Article

Free access

ACAS: automated construction of application signatures

Authors:

Patrick Haffner,

Subhabrata Sen,

Oliver Spatscheck,

Dongmei WangAuthors Info & Claims

MineNet '05: Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data

Pages 197 - 202

https://doi.org/10.1145/1080173.1080183

Published: 22 August 2005 Publication History

PDF eReader

Abstract

An accurate mapping of traffic to applications is important for a broad range of network management and measurement tasks. Internet applications have traditionally been identified using well-known default server network-port numbers in the TCP or UDP headers. However this approach has become increasingly inaccurate. An alternate, more accurate technique is to use specific application-level features in the protocol exchange to guide the identification. Unfortunately deriving the signatures manually is very time consuming and difficult.In this paper, we explore automatically extracting application signatures from IP traffic payload content. In particular we apply three statistical machine learning algorithms to automatically identify signatures for a range of applications. The results indicate that this approach is highly accurate and scales to allow online application identification on high speed links. We also discovered that content signatures still work in the presence of encryption. In these cases we were able to derive content signature for unencrypted handshakes negotiating the encryption parameters of a particular connection.

References

[1]

I. Androutsopoulos, J. Koutsias, K. Chandrinos, G. Paliouras, and C. Spyropoulos. An evaluation of naive bayesian anti-spam filtering. In Proceedings of the Workshop on Machine Learning in New Information Age, Barcelona, Spain, 2000.

Google Scholar

[2]

A. L. Berger, S. A. Della Pietra, and V. J. Della Pietra. A Maximum Entropy Approach to Natural Language Processing. Computational Linguistics, 22(1):39--71, 1996.

Digital Library

Google Scholar

[3]

M. Collins, R. E. Schapire, and Y. Singer. Logistic Regression, AdaBoost and Bregman Distances. In Proceedings of COLT'00, pages 158--169, Stanford, CA, 2000.

Digital Library

Google Scholar

[4]

C. Dewes, A. Wichmann, and A. Feldmann. An analysis of internet chat systems. In Proceedings of ACM SIGCOMM Internet Measurement Conference, October 2003.

Digital Library

Google Scholar

[5]

M. Dudik, S. Phillips, and R. E. Schapire. Performance Guarantees for Regularized Maximum Entropy Density Estimation. In Proceedings of COLT'04, Banff, Canada, 2004. Springer Verlag.

Crossref

Google Scholar

[6]

P. Haffner. Scaling Large Margin Classifiers for Spoken Language Understanding. In Accepted for Publication in Speech Communication, 2005.

Google Scholar

[7]

A. Moore and K. Papagiannaki. Toward the accurate identification of network applications. In Passive & Active Measurement Workshop, Boston, USA, March 2005.

Digital Library

Google Scholar

[8]

I. Rish. An empirical study of the naive bayes classifier. In Proceedings of IJCAI-01 workshop on Empirical Methods in AI", pages 41--46, Sicily, Italy, 2001.

Google Scholar

[9]

M. Roughan, S. Sen, O. Spatscheck, and N. Duffield. Class-of-service mapping for qos: A statistical signature-based approach to tp traffic classification. In Proceedings of ACM SIGCOMM Internet Measurement Conderence (IMC'04), Sicily, Italy, October 2004.

Digital Library

Google Scholar

[10]

R. E. Schapire. The boosting approach to machine learning: An overview. In MSRI Workshop on Nonlinear Estimation and Classification, 2002.

Google Scholar

[11]

S. Sen, O. Spatscheck, and D. Wang. Accurate, scalable in-network identification of p2p traffic using application signatures. In Proceedings of World Wide Web Conference, NY, USA, May 2004.

Digital Library

Google Scholar

[12]

S. Souafi-Bensafi, M. Parizeau, F. Lebourgeois, and H. Emptoz. Bayesian networks classifiers applied to documents. In Proceedings of ICPR, Québec, Canada, 2002.

Digital Library

Google Scholar

[13]

S. Zander, T. Nguyen, and G. Armitage. Self-learning ip traffic classification based on statistical flow characteristics. In Passive & Active Measurement Workshop, Boston, USA, March 2005.

Digital Library

Google Scholar

[14]

D. Zuev and A. Moore. Traffic classification using a statistical approach. In Passive & Active Measurement Workshop, Boston, USA, March 2005.

