A signature-based identification process for automated network traffic classification

Accurate application identification is one of the core elements of network operations and management to provide enhanced network services and security. While the signature-based approach that examines packet content for identification is attractive with greater accuracy than the traditional technique relying on TCP port numbers, one challenge is that applications generate over hundreds of signatures which makes it impractical to classify network traffic with such a large set of signatures due to a high degree of computational complexity for signature matching. In this thesis, I explore a set of techniques for signature refinement to improve the quality of signatures that enable us to identify unknown flows and decrease the number of signatures for saving memory and putting less strain on the processor. Another potential challenge is multiple matches arising when more than a single application identifiesthe data stream in question. In that case, the input stream cannot be adequately classified solely by the help of the application signatures, and it is necessary to establish an additional process that reconcilessuch multiple matches in order to make the final identification decision. In this thesis, I also present selection methods that could efficiently address the problem of multiple matches. As a result, this thesis provides an effective process for signature-based network application identification.