Using visual motifs to classify encrypted traffic
VizSEC(2006)
摘要
In an effort to make robust traffic classification more accessible to human operators, we present visualization techniques for network traffic. Our techniques are based solely on network information that remains intact after application-layer encryption, and so offer a way to visualize traffic "in the dark". Our visualizations clearly illustrate the differences between common application protocols, both in their transient (i.e., time-dependent)and steady-state behavior. We show how these visualizations can be used to assist a human operator to recognize application protocols in unidentified traffic and to verify the results of an automated classifier via visual inspection. In particular, our preliminary results show that we can visually scan almost 45,000 connections in less than one hour and correctly identify known application behaviors. Moreover, using visualizations together with an automated comparison technique based on Dynamic Time Warping of the motifs, we can rapidly develop accurate recognizers for new or previously unknown applications.
更多查看译文
关键词
unidentified traffic,unknown application,application protocol,human operator,application behavior,common application protocol,robust traffic classification,network traffic,visual motif,automated comparison technique,automated classifier,encrypted traffic,dynamic time warping,network security,traffic classification,visual inspection,steady state
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络