Application-Level Traffic Identification of Network Security Monitoring

Along with the development of the Internet and strengthening of network protocol, it becomes more and more difficult to monitor network. And some sensitive information has been leaked outside the application environment. A major problem with current security monitoring is the large number of newly emerging applications using more complicated communication structures and patterns than traditional applications. The ability to accurately identify the Internet traffic associated with different application-level protocols is essential to a security monitoring system. Traditional traffic identification method based on well-known port numbers is becoming more inaccurate and not appropriate for the identification of P2P and other new types of traffics. This paper proposes a new method to identify application level traffic.First, we categorized most application level protocols according to their characters. With this classification, we use signatures matching to determine the name of the traffic. Finally, a test has been carried out to evaluate the accuracy and efficiency of this method.