Product Details

AppIdent - Tool for Network Application Protocols Identification

Created: 2017

Czech title
AppIdent - Nástroj pro identifikaci aplikačních protokolů
Type
software
License
In order to use the result by another entity, it is always necessary to acquire a license
License Fee
The licensor does not require a license fee for the result
Authors
Pluskal Jan, Ing., Ph.D. (DIFS)
Keywords

network forensics, network traffic classification, statistical protocol identification, application identification, application protocol identification

Description

Network traffic classification is an absolute necessity for network     monitoring, security analysis, and digital forensics. Without accurate    traffic classification, computation demands on analysis of all IP flows are  enormous. Classification can also reduce the number of flows that need to be analyzed, prioritize, and order them for an investigator to analyze the most forensically significant first. This paper presents an automatic feature elimination method based on a feature correlation matrix. Furthermore, we compare two algorithms adapted from literature, that offer high accuracy and acceptable performance, and our algorithm -- Enhanced Statistical Protocol Identification (ESPI). Each of these algorithms is used with a subset of features that best suits it. We evaluate these algorithms on their ability to identify application layer protocols and additionally applications themselves. Experiments show that the Random Forest based classifier yields the most promising results, whereas our algorithm provides an interesting tradeoff between higher performance and slightly lower accuracy.

Location

https://github.com/pluskal/AppIdent/tree/master

License Conditions

MIT License Copyright (c) 2017 Jan Pluskal Permission is hereby granted, free of charge, to any person obtaining a copyof this software and associated documentation files (the "Software"), to dealin the Software without restriction, including without limitation the rightsto use, copy, modify, merge, publish, distribute, sublicense, and/or sellcopies of the Software, and to permit persons to whom the Software isfurnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in allcopies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THESOFTWARE.

Projects
Integrated platform for analysis of digital data from security incidents, MV, Bezpečnostní výzkum České republiky 2015-2020, VI20172020062, 2017-2020, running
Research groups
NES@FIT - Networks and distributed systems research group (RG NES@FIT)
Departments
Department of Information Systems (DIFS)
Back to top