Title :
Exploiting intra-packet dependency for fine-grained protocol format inference
Author :
Qun Huang ; Lee, Patrick P. C. ; Zhibin Zhang
Author_Institution :
Chinese Univ. of Hong Kong, Hong Kong, China
Abstract :
Given the increasing volume and complexity of network traffic nowadays, network operators often leverage application-layer protocols to differentiate network traffic, so as to improve quality-of-service control, security protection, and resource profiling. We present ProGraph, a tool that accurately infers protocol message formats at both byte-level and bit-level granularities. Unlike existing approaches that mainly exploit statistical features across packets, ProGraph exploits intra-packet dependency among the values of different portions of a packet payload. It systematically constructs a graphical model that captures intra-packet dependency, using various techniques in graph theory and information theory. It also achieves several important design properties for real deployment, including fine-grained inference, protocol independence, simple parameterization, robustness to noisy training sets, and fast execution. We show via trace-driven evaluations that ProGraph achieves more accurate inference than existing approaches. We further show how ProGraph can be used for classifying traffic.
Keywords :
graph theory; protocols; quality of service; security of data; application layer protocols; bit-level granularities; byte-level granularities; fine grained protocol format inference; fine-grained inference; graph theory; graphical model; information theory; intrapacket dependency; network operators; network traffic; noisy training sets; packet payload; protocol independence; quality-of-service control; resource profiling; security protection; statistical features; Graphical models; Merging; Noise measurement; Payloads; Probability distribution; Protocols; Training;
Conference_Titel :
IFIP Networking Conference (IFIP Networking), 2015
Conference_Location :
Toulouse
DOI :
10.1109/IFIPNetworking.2015.7145325
