Performance evaluation of classification and feature selection algorithms for NetFlow-based protocol recognition
| dc.contributor.author | Abt, Sebastian | |
| dc.contributor.author | Wener, Sascha | |
| dc.contributor.author | Baier, Harald | |
| dc.contributor.editor | Horbach, Matthias | |
| dc.date.accessioned | 2019-03-07T09:31:44Z | |
| dc.date.available | 2019-03-07T09:31:44Z | |
| dc.date.issued | 2013 | |
| dc.description.abstract | Protocol recognition is a commonly required technique to deploy servicedependent billing schemes and to secure computer networks, e.g., to reliably determine the protocol used for a botnet command and control (C & C) channel. In the past, different deep packet inspection based approaches to protocol recognition have been proposed. However, such approaches suffer from two drawbacks: first, they fail when data streams are encrypted, and second, they do not scale at high traffic rates. To overcome these limitations, in this paper we evaluate the performance in terms of precision and recall (i.e., accuracy) of different feature selection and classification algorithms with regard to NetFlow-based protocol recognition. As NetFlow does not rely on payload information and gives a highly aggregated view on network communication, it serves as a natural data source in ISP networks. Our evaluation shows that NetFlow based protocol detection achieves high precision and recall rates of more than 92% for widespread protocols used for C&C communication (e.g., HTTP, DNS). | en |
| dc.identifier.isbn | 978-3-88579-614-5 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/20648 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-220 | |
| dc.title | Performance evaluation of classification and feature selection algorithms for NetFlow-based protocol recognition | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 2197 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 2184 | |
| gi.conference.date | 16.-20. September 2013 | |
| gi.conference.location | Koblenz | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- 2184.pdf
- Größe:
- 415.47 KB
- Format:
- Adobe Portable Document Format