Konferenzbeitrag
Performance evaluation of classification and feature selection algorithms for NetFlow-based protocol recognition
Vorschaubild nicht verfügbar
Volltext URI
Dokumententyp
Text/Conference Paper
Dateien
Zusatzinformation
Datum
2013
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Protocol recognition is a commonly required technique to deploy servicedependent billing schemes and to secure computer networks, e.g., to reliably determine the protocol used for a botnet command and control (C & C) channel. In the past, different deep packet inspection based approaches to protocol recognition have been proposed. However, such approaches suffer from two drawbacks: first, they fail when data streams are encrypted, and second, they do not scale at high traffic rates. To overcome these limitations, in this paper we evaluate the performance in terms of precision and recall (i.e., accuracy) of different feature selection and classification algorithms with regard to NetFlow-based protocol recognition. As NetFlow does not rely on payload information and gives a highly aggregated view on network communication, it serves as a natural data source in ISP networks. Our evaluation shows that NetFlow based protocol detection achieves high precision and recall rates of more than 92% for widespread protocols used for C&C communication (e.g., HTTP, DNS).