Abstract
Traffic analysis is an important issue for network monitoring and security. We focus on identifying protocols for network traffic by analysing the size, timing and direction of network packets. By using these network stream characteristics, we propose a technique for modelling the behaviour of various TCP protocols. This model can be used for recognising protocols even when running under encrypted tunnels. This is complemented with experimental evaluation on real world network data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Antonatos, S., Anagnostakis, K., Polychronakis, M., Markatos, E.: Performance analysis of content matching intrusion detection systems (2004)
Clark, C.R., Schimmel, D.E.: A pattern-matching co-processor for network intrusion detection systems. In: IEEE International Conference on Field-Programmable Technology (FPT), Tokyo, Japan, pp. 68–74 (2003)
Early, J.P., Brodley, C.E., Rosenberg, C.: Behavioral authentication of server flows. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, p. 46, Washington, DC, USA, IEEE Computer Society, Los Alamitos (2003)
Gebski, M., Wong, R.K.: Intrusion detection via analysis and modelling of user commands. In: Data Warehousing and Knowledge Discovery, pp. 388–397 (2005)
Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6(4), 443–471 (2003)
Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: KDD 2002: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366–375. ACM Press, New York (2002)
Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference, pp. 11–21 (1994)
Lane, T., Brodley, C.E.: Approaches to online learning and concept drift for user identification in computer security. In: Knowledge Discovery and Data Mining, pp. 259–263 (1998)
Lane, T., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. ACM Trans. Inf. Syst. Secur. 2(3), 295–331 (1999)
Lee, W.: Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility. SIGKDD Explor. Newsl. 4(2), 35–42 (2002)
Ryan, J., Lin, M.-J., Miikkulainen, R.: Intrusion detection with neural networks. In: Jordan, M.I., Kearns, M.J., Solla, S.A. (eds.) Advances in Neural Information Processing Systems, vol. 10, MIT Press, Cambridge (1998)
Sequeira, K., Zaki, M.: Admit: anomaly-based data mining for intrusions. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 386–395. ACM Press, New York (2002)
Sun, Q., Simon, D.R., Wang, Y.-M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: IEEE Symposium on Security and Privacy, pp. 19–30 (2002)
Wright, C., Monrose, F., Masson, G.M.: Hmm profiles for network traffic classification. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 9–15. ACM Press, New York (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gebski, M., Penev, A., Wong, R.K. (2006). Classification of Hidden Network Streams. In: Tjoa, A.M., Trujillo, J. (eds) Data Warehousing and Knowledge Discovery. DaWaK 2006. Lecture Notes in Computer Science, vol 4081. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823728_32
Download citation
DOI: https://doi.org/10.1007/11823728_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37736-8
Online ISBN: 978-3-540-37737-5
eBook Packages: Computer ScienceComputer Science (R0)