Research Objectives

Correct and efficient classification of network traffic according to application layer protocols is essential for most network-management, resource allocation, and intrusion detection systems. With the ever increasing number of protocols and services running on non-standard transport-layer ports, the classification methods based on the analysis of the transport layer header are rapidly becoming ineffective. On the other hand, mechanisms based on full payload analysis, which have been proposed in the recent years, are too computationally demanding to be run on most high-bandwidth links.

Therefore, the main goal of the NetSignal project is to design and develop robust and efficient traffic classification tools for IP networks useful for anomaly detection, intrusion detection and intrusion prevention systems, enforcement of network security policies by traffic filtering, QoS management & traffic engineering, network provisioning.

Public Traces

In order to share classification results with other research groups we are setting up a repository of anonymized traces stored in XML format.

Those traces can be found in the repository

Source Code

We are developing a framework for traffic analysis designed to deal with standard libpcap traffic traces and with XML traces. To do so we defined a standard format to describe traffic, the THF - traffic header format. The specs of this format will be published soon. For now please consider this commented excerpt

The source code si written in python and can be found in the source code area