Toward Robust and Extensible Automatic Protocol Identification

Conventional network protocol identification based on well-known port numbers is no longer sufficient to identify and classify traffic in modern networks. Applications have developed means by which to dynamically change port numbers, users select alternate ports, and attackers attempt to trick identification systems by changing ports. Embracing the position that correctness should not be sacrificed for speed, we introduce an architecture for signature-based, fully stream-aware, automated identification of network protocols, called SAND, which is capable of classifying TCP traffic independently of port number with the goal of obtaining the most demonstrably accurate results possible. The hope is that this work will foster further efforts to revive research into intelligent protocol identification and analysis

View this publication:
International Conference on Internet Computing