This paper discusses our recent results in the classification of human-based ssh traffic as compared to machine-based scp traffic. Since both of these services, ssh and scp, use the same port, port 22, this classification problem occurs within a quite natural framework. Results that illustrate an exploratory analysis of the data will be presented along with some preliminary classification results.

In this work, we first briefly introduce the concept of IP flow classification on a general conceptual level. The intention is to rise above the technological details and create a conceptual point of view on flow classification and closely related issues. Then we move on to study and compare earlier flow classification methods such as the all and selected flow classifier and the packet count fl...

In recent years, the number and variety of malicious mobile apps have increased drastically, especially on Android platform, which brings insurmountable challenges for malicious app detection. Researchers endeavor to discover the traces of malicious apps using network traffic analysis. In this study, we combine network traffic analysis with machine learning methods to identify malicious network...

The growing usage of smartphones in everyday life is deeply (and rapidly) changing the nature of traffic traversing home and enterprise networks, and the Internet. Different tools and middleboxes, such as performance enhancement proxies, network monitors and policy enforcement devices, base their functions on the knowledge of the applications generating the traffic. This requirement is tightly ...

Although the widely-used Transport Layer Security (TLS) protocol hides application data, an unencrypted part of TLS handshake, specifically server name indication (SNI), is a backdoor for encrypted traffic classification frameworks. The recently developed Encrypted ClientHello (ECH) amendment to aims protect privacy-sensitive content message, including SNI. Conversely, ECH can be game-changer i...

Interconnected systems, such as Web servers, database servers are now under threats from network attackers. Denial-of-service (DoS) attack is one such means which severely degrades the availability of a victim, which can be a host, a router, an entire network. They impose intensive computation tasks to the victim by flooding it with huge amount of useless packets. The victim is forced out of se...

Mobile traffics are becoming more dominant due to growing usage of mobile devices and proliferation of IoT. The influx of mobile traffics introduce some new challenges in traffic classifications; namely the diversity complexity and behavioural dynamism complexity. Existing traffic classifications methods are designed for classifying standard protocols and user applications with more determinist...