Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from debugging and security to analytics and policy support. Traditionally, managers have relied on application adherence to a well established global port mapping: Web traffic on port 80, mail traffic on port 25 and so on. However, a range of factors - including firewall port blocking, tunneling, dynamic port allocation, and a bloom of new distributed applications - has weakened the value of this approach. We analyze three alternative mechanisms using statistical and structural content models for automatically identifying traffic that uses the same application-layer protocol, relying solely on flow content. In this manner, known applications may be identified regardless of port number, while traffic from one unknown application will be identified as distinct from another. We evaluate each mechanism's classification performance using real-world traffic traces from multiple sites.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Ethereal: A network protocol analyzer. http://www.ethereal.com.
	2	S. Baset and H. Schulzrinne. An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol. Technical report, Columbia University, New York, NY, 2004.
	3	Laurent Bernaille , Renata Teixeira , Ismael Akodkenou , Augustin Soule , Kave Salamatian, Traffic classification on the fly, ACM SIGCOMM Computer Communication Review, v.36 n.2, April 2006  [doi>10.1145/1129582.1129589]
	4	K. Claffy, G. Miller, and K. Thompson. The nature of the best: Recent measurements from an Internet backbone. In Proc. of INET '98, jul, 1998.
	5	Thomas M. Cover , Joy A. Thomas, Elements of information theory, Wiley-Interscience, New York, NY, 1991
	6	C. Dewes, A. Wichmann, and A. Feldmann. An Analysis of Internet Chat Systems. In Proc. of the Second Internet Measurement Workshop (IMW), Nov 2002.
	7	C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, and C. Diot. Packet-level Traffic Measurements from the Sprint IP Backbone. IEEE Network, 17(6):6--16, 2003.
	8	Patrick Haffner , Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, ACAS: automated construction of application signatures, Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data, August 26-26, 2005, Philadelphia, Pennsylvania, USA  [doi>10.1145/1080173.1080183]
	9	IANA. TCP and UDP port numbers. http://www.iana.org/assignments/port-numbers.
	10	T. Karagiannis, A. Broido, N. Brownlee, K. Claffy, and M. Faloutsos. Is P2P dying or just hiding? In IEEE Globecom 2004 - Global Internet and Next Generation Networks, Dallas/Texas, USA, Nov, 2004. IEEE.
	11	T. Karagiannis, A. Broido, M. Faloutsos, and K. Claffy. Transport Layer Identification of P2P Traffic. In Proc. of the Second Internet Measurement Workshop (IMW), Nov 2002.
	12	Thomas Karagiannis , Konstantina Papagiannaki , Michalis Faloutsos, BLINC: multilevel traffic classification in the dark, Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, August 22-26, 2005, Philadelphia, Pennsylvania, USA
	13	Petar Maymounkov , David Mazières, Kademlia: A Peer-to-Peer Information System Based on the XOR Metric, Revised Papers from the First International Workshop on Peer-to-Peer Systems, p.53-65, March 07-08, 2002
	14	A. Moore and D. Papagiannaki. Toward the Accurate Identification of Network Applications. In Proc. of the Passive and Active Measurement Workshop, mar 2005.
	15	Andrew W. Moore , Denis Zuev, Internet traffic classification using bayesian analysis techniques, Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 06-10, 2005, Banff, Alberta, Canada
	16	Tim Oliver , Bertil Schmidt , Douglas Maskell, Hyper customized processors for bio-sequence database scanning on FPGAs, Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays, February 20-22, 2005, Monterey, California, USA  [doi>10.1145/1046192.1046222]
	17	Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.23-24, p.2435-2463, Dec. 1999  [doi>10.1016/S1389-1286(99)00112-7]
	18	Dave Plonka, FlowScan: A Network Traffic Flow Reporting and Visualization Tool, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
	19	A. Sanfeliu and K. Fu. A Distance Measure Between Attributed Relational Graphs for Pattern Recognition. IEEE Transactions on Systems, Man and Cybernetics, SMC-13(3):353--362, 1981.
	20	Subhabrata Sen , Oliver Spatscheck , Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA  [doi>10.1145/988672.988742]
	21	T. F. Smith and M. S. Waterman. Identification of Common Molecular Subsequences. Journal of Molecular Biology, 147, 1981. http://gel.ym.edu.tw/~chc/AB_papers03/.pdf.
	22	G. Voss, A. Schröder, W. Müller-Wittig, and B. Schmidt. Using Graphics Hardware to Accelerate Biological Sequence Analysis. In Proc. of IEEE Tencon, Melbourne, Australia, 2005.
	23	S. Zander, T. Nguyen, and G. Armitage. Self-learning IP Traffic Classification based on Statistical Flow Characteristics. In Proc. of the 6th Passive and Active Network Measurement Workshop, March 2005.