The accurate identification of the different protocols used by various applications plays an important role in many network management and monitoring tasks. However, the development of emerging applications and the evolution of existing applications have made the early success of port number or payload signature based classification methods no longer repeatable. On the other hand, machine learning based approaches have achieved steady progress in classification accuracy, with the statistical features extracted from packets and flows. In this paper, by introducing a Markov random field to model the semantics of network application protocols, we investigate a new approach to classifying network traffic into application protocols. First the packets in a flow are aggregated into messages that contain the related semantics information. We assume that the simple message features like the length and the direction of a message are observable, while the semantics of messages are invisible in both training and test phases. Tested with traffic traces collected from heterogeneous sources, this approach was demonstrated to be able to deliver good accuracy and speed.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.