An Automatic Application Signature Construction System for Unknown Traffic
Identifying applications and classifying network traffic flows according to their source applications are critical for a broad range of network activities. Such a decision can be based on packet header fields, packet payload content, statistical characteristics of traffic and communication patterns of network hosts. However, most present techniques rely on some sort of a priori knowledge, which means they require labor-intensive preprocessing before running and cannot deal with previously unknown applications. In this paper, the authors propose a traffic classification system based on application signatures, with a novel approach to fully automate the process of deriving signatures from unidentified traffic.