Network Application Identification Based on Communication Characteristics of Application Messages
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 33087
Network Application Identification Based on Communication Characteristics of Application Messages

Authors: Yuji Waizumi, Yuya Tsukabe, Hiroshi Tsunoda, Yoshiaki Nemoto

Abstract:

A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.

Keywords: Network Application Identification, Message Transition Pattern

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1334297

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1360

References:


[1] T.Masak, A.Shingoand, and O.Ikuo. A classification method for bulk/real-time traffic based on flow statistics. IEICE technical report, NS2006-28:29-32, May 2006.
[2] T.Kitamura, T.Shizuno, and T.Okabe. Traffic identification method with packet-type transition pattern analysis. IEICE technical report, NS2006- 27:25-28, May 2006.
[3] N.Fumitaka, M.Takashi, W.Yasushi, and T.Yoshiaki. Traffic feature analysis and application discrimination. IEICE technical report, NS2007- 80:57-62, Sep. 2006.
[4] T.MATSUDA, F.NAKAMURA, Y.WAKAHARA, and Y.TANAKA. P2p traffic discrimination technique based on tcp session statistics. 2005 IEICE General Conference, B-6-121, May 2005.
[5] S. Sen, O. Spatscheck, and D. Wang. Accurate, scalable in-network identification of p2p traffic using application signatures. In WWW -04: Proceedings of the 13th international conference on World Wide Web, pages 512-521, 2004.
[6] P. Haffner, S. Sen, O. Spatscheck, and D. Wang. Acas: Automated construction of application signatures. In SIGCOMM -05 Workshops, Augst 2005.
[7] M. Roughan, S. Sen, O. Spatscheck, and N. Duffield. Class-of-service mapping for qos: a statistical signature-based approach to ip traffic classification. In IMC -04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 135-148. ACM Press, 2004.
[8] T.Karagiannis, K.Papagiannaki, and Michalis Faloutsos. Blinc: Multilevel traffic classification in the dark. ACM SIGCOMM, pages 229-240, 2005.
[9] T. Karagiannis, A. Broido, M Faloutos, and K.C.Claffy. Transport layer identification of p2p traffic. In IMC-04, October 2004.
[10] F.Nakamura, T. Matuda, Y.Wakahara, and Y.Tanaka. Traffic feature analysis and application discrimination. In IEICE technical report, NS2006-80:57-62, Sep. 2006.
[11] J.Erman, M.Arlitt, and A.Mahaniti. Traffic classification using clustering algorithms. MineNet -06: Proceedings of the 2006 ACM SIGCOMM workshop on Mining network data, pages 281-286, 2006.
[12] A. Moore and D. Zuev. Internet traffic classification using bayesian analysis techniques. In SIGMETRICS-05, 2005.
[13] N. Williams, S. Zander, and G. Armitage. A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. In ACM SIGCOMM Computre Communication Review, Vol.36,Number 5, 2006.
[14] T. Kitamura, T. Shizuno, and T. Okabe. Application classification method based on flow behavior analysis. In IEICE technical report, NS2005-136:13-16, Dec. 2005.
[15] L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian. Traffic classification on the fly. In ACM SIGCOMM Computre Communication Review, 2006.
[16] L. Bernaille, R.Teixeira, and K. Salamatian. Early application identification. In In Proc. of Confernce on Future NetworkingTechnologies, Dec. 2006.
[17] Yuji Waizumi, Abbas Jamalipour, and Yoshiaki Nemoto. Network application identiffication based on transition pattern of packets. In IEEE Wireless Rural and Emergency Communications Conference (WRECOM) 2007, Oct 2007.
[18] Shinnosuke Yagi, Yuji Waizumi, Hiroshi Tsunoda, Abbas Jamalipour, Nei Kato, and Yoshiaki Nemoto. Network application identiffication using transition pattern of payload length. In IEEE Wireless Commun. and Network Conference (WCNC) 2008, Apr 2008.
[19] Shinnosuke Yagi, YujiWaizumi, Hiroshi Tsunoda, and Yoshiaki Nemoto. A reliable network application identification based on transition pattern of payload length. In IEEE Globecom 2008, Dec 2008.
[20] T.Kohonen. Self-organization and Associate Memory (2nd Edition). Spring-verlag, 1998.