{"title":"Packet classification in co-mingled traffic streams","authors":"Siddharth Maru, T. Brown","doi":"10.1109/NPSEC.2009.5342251","DOIUrl":null,"url":null,"abstract":"This paper considers the problem of packet classification in a co-mingled traffic stream. Given an encrypted co-mingled stream consisting of different protocol flows originating from different sources; we investigate if it is possible to assign packets to their respective sources and identify the protocol for each source. Encryption makes it difficult to obtain any information from packet headers or payloads. Consequently the only information available to an observer is the packet size, arrival times, direction and power levels. This paper presents a statistical approach that analyses the sizes and power levels of packets belonging to each protocol and uses this information to classify the packets in the co-mingled stream. Results are presented for the classification of a co-mingled stream of upto five different protocols. The results show that it is possible to efficiently classify packets based on sizes, direction and power levels. We see that packets belonging to the HTTP protocol are easiest to classify whereas those belonging to the FTP and IMAP protocols are difficult to separate when co-mingled with each other.","PeriodicalId":307178,"journal":{"name":"2009 5th IEEE Workshop on Secure Network Protocols","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 5th IEEE Workshop on Secure Network Protocols","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NPSEC.2009.5342251","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
This paper considers the problem of packet classification in a co-mingled traffic stream. Given an encrypted co-mingled stream consisting of different protocol flows originating from different sources; we investigate if it is possible to assign packets to their respective sources and identify the protocol for each source. Encryption makes it difficult to obtain any information from packet headers or payloads. Consequently the only information available to an observer is the packet size, arrival times, direction and power levels. This paper presents a statistical approach that analyses the sizes and power levels of packets belonging to each protocol and uses this information to classify the packets in the co-mingled stream. Results are presented for the classification of a co-mingled stream of upto five different protocols. The results show that it is possible to efficiently classify packets based on sizes, direction and power levels. We see that packets belonging to the HTTP protocol are easiest to classify whereas those belonging to the FTP and IMAP protocols are difficult to separate when co-mingled with each other.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
