HTTP-tunnel traffic classification

Pao Yue-kong Library Electronic Theses Database

HTTP-tunnel traffic classification

 

Author: Liu, Dejian James
Title: HTTP-tunnel traffic classification
Degree: M.Sc.
Year: 2007
Subject: Hong Kong Polytechnic University -- Dissertations.
HTTP (Computer network protocol)
Machine learning.
Hypertext systems.
Department: Dept. of Computing
Pages: viii, 90 leaves : ill. ; 30 cm.
Language: English
InnoPac Record: http://library.polyu.edu.hk/record=b2148062
URI: http://theses.lib.polyu.edu.hk/handle/200/529
Abstract: There is a growing need for accurate and timely classification of network traffic flows. The focus of the dissertation is to classify the different application traffics that are tunnelled inside HTTP. Application after tunnelled generally show similar statistical behaviour as HTTP traffics and become difficult to identify statistically. Overheads caused by HTTP-tunnel such as 'probe packets' are generated differently based on different application being tunnelled and are useful to identify a tunnel application. For applications that have similar HTTP-Tunnel overhead pattern, they can be classified with dynamics of big messages that span across several TCP packets. Total 30 Directional and bidirectional flow metrics are used in this work to describe the HTTP-tunnel traffics. With these flow metrics, a classifier is trained by machine learning algorithms using a clean data set. The classifier is then used to classify HTTP related traffics including HTTP Web Browsing, File Transferring, Game, Instant Messages, Real Streaming, TELNET, Covert Channel etc. The result shows 88% overall accuracy and 78-96% individual class accuracy. Machine learning algorithm C4.5 Decision Tree and k Nearest Neighbour have notable accuracy result (94.1% and 93.2% respectively). The best mean recall rate is 0.89. Flow based and Volume based results are similar. Volume based result is generally better.

Files in this item

Files Size Format
b2148062x.pdf 2.024Mb PDF
Copyright Undertaking
As a bona fide Library user, I declare that:
  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.

     

Quick Search

Browse

More Information