Download now Free registration required
Monitoring network traffic and classifying applications are essential functions for network administrators. These tasks are becoming increasingly challenging since many applications obfuscate their traffic using nonstandard ports, and new applications constantly appear. This suggests the need for a behavioral-based approach, where the detector looks for fundamental behaviors of the application that are both intrinsic to the application and distinct from normal traffic. Identifying intrinsic behaviors makes it difficult for application writers to disguise such behaviors without defeating the very purpose of the application. In this paper, the authors propose a graph-based representation of network traffic which captures the network-wide interactions of applications.
- Format: PDF
- Size: 437.1 KB