Network application identification based on communication characteristics of application messages

Yuji Waizumi; Yuya Tsukabe; Hiroshi Tsunoda; Yoshiaki Nemoto

Network application identification based on communication characteristics of application messages

Yuji Waizumi, Yuya Tsukabe, Hiroshi Tsunoda, Yoshiaki Nemoto

INF - Applied Information Sciences

Research output: Contribution to journal › Article › peer-review

Abstract

A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.

Original language	English
Pages (from-to)	754-759
Number of pages	6
Journal	World Academy of Science, Engineering and Technology
Volume	60
Publication status	Published - 2011 Dec

Keywords

Message transition pattern
Network application identification

ASJC Scopus subject areas

Engineering(all)

Access to Document

Fingerprint Dive into the research topics of 'Network application identification based on communication characteristics of application messages'. Together they form a unique fingerprint.

Cite this

@article{15f64684ab674326b547188b8c4aaf07,

title = "Network application identification based on communication characteristics of application messages",

abstract = "A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.",

keywords = "Message transition pattern, Network application identification",

author = "Yuji Waizumi and Yuya Tsukabe and Hiroshi Tsunoda and Yoshiaki Nemoto",

year = "2011",

month = dec,

language = "English",

volume = "60",

pages = "754--759",

journal = "World Academy of Science, Engineering and Technology",

issn = "2010-376X",

publisher = "World Academy of Science Engineering and Technology",

}

TY - JOUR

T1 - Network application identification based on communication characteristics of application messages

AU - Waizumi, Yuji

AU - Tsukabe, Yuya

AU - Tsunoda, Hiroshi

AU - Nemoto, Yoshiaki

PY - 2011/12

Y1 - 2011/12

N2 - A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.

AB - A person-to-person information sharing is easily realized by P2P networks in which servers are not essential. Leakage of information, which are caused by malicious accesses for P2P networks, has become a new social issues. To prevent information leakage, it is necessary to detect and block traffics of P2P software. Since some P2P softwares can spoof port numbers, it is difficult to detect the traffics sent from P2P softwares by using port numbers. It is more difficult to devise effective countermeasures for detecting the software because their protocol are not public. In this paper, a discriminating method of network applications based on communication characteristics of application messages without port numbers is proposed. The proposed method is based on an assumption that there can be some rules about time intervals to transmit messages in application layer and the number of necessary packets to send one message. By extracting the rule from network traffic, the proposed method can discriminate applications without port numbers.

KW - Message transition pattern

KW - Network application identification

UR - http://www.scopus.com/inward/record.url?scp=78651596180&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78651596180&partnerID=8YFLogxK

M3 - Article

VL - 60

SP - 754

EP - 759

JO - World Academy of Science, Engineering and Technology

JF - World Academy of Science, Engineering and Technology

SN - 2010-376X

ER -