A reliable network application identification based on transition pattern of payload length

Shinnosuke Yagi; Yuji Waizumi; Hiroshi Tsunoda; Yoshiaki Nemoto

doi:10.1109/GLOCOM.2008.ECP.370

A reliable network application identification based on transition pattern of payload length

Shinnosuke Yagi, Yuji Waizumi, Hiroshi Tsunoda, Yoshiaki Nemoto

INF - Applied Information Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

In recent years, information leakage through the Internet has become a new social problem. Many information leakage incidents are caused by illegal applications such as Peer-to-Peer (P2P) file sharing software. To prevent information leakage, early detection and blocking of the traffic exchanged by illegal applications is strongly required. We have proposed a method for application identification based on the transition pattern of payload length of startup phase of the communication. The method can identify applications without using port numbers, which can be easily spoofed. However, the method can identify only applications which the method learned and cannot discriminate unlearned applications. In this paper, we propose a new application identification method by introducing "Unknown" category to handle flows of unlearned applications.

Original language	English
Title of host publication	2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Pages	1915-1919
Number of pages	5
DOIs	https://doi.org/10.1109/GLOCOM.2008.ECP.370
Publication status	Published - 2008 Dec 1
Event	2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 - New Orleans, LA, United States Duration: 2008 Nov 30 → 2008 Dec 4

Publication series

Name	GLOBECOM - IEEE Global Telecommunications Conference

Other

Other	2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Country	United States
City	New Orleans, LA
Period	08/11/30 → 08/12/4

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1109/GLOCOM.2008.ECP.370

Fingerprint Dive into the research topics of 'A reliable network application identification based on transition pattern of payload length'. Together they form a unique fingerprint.

Cite this

A reliable network application identification based on transition pattern of payload length. / Yagi, Shinnosuke; Waizumi, Yuji; Tsunoda, Hiroshi; Nemoto, Yoshiaki.

2008 IEEE Global Telecommunications Conference, GLOBECOM 2008. 2008. p. 1915-1919 4698145 (GLOBECOM - IEEE Global Telecommunications Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yagi, S, Waizumi, Y, Tsunoda, H & Nemoto, Y 2008, A reliable network application identification based on transition pattern of payload length. in 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008., 4698145, GLOBECOM - IEEE Global Telecommunications Conference, pp. 1915-1919, 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008, New Orleans, LA, United States, 08/11/30. https://doi.org/10.1109/GLOCOM.2008.ECP.370

@inproceedings{80848693b27343189fddb8fa1dacbee5,

title = "A reliable network application identification based on transition pattern of payload length",

abstract = "In recent years, information leakage through the Internet has become a new social problem. Many information leakage incidents are caused by illegal applications such as Peer-to-Peer (P2P) file sharing software. To prevent information leakage, early detection and blocking of the traffic exchanged by illegal applications is strongly required. We have proposed a method for application identification based on the transition pattern of payload length of startup phase of the communication. The method can identify applications without using port numbers, which can be easily spoofed. However, the method can identify only applications which the method learned and cannot discriminate unlearned applications. In this paper, we propose a new application identification method by introducing {"}Unknown{"} category to handle flows of unlearned applications.",

author = "Shinnosuke Yagi and Yuji Waizumi and Hiroshi Tsunoda and Yoshiaki Nemoto",

year = "2008",

month = dec,

day = "1",

doi = "10.1109/GLOCOM.2008.ECP.370",

language = "English",

isbn = "9781424423248",

series = "GLOBECOM - IEEE Global Telecommunications Conference",

pages = "1915--1919",

booktitle = "2008 IEEE Global Telecommunications Conference, GLOBECOM 2008",

note = "2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 ; Conference date: 30-11-2008 Through 04-12-2008",

}

TY - GEN

T1 - A reliable network application identification based on transition pattern of payload length

AU - Yagi, Shinnosuke

AU - Waizumi, Yuji

AU - Tsunoda, Hiroshi

AU - Nemoto, Yoshiaki

PY - 2008/12/1

Y1 - 2008/12/1

N2 - In recent years, information leakage through the Internet has become a new social problem. Many information leakage incidents are caused by illegal applications such as Peer-to-Peer (P2P) file sharing software. To prevent information leakage, early detection and blocking of the traffic exchanged by illegal applications is strongly required. We have proposed a method for application identification based on the transition pattern of payload length of startup phase of the communication. The method can identify applications without using port numbers, which can be easily spoofed. However, the method can identify only applications which the method learned and cannot discriminate unlearned applications. In this paper, we propose a new application identification method by introducing "Unknown" category to handle flows of unlearned applications.

AB - In recent years, information leakage through the Internet has become a new social problem. Many information leakage incidents are caused by illegal applications such as Peer-to-Peer (P2P) file sharing software. To prevent information leakage, early detection and blocking of the traffic exchanged by illegal applications is strongly required. We have proposed a method for application identification based on the transition pattern of payload length of startup phase of the communication. The method can identify applications without using port numbers, which can be easily spoofed. However, the method can identify only applications which the method learned and cannot discriminate unlearned applications. In this paper, we propose a new application identification method by introducing "Unknown" category to handle flows of unlearned applications.

UR - http://www.scopus.com/inward/record.url?scp=67249114801&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67249114801&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2008.ECP.370

DO - 10.1109/GLOCOM.2008.ECP.370

M3 - Conference contribution

AN - SCOPUS:67249114801

SN - 9781424423248

T3 - GLOBECOM - IEEE Global Telecommunications Conference

SP - 1915

EP - 1919

BT - 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008

T2 - 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008

Y2 - 30 November 2008 through 4 December 2008

ER -