Stochastic Traffic Identification for Security Management: eDonkey Protocol as a Case Study
Traffic identification is a relevant issue for network operators nowadays. As P2P services are often used as an attack vector, Internet Service Providers (ISPs) and network administrators are interested in modeling the traffic transported on their networks with behavior identification and classification purposes. In this paper, we present a stochastic detection approach, based on the use of Markov models, for classifying network traffic to trigger subsequent security related actions. The detection system works at flow level considering the packets as incoming observations, and is capable of analyze both plain and encrypted communications. After suggesting a general structure for modeling any network service, we apply it to eDonkey traffic classification as a case study.
After successfully evaluating our approach with real network traces, the experimental results evidence the way our methodology can be used to model normal behaviors in communications for a given target service.
Unable to display preview. Download preview PDF.
- 1.Jin, Y., Duffield, N., Erman, J., Haffner, P., Sen, S., Zhang, Z.L.: A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks. ACM Trans. Knowl. Discov. Data 6(1), 4:1–4:34 (2012)Google Scholar
- 2.Chen, H., Zhou, X., You, F., Wang, C.: Study of Double-Characteristics-Based SVM Method for P2P Traffic Identification. In: 2010 Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC), vol. 1, pp. 202–205 (April 2010)Google Scholar
- 7.Dainotti, A., de Donato, W., Pescape, A., Salvo Rossi, P.: Classification of Network Traffic via Packet-Level Hidden Markov Models. In: Global Telecommunications Conference, IEEE GLOBECOM 2008, pp. 1–5. IEEE (November 2008)Google Scholar
- 8.Markov, A., Nagorny, N.: The theory of algorithms. Mathematics and its applications: Soviet series. Kluwer Academic Publishers (1988)Google Scholar
- 9.Dymarski, P.: Hidden Markov Models, Theory and Applications. InTech (2011)Google Scholar
- 10.Fink, G.: Markov models for pattern recognition: from theory to applications. Springer (2008)Google Scholar
- 14.Feldmann, A.: Characteristics of TCP Connection Arrivals. Technical memorandum, AT&T Labs Research (1998)Google Scholar
- 16.AMULE: aMule, http://www.amule.org (last accessed: January 2013)
- 17.OpenDPI: OpenDPI, http://www.opendpi.org (last accessed: January 2013)