Identifying application types in network traffic is a difficult problem for administrators who must secure and manage network resources, further complicated by the use of encrypted protocols and nonstandard port numbers. This paper takes a unique approach to this problem by modeling and analyzing application graphs, structures which describe the applicationlevel (e.g., HTTP, FTP) communications between hosts. These graphs are searched for motifs: recurring, significant patterns of interconnections that can be used to help determine the network application in use. Motif-based analysis has been applied predominantly to biological networks to hypothesize key functional regulatory units, but never to network traffic as it is here. For the proposed method, a description of each node is generated based on its participation in statistically significant motifs. These descriptions, or profiles, are data points in multidimensional space that are used as input to a k-nearest neighbor (k-NN) classifier to predict the application. This work also compares the performance of motif-based analysis to an alternative profile type based on "traditional" graph measures such as path lengths, clustering coefficients and centrality measures. The results show that motif profiles perform better than traditional profiles, and are able to correctly identify the actions of 85% of the hosts examined across seven protocols.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.