Network Application Identification Based on Communication Characteristics of Application Messages
A person-to-person information sharing is easily realized
by P2P networks in which servers are not essential. Leakage
of information, which are caused by malicious accesses for P2P
networks, has become a new social issues. To prevent information
leakage, it is necessary to detect and block traffics of P2P software.
Since some P2P softwares can spoof port numbers, it is difficult to
detect the traffics sent from P2P softwares by using port numbers.
It is more difficult to devise effective countermeasures for detecting
the software because their protocol are not public.
In this paper, a discriminating method of network applications
based on communication characteristics of application messages
without port numbers is proposed. The proposed method is based
on an assumption that there can be some rules about time intervals
to transmit messages in application layer and the number of necessary
packets to send one message. By extracting the rule from network
traffic, the proposed method can discriminate applications without
port numbers.
[1] T.Masak, A.Shingoand, and O.Ikuo. A classification method for
bulk/real-time traffic based on flow statistics. IEICE technical report,
NS2006-28:29-32, May 2006.
[2] T.Kitamura, T.Shizuno, and T.Okabe. Traffic identification method with
packet-type transition pattern analysis. IEICE technical report, NS2006-
27:25-28, May 2006.
[3] N.Fumitaka, M.Takashi, W.Yasushi, and T.Yoshiaki. Traffic feature analysis
and application discrimination. IEICE technical report, NS2007-
80:57-62, Sep. 2006.
[4] T.MATSUDA, F.NAKAMURA, Y.WAKAHARA, and Y.TANAKA. P2p
traffic discrimination technique based on tcp session statistics. 2005
IEICE General Conference, B-6-121, May 2005.
[5] S. Sen, O. Spatscheck, and D. Wang. Accurate, scalable in-network
identification of p2p traffic using application signatures. In WWW -04:
Proceedings of the 13th international conference on World Wide Web,
pages 512-521, 2004.
[6] P. Haffner, S. Sen, O. Spatscheck, and D. Wang. Acas: Automated
construction of application signatures. In SIGCOMM -05 Workshops,
Augst 2005.
[7] M. Roughan, S. Sen, O. Spatscheck, and N. Duffield. Class-of-service
mapping for qos: a statistical signature-based approach to ip traffic
classification. In IMC -04: Proceedings of the 4th ACM SIGCOMM
conference on Internet measurement, pages 135-148. ACM Press, 2004.
[8] T.Karagiannis, K.Papagiannaki, and Michalis Faloutsos. Blinc: Multilevel
traffic classification in the dark. ACM SIGCOMM, pages 229-240,
2005.
[9] T. Karagiannis, A. Broido, M Faloutos, and K.C.Claffy. Transport layer
identification of p2p traffic. In IMC-04, October 2004.
[10] F.Nakamura, T. Matuda, Y.Wakahara, and Y.Tanaka. Traffic feature
analysis and application discrimination. In IEICE technical report,
NS2006-80:57-62, Sep. 2006.
[11] J.Erman, M.Arlitt, and A.Mahaniti. Traffic classification using clustering
algorithms. MineNet -06: Proceedings of the 2006 ACM SIGCOMM
workshop on Mining network data, pages 281-286, 2006.
[12] A. Moore and D. Zuev. Internet traffic classification using bayesian
analysis techniques. In SIGMETRICS-05, 2005.
[13] N. Williams, S. Zander, and G. Armitage. A preliminary performance
comparison of five machine learning algorithms for practical ip traffic
flow classification. In ACM SIGCOMM Computre Communication
Review, Vol.36,Number 5, 2006.
[14] T. Kitamura, T. Shizuno, and T. Okabe. Application classification
method based on flow behavior analysis. In IEICE technical report,
NS2005-136:13-16, Dec. 2005.
[15] L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian.
Traffic classification on the fly. In ACM SIGCOMM Computre Communication
Review, 2006.
[16] L. Bernaille, R.Teixeira, and K. Salamatian. Early application identification.
In In Proc. of Confernce on Future NetworkingTechnologies,
Dec. 2006.
[17] Yuji Waizumi, Abbas Jamalipour, and Yoshiaki Nemoto. Network
application identiffication based on transition pattern of packets. In IEEE
Wireless Rural and Emergency Communications Conference (WRECOM)
2007, Oct 2007.
[18] Shinnosuke Yagi, Yuji Waizumi, Hiroshi Tsunoda, Abbas Jamalipour,
Nei Kato, and Yoshiaki Nemoto. Network application identiffication
using transition pattern of payload length. In IEEE Wireless Commun.
and Network Conference (WCNC) 2008, Apr 2008.
[19] Shinnosuke Yagi, YujiWaizumi, Hiroshi Tsunoda, and Yoshiaki Nemoto.
A reliable network application identification based on transition pattern
of payload length. In IEEE Globecom 2008, Dec 2008.
[20] T.Kohonen. Self-organization and Associate Memory (2nd Edition).
Spring-verlag, 1998.
[1] T.Masak, A.Shingoand, and O.Ikuo. A classification method for
bulk/real-time traffic based on flow statistics. IEICE technical report,
NS2006-28:29-32, May 2006.
