Loughborough University
Bharadia.pdf (76.76 MB)

Network application detection techniques

Download (76.76 MB)
posted on 2022-05-11, 14:29 authored by Ketan Bharadia

In this thesis, some new approaches for identifying which real-time multimedia applications are running over a network of computers are presented. Conventional techniques involve capture and decode of the packet stream generated and are generally targeted at standards-based network applications (e.g. H.323). The new techniques presented in this thesis rely on the examination of the characteristics and features of the traffic stream itself and attempt to identify those applications which are not standards-based or utilise packet encryption.

A significant proportion of the work involved the analysis of several classes of applications and the nature of the traffic generated by them. The results of these analyses suggested that the packet size distribution profile could be used as a ‘finger print’ for each application. One can compare the profiles extracted from the traffic stream from a particular part of a network with a set of stored profiles thus allowing the determination of which applications are running. In order to test effectiveness of the comparison techniques and the packet size distribution as the application signature, a prototype detector was built.

It will be shown that these techniques function well even with ‘difficult’ applications that dynamically negotiate network connections. As such, applications cannot simply be identified via their packet port numbers. The techniques also have the advantage over packet decode techniques of not requiring the capture of every packet in the stream, or even capture from the beginning of the session. Also, they require only superficial, (readily available) technical information concerning the application. The techniques are completely transparent to the applications.



  • Mechanical, Electrical and Manufacturing Engineering


Loughborough University

Rights holder

© Ketan R. Bharadia

Publication date



A Doctoral Thesis. Submitted in partial fulfilment of the requirements for the award of the degree of Doctor of Philosophy of Loughborough University.

EThOS Persistent ID



  • en


David Parish ; Iain Phillips

Qualification name

  • PhD

Qualification level

  • Doctoral

This submission includes a signed certificate in addition to the thesis file(s)

  • I have submitted a signed certificate

Usage metrics

    Mechanical, Electrical and Manufacturing Engineering Theses


    Ref. manager