Skip to main content
SpringerLink
Log in

Stochastic Traffic Identification for Security Management: eDonkey Protocol as a Case Study

  • Conference paper
Network and System Security (NSS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7873))

Included in the following conference series:

Abstract

Traffic identification is a relevant issue for network operators nowadays. As P2P services are often used as an attack vector, Internet Service Providers (ISPs) and network administrators are interested in modeling the traffic transported on their networks with behavior identification and classification purposes. In this paper, we present a stochastic detection approach, based on the use of Markov models, for classifying network traffic to trigger subsequent security related actions. The detection system works at flow level considering the packets as incoming observations, and is capable of analyze both plain and encrypted communications. After suggesting a general structure for modeling any network service, we apply it to eDonkey traffic classification as a case study.

After successfully evaluating our approach with real network traces, the experimental results evidence the way our methodology can be used to model normal behaviors in communications for a given target service.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jin, Y., Duffield, N., Erman, J., Haffner, P., Sen, S., Zhang, Z.L.: A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks. ACM Trans. Knowl. Discov. Data 6(1), 4:1–4:34 (2012)

    Google Scholar 

  2. Chen, H., Zhou, X., You, F., Wang, C.: Study of Double-Characteristics-Based SVM Method for P2P Traffic Identification. In: 2010 Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC), vol. 1, pp. 202–205 (April 2010)

    Google Scholar 

  3. Callado, A., Kamienski, C., Szabo, G., Gero, B., Kelner, J., Fernandes, S., Sadok, D.: A Survey on Internet Traffic Identification. IEEE Communications Surveys & Tutorials 11(3), 37–52 (2009)

    Article  Google Scholar 

  4. Dainotti, A., Pescape, A., Claffy, K.: Issues and future directions in traffic classification. IEEE Network 26(1), 35–40 (2012)

    Article  Google Scholar 

  5. Dahmouni, H., Vaton, S., Rossé, D.: A markovian signature-based approach to IP traffic classification. In: Proceedings of the 3rd Annual ACM Workshop on Mining Network Data, MineNet 2007, pp. 29–34. ACM, New York (2007)

    Chapter  Google Scholar 

  6. Wright, C.V., Monrose, F., Masson, G.M.: On Inferring Application Protocol Behaviors in Encrypted Network Traffic. J. Mach. Learn. Res. 7, 2745–2769 (2006)

    MathSciNet  MATH  Google Scholar 

  7. Dainotti, A., de Donato, W., Pescape, A., Salvo Rossi, P.: Classification of Network Traffic via Packet-Level Hidden Markov Models. In: Global Telecommunications Conference, IEEE GLOBECOM 2008, pp. 1–5. IEEE (November 2008)

    Google Scholar 

  8. Markov, A., Nagorny, N.: The theory of algorithms. Mathematics and its applications: Soviet series. Kluwer Academic Publishers (1988)

    Google Scholar 

  9. Dymarski, P.: Hidden Markov Models, Theory and Applications. InTech (2011)

    Google Scholar 

  10. Fink, G.: Markov models for pattern recognition: from theory to applications. Springer (2008)

    Google Scholar 

  11. Forney, G.J.: The Viterbi algorithm. Proceedings of the IEEE 61(3), 268–278 (1973)

    Article  MathSciNet  Google Scholar 

  12. Baum, L.E., Petrie, T., Soules, G., Weiss, N.: A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov Chains. The Annals of Mathematical Statistics 41(1), 164–171 (1970)

    Article  MathSciNet  MATH  Google Scholar 

  13. Thompson, K., Miller, G., Wilder, R.: Wide-area Internet traffic patterns and characteristics. IEEE Network 11(6), 10–23 (1997)

    Article  Google Scholar 

  14. Feldmann, A.: Characteristics of TCP Connection Arrivals. Technical memorandum, AT&T Labs Research (1998)

    Google Scholar 

  15. Johnson, R.A., Wichern, D.W. (eds.): Applied multivariate statistical analysis. Prentice-Hall, Inc., Upper Saddle River (1988)

    MATH  Google Scholar 

  16. AMULE: aMule, http://www.amule.org (last accessed: January 2013)

  17. OpenDPI: OpenDPI, http://www.opendpi.org (last accessed: January 2013)

Download references

Author information

Authors and Affiliations

  1. Department of Signal Theory, Telematics and Communication, CITIC - ETSIIT, University of Granada, C/ Periodista Daniel Saucedo Aranda s/n, E-18071, Spain

    Rafael A. Rodríguez-Gómez, Gabriel Maciá-Fernández & Pedro García-Teodoro

Authors
  1. Rafael A. Rodríguez-Gómez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabriel Maciá-Fernández
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pedro García-Teodoro
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, ETSI Informatica, University of Malaga, Campus de Teatinos, 29071, Malaga, Spain

    Javier Lopez

  2. School of Mathematics and Computer Science, Fujian Normal University, No. 32 Shangsan Road, 350007, Fuzhou, China

    Xinyi Huang

  3. Institute for Cyber Security,, University of Texas at San Antonio, One UTSA Circle, 78249, San Antonio, TX, USA

    Ravi Sandhu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rodríguez-Gómez, R.A., Maciá-Fernández, G., García-Teodoro, P. (2013). Stochastic Traffic Identification for Security Management: eDonkey Protocol as a Case Study. In: Lopez, J., Huang, X., Sandhu, R. (eds) Network and System Security. NSS 2013. Lecture Notes in Computer Science, vol 7873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38631-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38631-2_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38630-5

  • Online ISBN: 978-3-642-38631-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation