A statistical approach to TCP session classification

Government computer networks need a real-time network traffic monitoring tool to detect anomalies in network traffic patterns to improve security. Specifically, they need a tool to determine if a host is using a network connection for something other than the intended use. A key step in developing t...

Full description

Saved in:
Bibliographic Details
Main Authors: Moscalu, T., Steel, A.M., Brown, E., Lim, Y.L.
Format: Conference Proceeding
Language:English
Subjects:
Computer networks
Computer security
Design engineering
Intrusion detection
Machine learning algorithms
Network servers
Systems engineering and theory
Telecommunication traffic
Traffic control
USA Councils
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 16
container_issue
container_start_page 11
container_title
container_volume
creator Moscalu, T.
Steel, A.M.
Brown, E.
Lim, Y.L.
description Government computer networks need a real-time network traffic monitoring tool to detect anomalies in network traffic patterns to improve security. Specifically, they need a tool to determine if a host is using a network connection for something other than the intended use. A key step in developing this tool is creating statistical models to accurately identify the application protocols of sessions in a network without relying on port numbers, which conventionally identify them. This paper outlines the construction of these models. Specifically, it focuses on the methods used to build them, which included: structuring network data in a database, aggregating packet level data into sessions, and then identifying the key variables. The models employ variables such as the inter-arrival time between packets, the variance of those times, the distribution of TCP control flags and other information available from the packet headers. The paper examines the significance of these explanatory variables and attempts to determine which would be useful in a real-time implementation.
doi_str_mv 10.1109/SIEDS.2008.4559677
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4559677</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4559677</ieee_id><sourcerecordid>4559677</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-2680c6da138e0d76574571b5cecccc660c6dd3a81ba491d1708dc8eed570f8933</originalsourceid><addsrcrecordid>eNo1T81KAzEYjEhB2-4L6CUvsGu-_OdY1qqFgkJb8FbSJIuR1V02ufj2pljnMjPMMDAI3QFpAIh52G3Wj7uGEqIbLoSRSl2hOXDKOWVSvl-jyij97wXM0PzcNYQagBtUpfRJCoTQ2shbxFc4ZZtjytHZHttxnAbrPnAe8L59wymkFIdv7HpbRFc6udglmnW2T6G68AIdntb79qXevj5v2tW2jqBErqnUxElvgelAvJJCcaHgJFxwBVKeQ8-shpPlBjwoor3TIXihSKcNYwt0_7cbQwjHcYpfdvo5Xl6zX2TRSKE</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A statistical approach to TCP session classification</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Moscalu, T. ; Steel, A.M. ; Brown, E. ; Lim, Y.L.</creator><creatorcontrib>Moscalu, T. ; Steel, A.M. ; Brown, E. ; Lim, Y.L.</creatorcontrib><description>Government computer networks need a real-time network traffic monitoring tool to detect anomalies in network traffic patterns to improve security. Specifically, they need a tool to determine if a host is using a network connection for something other than the intended use. A key step in developing this tool is creating statistical models to accurately identify the application protocols of sessions in a network without relying on port numbers, which conventionally identify them. This paper outlines the construction of these models. Specifically, it focuses on the methods used to build them, which included: structuring network data in a database, aggregating packet level data into sessions, and then identifying the key variables. The models employ variables such as the inter-arrival time between packets, the variance of those times, the distribution of TCP control flags and other information available from the packet headers. The paper examines the significance of these explanatory variables and attempts to determine which would be useful in a real-time implementation.</description><identifier>ISBN: 9781424423651</identifier><identifier>ISBN: 1424423651</identifier><identifier>EISBN: 142442366X</identifier><identifier>EISBN: 9781424423668</identifier><identifier>DOI: 10.1109/SIEDS.2008.4559677</identifier><identifier>LCCN: 2008902911</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer networks ; Computer security ; Design engineering ; Intrusion detection ; Machine learning algorithms ; Network servers ; Systems engineering and theory ; Telecommunication traffic ; Traffic control ; USA Councils</subject><ispartof>2008 IEEE Systems and Information Engineering Design Symposium, 2008, p.11-16</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4559677$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4559677$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Moscalu, T.</creatorcontrib><creatorcontrib>Steel, A.M.</creatorcontrib><creatorcontrib>Brown, E.</creatorcontrib><creatorcontrib>Lim, Y.L.