Přístupnostní navigace
E-přihláška
Vyhledávání Vyhledat Zavřít
Detail produktu
PLUSKAL, J.
Typ produktu
software
Abstrakt
Network traffic classification is an absolute necessity for network monitoring, security analysis, and digital forensics. Without accurate traffic classification, computation demands on analysis of all IP flows are enormous. Classification can also reduce the number of flows that need to be analyzed, prioritize, and order them for an investigator to analyze the most forensically significant first. This paper presents an automatic feature elimination method based on a feature correlation matrix. Furthermore, we compare two algorithms adapted from literature, that offer high accuracy and acceptable performance, and our algorithm -- Enhanced Statistical Protocol Identification (ESPI). Each of these algorithms is used with a subset of features that best suits it. We evaluate these algorithms on their ability to identify application layer protocols and additionally applications themselves. Experiments show that the Random Forest based classifier yields the most promising results, whereas our algorithm provides an interesting tradeoff between higher performance and slightly lower accuracy.
Klíčová slova
network forensics, network traffic classification, statistical protocol identification, application identification, application protocol identification
Datum vzniku
14. 12. 2017
Umístění
https://github.com/pluskal/AppIdent/tree/master
Možnosti využití
K využití výsledku jiným subjektem je vždy nutné nabytí licence
Licenční poplatek
Poskytovatel licence na výsledek nepožaduje licenční poplatek
www
Dokumenty
AppIdent-master.7z AppIdent-gh-pages.zip