Stochastic Traffic Identification for Security Management: eDonkey Protocol as a Case Study

Capítulo de livro Revisado por pares

Stochastic Traffic Identification for Security Management: eDonkey Protocol as a Case Study

2013; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-38631-2_1

ISSN

1611-3349

Autores

Rafael A. Rodríguez‐Gómez, Gabriel Macía-Fernández, Pedro García‐Teodoro,

Tópico(s)

Spam and Phishing Detection

Resumo

Traffic identification is a relevant issue for network operators nowadays. As P2P services are often used as an attack vector, Internet Service Providers (ISPs) and network administrators are interested in modeling the traffic transported on their networks with behavior identification and classification purposes. In this paper, we present a stochastic detection approach, based on the use of Markov models, for classifying network traffic to trigger subsequent security related actions. The detection system works at flow level considering the packets as incoming observations, and is capable of analyze both plain and encrypted communications. After suggesting a general structure for modeling any network service, we apply it to eDonkey traffic classification as a case study. After successfully evaluating our approach with real network traces, the experimental results evidence the way our methodology can be used to model normal behaviors in communications for a given target service.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Stochastic Traffic Identification for Security Management: eDonkey Protocol as a Case Study