By Topic

MCC: A Message and Command Correlation method for identifying new interactive protocols via session analyses

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
4 Author(s)
Chenglong Li ; Tsinghua National Lab for Information Science and Technology (TNList), Beijing 100084, China; Department of Computer Science & Technology, Tsinghua University, Beijing 100084, China ; Yibo Xue ; Yingfei Dong ; Dongsheng Wang

Traffic classification is critical to effective network management. However, more and more proprietary, encrypted, and dynamic protocols make traditional traffic classification methods less effective. A Message and Command Correlation (MCC) method was developed to identify interactive protocols (such as P2P file sharing protocols and Instant Messaging (IM) protocols) by session analyses. Unlike traditional packet-based classification approaches, this method exploits application session information by clustering packets into application messages which are used for further classification. The efficacy and accuracy of the MCC method was evaluated with real world traffic, including P2P file sharing protocols Thunder and Bit-Torrent, and IM protocols QQ and GTalk. The tests show that the false positive rate is less than 3% and the false negative rate is below 8%, and that MCC only needs to check 8.7% of the packets or 0.9% of the traffic. Therefore, this approach has great potential for accurately and quickly discovering new types of interactive application protocols.

Published in:

Tsinghua Science and Technology  (Volume:17 ,  Issue: 3 )