, but it can't be applied to encrypted protocol message. Some researches try to find out useful characteristics of separate applications from their transport layer behaviorsthat can be divided into two kinds: social network behaviors and statistical behaviors. Most of them are time-consuming due to a huge amount of information needed. In our work, we use Packet Size Distribution and Ports Association to achieve our goal. Every succeeded connection would be transformed into one vector in the multi-dimensional coordinate spaces and classified into some specified application or other unknown ones. Besides, the Euclidean distances of every connection between all individual centers, the representatives of the applications, will also be computed. Once a connection is identified and classified into some certain session, we can use ports association algorithm to associate and accelerate other connections in the same session. Using the proposed method, we can reach high classification accuracy rate, 96% on average, and low false positive and false negative rate, 4%~5%, after the preparation process of 100~200 packets. Lastly, we present an basic on-line architecture to show the correctness and simplicity. Yin-Dar Lin 林盈達 2007 學位論文 ; thesis 26 en_US |
collection |
NDLTD |
language |
en_US |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立交通大學 === 網路工程研究所 === 95 === Signature based classification methodology has been used for a long time, but it can't be applied to encrypted protocol message. Some researches try to find out useful characteristics of separate applications from their transport layer behaviorsthat can be divided into two kinds: social network behaviors and statistical behaviors. Most of them are time-consuming due to a huge amount of information needed. In our work, we use Packet Size Distribution and Ports Association to achieve our goal. Every succeeded connection would be transformed into one vector in the multi-dimensional coordinate spaces and classified into some specified application or other unknown ones. Besides, the Euclidean distances of every connection between all individual centers, the representatives of the applications, will also be computed. Once a connection is identified and classified into some certain session, we can use ports association algorithm to associate and accelerate other connections in the same session. Using the proposed method, we can reach high classification accuracy rate, 96% on average, and low false positive and false negative rate, 4%~5%, after the preparation process of 100~200 packets. Lastly, we present an basic on-line architecture to show the correctness and simplicity.
|
author2 |
Yin-Dar Lin |
author_facet |
Yin-Dar Lin Wei-Hao Peng 彭偉豪 |
author |
Wei-Hao Peng 彭偉豪 |
spellingShingle |
Wei-Hao Peng 彭偉豪 Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association |
author_sort |
Wei-Hao Peng |
title |
Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association |
title_short |
Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association |
title_full |
Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association |
title_fullStr |
Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association |
title_full_unstemmed |
Application Classification in Real Traffic:Using Packet Size Distribution and Ports Association |
title_sort |
application classification in real traffic:using packet size distribution and ports association |
publishDate |
2007 |
url |
http://ndltd.ncl.edu.tw/handle/96702524118063479907 |
work_keys_str_mv |
AT weihaopeng applicationclassificationinrealtrafficusingpacketsizedistributionandportsassociation AT péngwěiháo applicationclassificationinrealtrafficusingpacketsizedistributionandportsassociation AT weihaopeng zhēnshíwǎnglùliúliàngfēnlèiyǎnsuànfǎlìyòngfēngbāodàxiǎofēnbùyǔliánjiēbùguānliánxìngzhīliúliàngbiànshí AT péngwěiháo zhēnshíwǎnglùliúliàngfēnlèiyǎnsuànfǎlìyòngfēngbāodàxiǎofēnbùyǔliánjiēbùguānliánxìngzhīliúliàngbiànshí |
_version_ |
1717746541034209280 |