Classification of Hidden Network Streams

  • Matthew Gebski
  • Alex Penev
  • Raymond K. Wong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4081)


Traffic analysis is an important issue for network monitoring and security. We focus on identifying protocols for network traffic by analysing the size, timing and direction of network packets. By using these network stream characteristics, we propose a technique for modelling the behaviour of various TCP protocols. This model can be used for recognising protocols even when running under encrypted tunnels. This is complemented with experimental evaluation on real world network data.


Bipartite Graph Intrusion Detection Packet Size Intrusion Detection System Computer Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Antonatos, S., Anagnostakis, K., Polychronakis, M., Markatos, E.: Performance analysis of content matching intrusion detection systems (2004)Google Scholar
  2. 2.
    Clark, C.R., Schimmel, D.E.: A pattern-matching co-processor for network intrusion detection systems. In: IEEE International Conference on Field-Programmable Technology (FPT), Tokyo, Japan, pp. 68–74 (2003)Google Scholar
  3. 3.
    Early, J.P., Brodley, C.E., Rosenberg, C.: Behavioral authentication of server flows. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, p. 46, Washington, DC, USA, IEEE Computer Society, Los Alamitos (2003)Google Scholar
  4. 4.
    Gebski, M., Wong, R.K.: Intrusion detection via analysis and modelling of user commands. In: Data Warehousing and Knowledge Discovery, pp. 388–397 (2005)Google Scholar
  5. 5.
    Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6(4), 443–471 (2003)CrossRefGoogle Scholar
  6. 6.
    Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: KDD 2002: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366–375. ACM Press, New York (2002)CrossRefGoogle Scholar
  7. 7.
    Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference, pp. 11–21 (1994)Google Scholar
  8. 8.
    Lane, T., Brodley, C.E.: Approaches to online learning and concept drift for user identification in computer security. In: Knowledge Discovery and Data Mining, pp. 259–263 (1998)Google Scholar
  9. 9.
    Lane, T., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. ACM Trans. Inf. Syst. Secur. 2(3), 295–331 (1999)CrossRefGoogle Scholar
  10. 10.
    Lee, W.: Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility. SIGKDD Explor. Newsl. 4(2), 35–42 (2002)CrossRefGoogle Scholar
  11. 11.
    Ryan, J., Lin, M.-J., Miikkulainen, R.: Intrusion detection with neural networks. In: Jordan, M.I., Kearns, M.J., Solla, S.A. (eds.) Advances in Neural Information Processing Systems, vol. 10, MIT Press, Cambridge (1998)Google Scholar
  12. 12.
    Sequeira, K., Zaki, M.: Admit: anomaly-based data mining for intrusions. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 386–395. ACM Press, New York (2002)CrossRefGoogle Scholar
  13. 13.
    Sun, Q., Simon, D.R., Wang, Y.-M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: IEEE Symposium on Security and Privacy, pp. 19–30 (2002)Google Scholar
  14. 14.
    Wright, C., Monrose, F., Masson, G.M.: Hmm profiles for network traffic classification. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 9–15. ACM Press, New York (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Matthew Gebski
    • 1
  • Alex Penev
    • 1
  • Raymond K. Wong
    • 1
  1. 1.National ICT Australia, and School of Computer Science & EngineeringUniversity of New South WalesSydneyAustralia

Personalised recommendations