Traffic Classification and Application Identification in Network Forensics
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F18%3APU130682" target="_blank" >RIV/00216305:26230/18:PU130682 - isvavai.cz</a>
Result on the web
<a href="http://dx.doi.org/10.1007/978-3-319-99277-8" target="_blank" >http://dx.doi.org/10.1007/978-3-319-99277-8</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1007/978-3-319-99277-8" target="_blank" >10.1007/978-3-319-99277-8</a>
Alternative languages
Result language
angličtina
Original language name
Traffic Classification and Application Identification in Network Forensics
Original language description
Network traffic classification is an absolute necessity for network monitoring, security analysis, and digital forensics. Without accurate traffic classification, computation demands on analysis of all IP flows are enormous. Classification can also reduce the number of flows that need to be analyzed, prioritize, and order them for an investigator to analyze the most forensically significant first. This paper presents an automatic feature elimination method based on a feature correlation matrix. Furthermore, we compare two algorithms adapted from literature, that offer high accuracy and acceptable performance, and our algorithm -- Enhanced Statistical Protocol Identification (ESPI). Each of these algorithms is used with a subset of features that best suits it. We evaluate these algorithms on their ability to identify application layer protocols and additionally applications themselves. Experiments show that the Random Forest based classifier yields the most promising results, whereas our algorithm provides an interesting tradeoff between higher performance and slightly lower accuracy.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/VI20172020062" target="_blank" >VI20172020062: Integrated platform for analysis of digital data from security incidents</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2018
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Fourteenth Annual IFIP WG 11.9 International Conference on Digital Forensics
ISBN
978-3-319-99277-8
ISSN
1868-4238
e-ISSN
1868-422X
Number of pages
21
Pages from-to
161-181
Publisher name
Springer International Publishing
Place of publication
New Delhi
Event location
New Delhi
Event date
Jan 3, 2018
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
000475838900010