Abstract
Network protocol identification, or traffic classification, plays a key role in field of network monitoring, management, and optimization. Deep Packet Inspection (DPI) technology is the most popular and effective way of protocol identification. However, the accuracy of deep packet inspection often depends on the selection of protocol features, which is a complex task. To cope with the ever-increasing types of network protocols and identify traffic of them, we propose a basic model of protocol traces, and propose GramMatch, an automatic protocol feature extraction and identification system based on the model. It first aligns packets in the protocol flows by similarity with order, and then uses n-gram’s statistical features for keyword segmentation and gets keywords’ correlated characteristic as the protocol features. Finally, it performs protocol identification based on features extracted. We test GramMatch on eleven commonly used protocols and compare it with other algorithms and DPI programs. Our results prove that GramMatch is an effective, broadly applicable and better protocol feature extraction and identification system which can identify the network traces of a protocol with a weighted precision reached up to 99.81%, and a weighted recall reached up to 98.21%.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
