Skip to Main Content
Network flow data is widely used to analyze the protocol mix forwarded by a router or to identify anomalies that may be caused by hardware and software failures, configuration errors, or intrusion attempts. The goal of our research is to find application signatures in network flow traces that can be used to pinpoint certain applications, such as specific web browsers, mail clients, or media-players. Our starting point is the hypothesis that popular applications generate application specific flow signatures. In order to verify our hypothesis, we recorded traffic traces of several applications and we subsequently analyzed the traces to identify flow signatures of these applications. The flow signatures were formalized as queries of a stream-based flow query language. The queries have been executed on several flow traces in order to evaluate our approach.