Title :
Flow signatures of popular applications
Author :
Perelman, Vladislav ; Melnikov, Nikolay ; Schönwälder, Jürgen
Author_Institution :
Jacobs Univ. Bremen, Bremen, Germany
Abstract :
Network flow data is widely used to analyze the protocol mix forwarded by a router or to identify anomalies that may be caused by hardware and software failures, configuration errors, or intrusion attempts. The goal of our research is to find application signatures in network flow traces that can be used to pinpoint certain applications, such as specific web browsers, mail clients, or media-players. Our starting point is the hypothesis that popular applications generate application specific flow signatures. In order to verify our hypothesis, we recorded traffic traces of several applications and we subsequently analyzed the traces to identify flow signatures of these applications. The flow signatures were formalized as queries of a stream-based flow query language. The queries have been executed on several flow traces in order to evaluate our approach.
Keywords :
digital signatures; online front-ends; protocols; query languages; security of data; system recovery; telecommunication network routing; telecommunication security; Web browser; configuration error; flow signature; hardware failure; intrusion attempt; mail client; media-player; network flow data; network flow traces; protocol mix; router; software failure; stream-based flow query language; Fires; IP networks; Prefetching;
Conference_Titel :
Integrated Network Management (IM), 2011 IFIP/IEEE International Symposium on
Conference_Location :
Dublin
Print_ISBN :
978-1-4244-9219-0
Electronic_ISBN :
978-1-4244-9220-6
DOI :
10.1109/INM.2011.5990668
