Conference presentation
Internet Archeology: Estimating individual application trends in incomplete historic traffic traces
Passive and Active Measurement Workshop (PAM) 2006 (Adelaide, South Australia, 30/03/2006–31/03/2006)
2006
Abstract
Public traffic traces are often obfuscated for privacy reasons, leaving network historians with only port numbers from which to identify past application traffic trends. However, it is misleading to make assumptions simply based on default port numbers for many applications. Traffic classification based on machine learning could provide a solution. By training a classifier using representative traffic samples, we can differentiate between distinct, but possibly similar, applications in previously anonymised trace files. Using popular peer-to-peer and online game applications as examples, we show that their traffic flows can be separated after-the-fact without using port numbers or packet payload. We also address how to obtain negative training examples, propose an approach that works with any existing machine-learning algorithm, and present a preliminary evaluation based on real traffic data.
Details
- Title
- Internet Archeology: Estimating individual application trends in incomplete historic traffic traces
- Authors/Creators
- S. Zander (Author/Creator)N. Williams (Author/Creator)G. Armitage (Author/Creator)
- Conference
- Passive and Active Measurement Workshop (PAM) 2006 (Adelaide, South Australia, 30/03/2006–31/03/2006)
- Identifiers
- 991005545531607891
- Murdoch Affiliation
- Murdoch University
- Language
- English
- Resource Type
- Conference presentation
Metrics
42 File views/ downloads
102 Record Views