Early Application Identification |
INTRODUCTION | ||||||||||||||
"Early Application Identifcation" is a method to identify the application using a TCP connection as early as possible. This method uses only the size of the first few packets of a TCP connection combined with the port number to identify applications. | ||||||||||||||
PUBLICATIONS | ||||||||||||||
|
||||||||||||||
PRESENTATIONS | ||||||||||||||
|
||||||||||||||
SOFTWARE | ||||||||||||||
MATLAB LIBRARYThe matlab scripts used in this work are available here. For details on the method please refer to the conext paper. You can find detailled explanations about these scripts in the README included in the tarball.PCAP CLASSIFIERThis classifier relies on model generated with the Matlab library. This tarball contains models using the size of the first three packets for the following applications: bittorent, edonkey, ftp, http, msn, nntp, pop3, smtp, ssh, ssl. To generate models for other sets of applications, please use the tools from our Matlab Library. |
||||||||||||||
DATA SETS | ||||||||||||||
The Matlab Tools tarball contains a few sample data sets to discover our tool. Here, you can download these data sets as well as specific ones for some applications. We plan to add other data sets shortly. These data sets use the following format:
It is difficult to gather traces including TCP payloads (which we need during the training process to establish the ground truth about the application that generated a given connection). |
||||||||||||||
WHO ARE WE? | ||||||||||||||
CONTACT | ||||||||||||||
If you use these tools, or have any comments or questions about them, please let us know: laurent.bernaille@lip6.fr | ||||||||||||||
AKNOWLEDGEMENTS | ||||||||||||||
These tools were developped with financial support from RNRT grants through the projects METROPOLIS and OSCAR and from the ACI Sécurité Informatique grant through the project METROSEC. |
||||||||||||||