Skip to Main content Skip to Navigation
Conference papers

Traffic Classification and Application Identification in Network Forensics

Abstract : Network traffic classification is an absolute necessity for network monitoring, security analyses and digital forensics. Without accurate traffic classification, the computational demands imposed by analyzing all the IP traffic flows are enormous. Classification can also reduce the number of flows that need to be examined and prioritized for analysis in forensic investigations.This chapter presents an automated feature elimination method based on a feature correlation matrix. Additionally, it proposes an enhanced statistical protocol identification method, which is compared against Bayesian network and random forests classification methods that offer high accuracy and acceptable performance. Each classification method is used with a subset of features that best suit the method. The methods are evaluated based on their ability to identify the application layer protocols and the applications themselves. Experiments demonstrate that the random forests classifier yields the most promising results whereas the proposed enhanced statistical protocol identification method provides an interesting trade-off between higher performance and slightly lower accuracy.
Document type :
Conference papers
Complete list of metadata

Cited literature [32 references]  Display  Hide  Download

https://hal.inria.fr/hal-01988838
Contributor : Hal Ifip <>
Submitted on : Tuesday, January 22, 2019 - 9:44:31 AM
Last modification on : Wednesday, November 18, 2020 - 1:36:02 PM
Long-term archiving on: : Tuesday, April 23, 2019 - 1:47:28 PM

File

472401_1_En_10_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Jan Pluskal, Ondrej Lichtner, Ondrej Rysavy. Traffic Classification and Application Identification in Network Forensics. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.161-181, ⟨10.1007/978-3-319-99277-8_10⟩. ⟨hal-01988838⟩

Share

Metrics

Record views

102

Files downloads

25