All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Traffic Classification and Application Identification in Network Forensics

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F18%3APU130682" target="_blank" >RIV/00216305:26230/18:PU130682 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1007/978-3-319-99277-8" target="_blank" >http://dx.doi.org/10.1007/978-3-319-99277-8</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-319-99277-8" target="_blank" >10.1007/978-3-319-99277-8</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Traffic Classification and Application Identification in Network Forensics

  • Original language description

    Network traffic classification is an absolute necessity for network monitoring, security analysis, and digital forensics. Without accurate traffic classification, computation demands on analysis of all IP flows are enormous. Classification can also reduce the number of flows that need to be analyzed, prioritize, and order them for an investigator to analyze the most forensically significant first. This paper presents an automatic feature elimination method based on a feature correlation matrix. Furthermore, we compare two algorithms adapted from literature, that offer high accuracy and acceptable performance, and our algorithm -- Enhanced Statistical Protocol Identification (ESPI). Each of these algorithms is used with a subset of features that best suits it. We evaluate these algorithms on their ability to identify application layer protocols and additionally applications themselves. Experiments show that the Random Forest based classifier yields the most promising results, whereas our algorithm provides an interesting tradeoff between higher performance and slightly lower accuracy.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/VI20172020062" target="_blank" >VI20172020062: Integrated platform for analysis of digital data from security incidents</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2018

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Fourteenth Annual IFIP WG 11.9 International Conference on Digital Forensics

  • ISBN

    978-3-319-99277-8

  • ISSN

    1868-4238

  • e-ISSN

    1868-422X

  • Number of pages

    21

  • Pages from-to

    161-181

  • Publisher name

    Springer International Publishing

  • Place of publication

    New Delhi

  • Event location

    New Delhi

  • Event date

    Jan 3, 2018

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000475838900010

Similar results(10)

AppIdent - Tool for Network Application Protocols IdentificationA Survey of Methods for Encrypted Traffic Classification and AnalysisNetwork Traffic Classification Based on Single Flow Time Series Analysis