RDClass: on using relative distance of keywords for accurate network traffic classification

Network traffic classification has many applications including network management and security monitoring. Deep‐packet‐inspection is a commonly used method for identifying applications. However, the methods found in the literature only use these keywords or bytes in payload disregarding their positi...

Full description

Bibliographic Details
Main Authors: Mayank Swarnkar, Neminath Hubballi
Format: Article
Language:English
Published: Wiley 2018-07-01
Series:IET Networks
Subjects:
Online Access:https://doi.org/10.1049/iet-net.2017.0065
Description
Summary:Network traffic classification has many applications including network management and security monitoring. Deep‐packet‐inspection is a commonly used method for identifying applications. However, the methods found in the literature only use these keywords or bytes in payload disregarding their position. The authors propose RDClass a content‐based traffic classifier for accurately classifying network flows. RDClass uses a set of keywords extracted from the payload and the relative distance between keywords to identify applications. The idea of using the relative distance between keywords is motivated by the fact that for many applications the set of keywords appear within specific portions of payload. These sets of keywords and their relative distances are encoded in the form of a state transition machine. The authors design a new state transition machine called relative distance constrained counting automata (RDCCA) which can check both ordering of keywords and their relative distance within the payload to classify flows. RDClass can automatically generate a set of keywords and find their relative ordering to generate RDCCA when presented with unknown application payloads. The authors experiment with a range of applications and show that RDClass has better classification performance than previous methods which use only ordering of keywords.
ISSN:2047-4954
2047-4962