Traffic classification in enterprise network : Preliminary results

En-Najjary, Taoufik; Urvoy-Keller, Guillaume
Research Report RR-10-235




Enterprise networks have a complexity that sometimes rival the one of the larger Internet. Still, enterprise traffic has received little attention so far from the research community. Most studies rely on port numbers to identify applications. In this work, we introduce a method to build statistical classifiers to detect specific intranet applications. We exemplify the approach with traces collected within the Eurecom network.We demonstrate that our statistical classifiers are able to classify the majority of the flows in our traces. For the cases when the traffic on a specific port cannot be fully identified with our application/protocol decoder, e.g., encrypted traffic, we demonstrate that our approach can be used to test the homogeneity of the traffic, i.e., that the corresponding flows share a common statistical signature that differs from the one of the rest of the traffic.

Sécurité numérique
Eurecom Ref:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Research Report RR-10-235 and is available at :
See also: