Online Identification of Applications Using Statistical Behavior Analysis
The problem of identifying applications online and directly from traffic flows recently has been a subject of great interest. Traditional techniques relying on port numbers or payload signatures are becoming less effective. In this paper, the authors present an approach to online identification of applications using statistical behavior analysis. They investigate both host-level identification and flow-level identification. For each level, they define the suitable metrics that can be computed fast and effectively exploited by the identification process.