1. Publications
  2. A first look at traffic classification in enterprise networks
print

A first look at traffic classification in enterprise networks

En-Najjary, Taoufik ; Urvoy-Keller, Guillaume
TRAC 2010, 1st ACM International Workshop on Traffic Analysis and Classification, June 28th-July 2nd, 2010, Caen, France

 

 

 

 

 

 

Enterprise networks have a complexity that sometimes rival the one of the larger Internet. Still, enterprise traffic has received little attention so far from the research community.Most studies rely on port numbers to identify applications. In this work, we introduce a method to build statistical classifiers to detect specific intranet applications. We exemplify the approach with traces collected within the Eurecom network. We demonstrate that our statistical classifiers are able to classify the majority of the flows in our traces. For the cases when the traffic on a specific port cannot be fully identified with our application/protocol decoder, e.g., encrypted traffic, we demonstrate that our approach can be used to test the homogeneity of the traffic, i.e., that the corresponding flows share a common statistical signature that differs from the one of the rest of the traffic.


Detail
Document
DOI
BIBTEX
Type:
Conférence
City:
Caen
Date:
2010-06-28
Department:
Sécurité numérique
Eurecom Ref:
3051
Copyright:
© ACM, 2010. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in TRAC 2010, 1st ACM International Workshop on Traffic Analysis and Classification, June 28th-July 2nd, 2010, Caen, France
http://dx.doi.org/10.1145/1815396.1815571
See also:
EN-NAJJARY Taoufik
PERMALINK : https://www.eurecom.fr/publication/3051