software

Network traffic classification is an absolute necessity for network     monitoring, security analysis, and digital forensics. Without accurate    traffic classification, computation demands on analysis of all IP flows are  enormous. Classification can also reduce the number of flows that need to be analyzed, prioritize, and order them for an investigator to analyze the most forensically significant first. This paper presents an automatic feature elimination method based on a feature correlation matrix. Furthermore, we compare two algorithms adapted from literature, that offer high accuracy and acceptable performance, and our algorithm -- Enhanced Statistical Protocol Identification (ESPI). Each of these algorithms is used with a subset of features that best suits it. We evaluate these algorithms on their ability to identify application layer protocols and additionally applications themselves. Experiments show that the Random Forest based classifier yields the most promising results, whereas our algorithm provides an interesting tradeoff between higher performance and slightly lower accuracy.

network forensics, network traffic classification, statistical protocol identification, application identification, application protocol identification

14. 12. 2017

https://github.com/pluskal/AppIdent/tree/master

K využití výsledku jiným subjektem je vždy nutné nabytí licence

Poskytovatel licence na výsledek nepožaduje licenční poplatek

https://github.com/pluskal/AppIdent/tree/master