LAYSEE: Learn-as-you-see traffic classifier

Author

Tongaonkar, Alok ; Iliofotou, Marios ; Keralapura, Ram

Author_Institution

Narus Inc., Sunnyvale, CA, USA

fYear

2013

fDate

14-19 April 2013

Firstpage

25

Lastpage

26

Abstract

The ability to classify all traffic that traverses a network is a critical aspect of network management. Signature based traffic classifiers are widely used to provide that capability. The state of the art classifiers rely on static, manual, and tedious approach of protocol reverse engineering to obtain signatures. However, the explosion of never-seen-before applications on the internet has resulted in a drastic reduction in the effectiveness of such systems. To overcome these limitations, we have developed a novel system, called Learn-As-You-SEE (LAYSEE), that aims to provide dynamic, automated, and exhaustive application identification. Our system automatically extracts signatures from network traffic by leveraging the benefits of packet content signature inference techniques and sophisticated behavioral-based analysis. These signatures are used for classifying subsequent traffic.

Keywords

Internet; computer network management; pattern classification; protocols; reverse engineering; telecommunication traffic; Internet; LAYSEE; automated application identification; behavioral-based analysis; dynamic application identification; exhaustive application identification; learn-as-you-see traffic classifier; network management; network traffic; never-seen-before applications; packet content signature inference techniques; protocol reverse engineering; signature based traffic classifiers; signature extraction; Classification algorithms; Feature extraction; Internet; Manuals; Payloads; Ports (Computers); Protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on

Conference_Location

Turin

Print_ISBN

978-1-4799-0055-8

Type

conf

DOI

10.1109/INFCOMW.2013.6970707

Filename

6970707