Bharadia.pdf (76.76 MB)
Download file

Network application detection techniques

Download (76.76 MB)
thesis
posted on 11.05.2022, 14:29 by Ketan Bharadia

In this thesis, some new approaches for identifying which real-time multimedia applications are running over a network of computers are presented. Conventional techniques involve capture and decode of the packet stream generated and are generally targeted at standards-based network applications (e.g. H.323). The new techniques presented in this thesis rely on the examination of the characteristics and features of the traffic stream itself and attempt to identify those applications which are not standards-based or utilise packet encryption.

A significant proportion of the work involved the analysis of several classes of applications and the nature of the traffic generated by them. The results of these analyses suggested that the packet size distribution profile could be used as a ‘finger print’ for each application. One can compare the profiles extracted from the traffic stream from a particular part of a network with a set of stored profiles thus allowing the determination of which applications are running. In order to test effectiveness of the comparison techniques and the packet size distribution as the application signature, a prototype detector was built.

It will be shown that these techniques function well even with ‘difficult’ applications that dynamically negotiate network connections. As such, applications cannot simply be identified via their packet port numbers. The techniques also have the advantage over packet decode techniques of not requiring the capture of every packet in the stream, or even capture from the beginning of the session. Also, they require only superficial, (readily available) technical information concerning the application. The techniques are completely transparent to the applications.

History

School

  • Mechanical, Electrical and Manufacturing Engineering

Publisher

Loughborough University

Rights holder

© Ketan R. Bharadia

Publication date

2001

Notes

A Doctoral Thesis. Submitted in partial fulfilment of the requirements for the award of the degree of Doctor of Philosophy of Loughborough University.

EThOS Persistent ID

uk.bl.ethos.247912

Language

en

Supervisor(s)

David Parish ; Iain Phillips

Qualification name

PhD

Qualification level

Doctoral

This submission includes a signed certificate in addition to the thesis file(s)

I have submitted a signed certificate