HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Traffic Classification and Application Identification in Network Forensics

Abstract : Network traffic classification is an absolute necessity for network monitoring, security analyses and digital forensics. Without accurate traffic classification, the computational demands imposed by analyzing all the IP traffic flows are enormous. Classification can also reduce the number of flows that need to be examined and prioritized for analysis in forensic investigations.This chapter presents an automated feature elimination method based on a feature correlation matrix. Additionally, it proposes an enhanced statistical protocol identification method, which is compared against Bayesian network and random forests classification methods that offer high accuracy and acceptable performance. Each classification method is used with a subset of features that best suit the method. The methods are evaluated based on their ability to identify the application layer protocols and the applications themselves. Experiments demonstrate that the random forests classifier yields the most promising results whereas the proposed enhanced statistical protocol identification method provides an interesting trade-off between higher performance and slightly lower accuracy.
Document type :
Conference papers
Complete list of metadata

Cited literature [32 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, January 22, 2019 - 9:44:31 AM
Last modification on : Wednesday, November 18, 2020 - 1:36:02 PM
Long-term archiving on: : Tuesday, April 23, 2019 - 1:47:28 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Jan Pluskal, Ondrej Lichtner, Ondrej Rysavy. Traffic Classification and Application Identification in Network Forensics. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.161-181, ⟨10.1007/978-3-319-99277-8_10⟩. ⟨hal-01988838⟩



Record views


Files downloads