Digital Library

Google Scholar

Cited By

View all

Zheng CHong XDing DVargaftik SBen-Itzhak YZilberman N(2024)In-Network Machine Learning Using Programmable Network Devices: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.334435126:2(1171-1200)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2023.3344351
Islam MAl-Mukhtar MKhan MHossain M(2023)A Survey on SDN and SDCN Traffic Measurement: Existing Approaches and Research ChallengesEng10.3390/eng40200634:2(1071-1115)Online publication date: 6-Apr-2023
https://doi.org/10.3390/eng4020063
Li SXie YDing XYang X(2023)ChainDetector: Identifying Anonymous Blockchain TrafficProceedings of the 2023 International Conference on Frontiers of Artificial Intelligence and Machine Learning10.1145/3616901.3616932(136-139)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3616901.3616932
Show More Cited By

Index Terms

ACAS: automated construction of application signatures
1. Computing methodologies
  1. Machine learning

Recommendations

Traffic profiles and application signatures

Our hypothesis is that data applications leave a signature when used over networks. Data that is sent from the original source and travels to the destination utilises the network in a very similar manner, if no strong congestion is experienced. Should ...
Improving TCP Congestion Control with Machine Intelligence
NetAI'18: Proceedings of the 2018 Workshop on Network Meets AI & ML

In a TCP/IP network, a key to ensure efficient and fair sharing of network resources among its users is the TCP congestion control (CC) scheme. Previously, the design of TCP CC schemes is based on hard-wiring of predefined actions to specific feedback ...
A smart fairness mechanism for Concurrent multipath transfer in SCTP over wireless multi-hop networks

The emerging use of multihomed devices in wireless multi-hop networks has increased the demand for multipath transport protocols, such as Concurrent multipath transfer in Stream control transmission protocol (CMT-SCTP). The fairness of CMT-SCTP over ...

Comments

Information & Contributors

Information

Published In

MineNet '05: Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data

August 2005

296 pages

ISBN:1595930264

DOI:10.1145/1080173

Conference Chairs:
Subhabrata Sen
AT&T Labs-Research
,
Chuanyi Ji
Georgia Tech
,
Debanjan Saha
IBM Research
,
Joe McCloskey
Dept. of Defense

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 August 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SIGCOMM05

Sponsor:

SIGCOMM05: ACM SIGCOMM 2005 Conference

August 26, 2005

Pennsylvania, Philadelphia, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

293
Total Citations
View Citations
1,352
Total Downloads

Downloads (Last 12 months)109
Downloads (Last 6 weeks)13

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zheng CHong XDing DVargaftik SBen-Itzhak YZilberman N(2024)In-Network Machine Learning Using Programmable Network Devices: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.334435126:2(1171-1200)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2023.3344351
Islam MAl-Mukhtar MKhan MHossain M(2023)A Survey on SDN and SDCN Traffic Measurement: Existing Approaches and Research ChallengesEng10.3390/eng40200634:2(1071-1115)Online publication date: 6-Apr-2023
https://doi.org/10.3390/eng4020063
Li SXie YDing XYang X(2023)ChainDetector: Identifying Anonymous Blockchain TrafficProceedings of the 2023 International Conference on Frontiers of Artificial Intelligence and Machine Learning10.1145/3616901.3616932(136-139)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3616901.3616932
Tang TLai YWang Y(2023)Relational reasoning-based approach for network protocol reverse engineeringComputer Networks10.1016/j.comnet.2023.109797230(109797)Online publication date: Jul-2023
https://doi.org/10.1016/j.comnet.2023.109797
Papanikolaou AAlevizopoulos AIlioudis CDemertzis KRantos K(2023)An autoML network traffic analyzer for cyber threat detectionInternational Journal of Information Security10.1007/s10207-023-00703-022:5(1511-1530)Online publication date: 21-May-2023
https://doi.org/10.1007/s10207-023-00703-0
KIRIŞOĞLU SKOTAN BKOTAN K(2022)Çok Katmanlı Algılayıcı ile Ağ Trafiği Sınıflandırma AnaliziNetwork Traffic Classification Analysis with Multi-Layer SensorDüzce Üniversitesi Bilim ve Teknoloji Dergisi10.29130/dubited.98059410:2(837-846)Online publication date: 30-Apr-2022
https://doi.org/10.29130/dubited.980594
Jhaveri RRevathi ARamana KRaut RDhanaraj R(2022)A Review on Machine Learning Strategies for Real-World Engineering ApplicationsMobile Information Systems10.1155/2022/18335072022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1833507
Su CTan YXie XLiu Y(2022)Resource Prediction of Virtual Network Function Based on Traffic Feature ExtractionProceedings of the 2022 6th International Conference on Intelligent Systems, Metaheuristics & Swarm Intelligence10.1145/3533050.3533068(111-117)Online publication date: 9-Apr-2022
https://dl.acm.org/doi/10.1145/3533050.3533068
Xiao XXiao WLi RLuo XZheng HXia S(2022)EBSNN: Extended Byte Segment Neural Network for Network Traffic ClassificationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.310131119:5(3521-3538)Online publication date: 1-Sep-2022
https://doi.org/10.1109/TDSC.2021.3101311
Chen LLiu LZhang L(2022)An efficient Industrial Internet of Things video data processing system for protocol identification and quality enhancementIET Cyber-Physical Systems: Theory & Applications10.1049/cps2.120358:2(63-75)Online publication date: 22-Sep-2022
https://doi.org/10.1049/cps2.12035
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Traffic profiles and application signatures

Improving TCP Congestion Control with Machine Intelligence

A smart fairness mechanism for Concurrent multipath transfer in SCTP over wireless multi-hop networks