Journal ArticleDOI
A Survey on Internet Traffic Identification
Arthur Callado,Carlos Kamienski,Geza Szabo,Balázs Peter Gerö,Judith Kelner,Stenio Fernandes,Djamel Sadok +6 more
TLDR
This survey explains the main techniques and problems known in the field of IP traffic analysis and focuses on application detection, separating traffic analysis into packet-based and flow-based categories and details the advantages and problems for each approach.Abstract:
The area of Internet traffic measurement has advanced enormously over the last couple of years. This was mostly due to the increase in network access speeds, due to the appearance of bandwidth-hungry applications, due to the ISPs' increased interest in precise user traffic profile information and also a response to the enormous growth in the number of connected users. These changes greatly affected the work of Internet service providers and network administrators, which have to deal with increasing resource demands and abrupt traffic changes brought by new applications. This survey explains the main techniques and problems known in the field of IP traffic analysis and focuses on application detection. First, it separates traffic analysis into packet-based and flow-based categories and details the advantages and problems for each approach. Second, this work cites the techniques for traffic analysis accessible in the literature, along with the analysis performed by the authors. Relevant techniques include signature-matching, sampling and inference. Third, this work shows the trends in application classification analysis and presents important and recent references in the subject. Lastly, this survey draws the readers' interest to open research topics in the area of traffic analysis and application detection and makes some final remarks.read more
Citations
More filters
Journal ArticleDOI
Network Anomaly Detection: Methods, Systems and Tools
TL;DR: This paper provides a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomalies detection.
Proceedings ArticleDOI
Characterization of Encrypted and VPN Traffic using Time-related Features
TL;DR: This paper studies the effectiveness of flow-based time-related features to detect VPN traffic and to characterize encrypted traffic into different categories, according to the type of traffic e.g., browsing, streaming, etc.
Journal ArticleDOI
Issues and future directions in traffic classification
TL;DR: The persistently unsolved challenges in the field over the last decade are outlined, and several strategies for tackling these challenges are suggested to promote progress in the science of Internet traffic classification.
Proceedings ArticleDOI
Characterization of Tor Traffic using Time based Features.
TL;DR: A time analysis on Tor traffic flows is presented, captured between the client and the entry node, to detect the application type: Browsing, Chat, Streaming, Mail, Voip, P2P or File Transfer.
Journal ArticleDOI
A survey of methods for encrypted traffic classification and analysis
TL;DR: The most widespread encryption protocols used throughout the Internet are described and it is shown that the initiation of an encrypted connection and the protocol structure give away much information for encrypted traffic classification and analysis.
References
More filters
Proceedings Article
Bro: a system for detecting network intruders in real-time
TL;DR: Bro as mentioned in this paper is a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits, which emphasizes high-speed (FDDI-rate) monitoring, realtime notification, clear separation between mechanism and policy and extensibility.
Journal ArticleDOI
Bro: a system for detecting network intruders in real-time
Vern Paxson,Vern Paxson +1 more
TL;DR: An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given.
Journal ArticleDOI
Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level
TL;DR: In this article, the authors provide a plausible physical explanation for the occurrence of self-similarity in local-area network (LAN) traffic, based on convergence results for processes that exhibit high variability and is supported by detailed statistical analyzes of real-time traffic measurements from Ethernet LANs at the level of individual sources.
Proceedings ArticleDOI
Internet traffic classification using bayesian analysis techniques
Andrew W. Moore,Denis Zuev +1 more
TL;DR: This work applies a Naïve Bayes estimator to categorize traffic by application using samples of well-known traffic to allow the categorization of traffic using commonly available information alone, and demonstrates the high level of accuracy achievable with this estimator.
BookDOI
Self-Similar Network Traffic and Performance Evaluation
Kihong Park,Walter Willinger +1 more
TL;DR: Self-similar Network Traffic: An Overview (K. Park & W. Willinger).