Use this URL to cite or link to this record in EThOS:
Title: Network application detection techniques
Author: Bharadia, Ketan R.
Awarding Body: Loughborough University
Current Institution: Loughborough University
Date of Award: 2001
Availability of Full Text:
Access from EThOS:
Access from Institution:
In this thesis, some new approaches for identifying which real-time multimedia applications are running over a network of computers are presented. Conventional techniques involve capture and decode of the packet stream generated and are generally targeted at standards-based network applications (e.g. H.323). The new techniques presented in this thesis rely on the examination of the characteristics and features of the traffic stream itself and attempt to identify those applications which are not standards-based or utilise packet encryption. A significant proportion of the work involved the analysis of several classes of applications and the nature of the traffic generated by them. The results of these analyses suggested that the packet size distribution profile could be used as a 'finger print' for each application. One can compare the profiles extracted from the traffic stream from a particular part of a network with a set of stored profiles thus allowing the determination of which applications are running. In order to test effectiveness of the comparison techniques and the packet size distribution as the application signature, a prototype detector was built. It will be shown that these techniques function well even with 'difficult' applications that dynamically negotiate network connections. As such, applications cannot simply be identified via their packet port numbers. The techniques also have the advantage over packet decode techniques of not requiring the capture of every packet in the stream, or even capture from the beginning of the session. Also, they require only superficial, (readily available) technical information concerning the application. The techniques are completely transparent to the applications.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
Keywords: Network application ; detection techniques