[2] T.Kitamura, T.Shizuno, and T.Okabe. Traffic identification method with
packet-type transition pattern analysis. IEICE technical report, NS2006-
27:25-28, May 2006.
[3] N.Fumitaka, M.Takashi, W.Yasushi, and T.Yoshiaki. Traffic feature analysis
and application discrimination. IEICE technical report, NS2007-
80:57-62, Sep. 2006.
[4] T.MATSUDA, F.NAKAMURA, Y.WAKAHARA, and Y.TANAKA. P2p
traffic discrimination technique based on tcp session statistics. 2005
IEICE General Conference, B-6-121, May 2005.
[5] S. Sen, O. Spatscheck, and D. Wang. Accurate, scalable in-network
identification of p2p traffic using application signatures. In WWW -04:
Proceedings of the 13th international conference on World Wide Web,
pages 512-521, 2004.
[6] P. Haffner, S. Sen, O. Spatscheck, and D. Wang. Acas: Automated
construction of application signatures. In SIGCOMM -05 Workshops,
Augst 2005.
[7] M. Roughan, S. Sen, O. Spatscheck, and N. Duffield. Class-of-service
mapping for qos: a statistical signature-based approach to ip traffic
classification. In IMC -04: Proceedings of the 4th ACM SIGCOMM
conference on Internet measurement, pages 135-148. ACM Press, 2004.
[8] T.Karagiannis, K.Papagiannaki, and Michalis Faloutsos. Blinc: Multilevel
traffic classification in the dark. ACM SIGCOMM, pages 229-240,
2005.
[9] T. Karagiannis, A. Broido, M Faloutos, and K.C.Claffy. Transport layer
identification of p2p traffic. In IMC-04, October 2004.
[10] F.Nakamura, T. Matuda, Y.Wakahara, and Y.Tanaka. Traffic feature
analysis and application discrimination. In IEICE technical report,
NS2006-80:57-62, Sep. 2006.
[11] J.Erman, M.Arlitt, and A.Mahaniti. Traffic classification using clustering
algorithms. MineNet -06: Proceedings of the 2006 ACM SIGCOMM
workshop on Mining network data, pages 281-286, 2006.
[12] A. Moore and D. Zuev. Internet traffic classification using bayesian
analysis techniques. In SIGMETRICS-05, 2005.
[13] N. Williams, S. Zander, and G. Armitage. A preliminary performance
comparison of five machine learning algorithms for practical ip traffic
flow classification. In ACM SIGCOMM Computre Communication
Review, Vol.36,Number 5, 2006.
[14] T. Kitamura, T. Shizuno, and T. Okabe. Application classification
method based on flow behavior analysis. In IEICE technical report,
NS2005-136:13-16, Dec. 2005.
[15] L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian.
Traffic classification on the fly. In ACM SIGCOMM Computre Communication
Review, 2006.
[16] L. Bernaille, R.Teixeira, and K. Salamatian. Early application identification.
In In Proc. of Confernce on Future NetworkingTechnologies,
Dec. 2006.
[17] Yuji Waizumi, Abbas Jamalipour, and Yoshiaki Nemoto. Network
application identiffication based on transition pattern of packets. In IEEE
Wireless Rural and Emergency Communications Conference (WRECOM)
2007, Oct 2007.
[18] Shinnosuke Yagi, Yuji Waizumi, Hiroshi Tsunoda, Abbas Jamalipour,
Nei Kato, and Yoshiaki Nemoto. Network application identiffication
using transition pattern of payload length. In IEEE Wireless Commun.
and Network Conference (WCNC) 2008, Apr 2008.
[19] Shinnosuke Yagi, YujiWaizumi, Hiroshi Tsunoda, and Yoshiaki Nemoto.
A reliable network application identification based on transition pattern
of payload length. In IEEE Globecom 2008, Dec 2008.
[20] T.Kohonen. Self-organization and Associate Memory (2nd Edition).
Spring-verlag, 1998.
@article{"International Journal of Electrical, Electronic and Communication Sciences:56791", author = "Yuji Waizumi and Yuya Tsukabe and Hiroshi Tsunoda and Yoshiaki Nemoto", title = "Network Application Identification Based on Communication Characteristics of Application Messages", abstract = "A person-to-person information sharing is easily realized
by P2P networks in which servers are not essential. Leakage
of information, which are caused by malicious accesses for P2P
networks, has become a new social issues. To prevent information
leakage, it is necessary to detect and block traffics of P2P software.
Since some P2P softwares can spoof port numbers, it is difficult to
detect the traffics sent from P2P softwares by using port numbers.
It is more difficult to devise effective countermeasures for detecting
the software because their protocol are not public.
In this paper, a discriminating method of network applications
based on communication characteristics of application messages
without port numbers is proposed. The proposed method is based
on an assumption that there can be some rules about time intervals
to transmit messages in application layer and the number of necessary
packets to send one message. By extracting the rule from network
traffic, the proposed method can discriminate applications without
port numbers.", keywords = "Network Application Identification, Message Transition Pattern", volume = "3", number = "12", pages = "2323-6", }
