TY - JOUR
T1 - Network application identification based on communication characteristics of application messages
AU - Waizumi, Yuji
AU - Tsukabe, Yuya
AU - Tsunoda, Hiroshi
AU - Nemoto, Yoshiaki
PY - 2011/12
Y1 - 2011/12
N2 - A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.
AB - A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.
KW - Message transition pattern
KW - Network application identification
UR - http://www.scopus.com/inward/record.url?scp=78651596180&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78651596180&partnerID=8YFLogxK
M3 - Article
VL - 60
SP - 754
EP - 759
JO - World Academy of Science, Engineering and Technology
JF - World Academy of Science, Engineering and Technology
SN - 2010-376X
ER -