P220 - INFORMATIK 2013 - Informatik angepasst an Mensch, Organisation und Umwelt
Auflistung P220 - INFORMATIK 2013 - Informatik angepasst an Mensch, Organisation und Umwelt nach Autor:in "Abt, Sebastian"
1 - 1 von 1
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragPerformance evaluation of classification and feature selection algorithms for NetFlow-based protocol recognition(INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt, 2013) Abt, Sebastian; Wener, Sascha; Baier, HaraldProtocol recognition is a commonly required technique to deploy servicedependent billing schemes and to secure computer networks, e.g., to reliably determine the protocol used for a botnet command and control (C & C) channel. In the past, different deep packet inspection based approaches to protocol recognition have been proposed. However, such approaches suffer from two drawbacks: first, they fail when data streams are encrypted, and second, they do not scale at high traffic rates. To overcome these limitations, in this paper we evaluate the performance in terms of precision and recall (i.e., accuracy) of different feature selection and classification algorithms with regard to NetFlow-based protocol recognition. As NetFlow does not rely on payload information and gives a highly aggregated view on network communication, it serves as a natural data source in ISP networks. Our evaluation shows that NetFlow based protocol detection achieves high precision and recall rates of more than 92% for widespread protocols used for C&C communication (e.g., HTTP, DNS).