Network application identification based on communication characteristics of application messages

Yuji Waizumi, Yuya Tsukabe, Hiroshi Tsunoda, Yoshiaki Nemoto

Research output: Contribution to journalArticlepeer-review

Abstract

A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.

Original languageEnglish
Pages (from-to)754-759
Number of pages6
JournalWorld Academy of Science, Engineering and Technology
Volume60
Publication statusPublished - 2011 Dec

Keywords

  • Message transition pattern
  • Network application identification

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Network application identification based on communication characteristics of application messages'. Together they form a unique fingerprint.

Cite this