Go to TIFS 2018 homepageNetwork Traffic Fingerprinting Based on Approximated Kernel Two-Sample Test
Abstract: Many applications and communication protocols exhibit unique communication patterns that can be exploited to identify them in network traffic. This paper proposes a method to represent these patterns compactly, such that they can be used in different analytical tasks. The method treats each communication as a set of observations of a random variable with unknown probability distribution. This view allows us to derive the representation from a distance between two probability distributions used in maximum mean discrepancy—a non-parametric kernel test. The representation (and distance) can be then easily used in various algorithms for identification of communicating application and data analysis, independently of the specific type of input data.
0 Replies
Loading