</creatorcontrib><title>A statistical approach to TCP session classification</title><title>2008 IEEE Systems and Information Engineering Design Symposium</title><addtitle>SIEDS</addtitle><description>Government computer networks need a real-time network traffic monitoring tool to detect anomalies in network traffic patterns to improve security. Specifically, they need a tool to determine if a host is using a network connection for something other than the intended use. A key step in developing this tool is creating statistical models to accurately identify the application protocols of sessions in a network without relying on port numbers, which conventionally identify them. This paper outlines the construction of these models. Specifically, it focuses on the methods used to build them, which included: structuring network data in a database, aggregating packet level data into sessions, and then identifying the key variables. The models employ variables such as the inter-arrival time between packets, the variance of those times, the distribution of TCP control flags and other information available from the packet headers. The paper examines the significance of these explanatory variables and attempts to determine which would be useful in a real-time implementation.</description><subject>Computer networks</subject><subject>Computer security</subject><subject>Design engineering</subject><subject>Intrusion detection</subject><subject>Machine learning algorithms</subject><subject>Network servers</subject><subject>Systems engineering and theory</subject><subject>Telecommunication traffic</subject><subject>Traffic control</subject><subject>USA Councils</subject><isbn>9781424423651</isbn><isbn>1424423651</isbn><isbn>142442366X</isbn><isbn>9781424423668</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNo1T81KAzEYjEhB2-4L6CUvsGu-_OdY1qqFgkJb8FbSJIuR1V02ufj2pljnMjPMMDAI3QFpAIh52G3Wj7uGEqIbLoSRSl2hOXDKOWVSvl-jyij97wXM0PzcNYQagBtUpfRJCoTQ2shbxFc4ZZtjytHZHttxnAbrPnAe8L59wymkFIdv7HpbRFc6udglmnW2T6G68AIdntb79qXevj5v2tW2jqBErqnUxElvgelAvJJCcaHgJFxwBVKeQ8-shpPlBjwoor3TIXihSKcNYwt0_7cbQwjHcYpfdvo5Xl6zX2TRSKE</recordid><startdate>200804</startdate><enddate>200804</enddate><creator>Moscalu, T.</creator><creator>Steel, A.M.</creator><creator>Brown, E.</creator><creator>Lim, Y.L.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200804</creationdate><title>A statistical approach to TCP session classification</title><author>Moscalu, T. ; Steel, A.M. ; Brown, E. ; Lim, Y.L.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-2680c6da138e0d76574571b5cecccc660c6dd3a81ba491d1708dc8eed570f8933</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Computer networks</topic><topic>Computer security</topic><topic>Design engineering</topic><topic>Intrusion detection</topic><topic>Machine learning algorithms</topic><topic>Network servers</topic><topic>Systems engineering and theory</topic><topic>Telecommunication traffic</topic><topic>Traffic control</topic><topic>USA Councils</topic><toplevel>online_resources</toplevel><creatorcontrib>Moscalu, T.</creatorcontrib><creatorcontrib>Steel, A.M.</creatorcontrib><creatorcontrib>Brown, E.</creatorcontrib><creatorcontrib>Lim, Y.L.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library Online</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Moscalu, T.</au><au>Steel, A.M.</au><au>Brown, E.</au><au>Lim, Y.L.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A statistical approach to TCP session classification</atitle><btitle>2008 IEEE Systems and Information Engineering Design Symposium</btitle><stitle>SIEDS</stitle><date>2008-04</date><risdate>2008</risdate><spage>11</spage><epage>16</epage><pages>11-16</pages><isbn>9781424423651</isbn><isbn>1424423651</isbn><eisbn>142442366X</eisbn><eisbn>9781424423668</eisbn><abstract>Government computer networks need a real-time network traffic monitoring tool to detect anomalies in network traffic patterns to improve security. Specifically, they need a tool to determine if a host is using a network connection for something other than the intended use. A key step in developing this tool is creating statistical models to accurately identify the application protocols of sessions in a network without relying on port numbers, which conventionally identify them. This paper outlines the construction of these models. Specifically, it focuses on the methods used to build them, which included: structuring network data in a database, aggregating packet level data into sessions, and then identifying the key variables. The models employ variables such as the inter-arrival time between packets, the variance of those times, the distribution of TCP control flags and other information available from the packet headers. The paper examines the significance of these explanatory variables and attempts to determine which would be useful in a real-time implementation.</abstract><pub>IEEE</pub><doi>10.1109/SIEDS.2008.4559677</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9781424423651
ispartof 2008 IEEE Systems and Information Engineering Design Symposium, 2008, p.11-16
issn
language eng
recordid cdi_ieee_primary_4559677
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer networks
Computer security
Design engineering
Intrusion detection
Machine learning algorithms
Network servers
Systems engineering and theory
Telecommunication traffic
Traffic control
USA Councils
title A statistical approach to TCP session classification
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-19T01%3A16%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20statistical%20approach%20to%20TCP%20session%20classification&rft.btitle=2008%20IEEE%20Systems%20and%20Information%20Engineering%20Design%20Symposium&rft.au=Moscalu,%20T.&rft.date=2008-04&rft.spage=11&rft.epage=16&rft.pages=11-16&rft.isbn=9781424423651&rft.isbn_list=1424423651&rft_id=info:doi/10.1109/SIEDS.2008.4559677&rft.eisbn=142442366X&rft.eisbn_list=9781424423668&rft_dat=%3Cieee_6IE%3E4559677%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i175t-2680c6da138e0d76574571b5cecccc660c6dd3a81ba491d1708dc8eed570f8933%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4559677&rfr_iscdi=true