TRANSACTION BASED NETWORK APPLICATION SIGNATURES FOR TEXT BASED PROTOCOLS

摘要

A method for profiling network traffic of a network. The method includes extracting cells from bi-directional payloads generated by a network application, wherein each cell comprises at least one direction reversal in a corresponding bi-directional flow, generating a cell group comprising a portion of the cells that are similar, analyzing the cell group to generate a signature of the network application, and classifying, based on the signature of the network application, a new bi-directional flow as being generated by the network application.

主权项

1. A method for profiling network traffic of a network, comprising:
identifying, by a processor of a computer system and based on a pre-determined criterion, a training set from a plurality of bi-directional flows obtained from the network traffic, wherein the training set is associated with a network application, wherein each bi-directional flow comprises a sequence of captured payloads exchanged between a server and a client of the network; extracting, by the processor and based on a first pre-determined algorithm, a plurality of cells from the plurality of captured payloads, wherein each cell comprises a consecutive portion of the sequence of captured payloads, wherein the consecutive portion comprises at least one direction reversal in a corresponding bi-directional flow; analyzing, by the processor and based on a second pre-determined algorithm, a portion of the plurality of cells to calculate a similarity measure representing similarity among cells in the portion of the plurality of cells; generating, in response to the similarity measure exceeding a pre-determined threshold, a cell group comprising the portion of the plurality of cells; analyzing, by the processor and based on a third pre-determined algorithm, the cell group to generate a signature of the network application; and classifying, by the processor and based on the signature of the network application, a new bi-directional flow, separate from the plurality of bi-directional flows, as being generated by the network application.