| Network traffic identification plays an important role in network design, network management, traffic control and security check. There are a lot of methods of traffic identification. Stream pattern is a unified way to describe a flow by combining various methods effectively. Most present traffic identification methods need a priori knowledge base, the knowledge base generation is a manual hard process. Automated traffic identification is a trend.On the basis of the stream pattern, a framework of the automated generation of the stream pattern is proposed. After the traffic classification, encrypted flow is distinguished from the unencrypted flow firstly. Secondly, for the unencrypted flow, the payload characteristics are extracted; for the encrypted flow, the statistical characteristics are extracted. Lastly, the stream pattern for the flow is generated. The main contributions of this paper are as follows:1. Put forward a method of distinguishing the encrypted flow from the unencrypted flow. From the entropy theory, it can be done by the random test of the cipher algorithms. The distinction lays a good foundation of the unified automated traffic identification. It breaks through the limit of the single technology of automated traffic identification.2. For the unencrypted flow, the application signature can be extracted by using the longest common substring algorithm. The extraction can be done automatically through LCS string-matching algorithm. It overcomes the drawback of the manual analysis which is time-consuming and effort-consuming.3. For the encrypted flow, the machine learning algorithms are researched. The K-means cluster method is studied. The study shows that the K-means method is quick and effective after choosing a proper K value and the center. |
PDF Full Text Request