Home > Published Issues > 2013 > Volume 8, No. 12, December 2013 >

Reconciling Multiple Matches for the Signature-Based Application Identification

Justin Tharp1, Jinoh Kim1, Sang C. Suh1 , and Hyeonkoo Cho2
1.University of Texas A&M – Commerce, Department of Computer Science, Commerce, Texas 75428, USA
2.Sysmate Inc., 1290 Dunsan-Dong Seo-Gu, Deajeon, 302-830, Korea

Abstract— Accurate application identification is one of the core elements of network operations and management to provide enhanced network services and security. While the signature-based approach that examines packet content for identification is attractive with greater accuracy than the traditional technique relying on TCP port numbers, one potential challenge is multiple matches arising when more than a single application identifies the data stream in question. In that case, the input stream cannot be adequately classified solely by the help of the application signatures, and it is necessary to establish an additional process that reconciles such multiple matches in order to make the final identification decision. In this paper, we address the problem of multiple matches by developing a set of selection heuristics that help accurately identify the application associated with the input data stream. The heuristics choose one out of a set of applications using their own unique discrimination function, and the input traffic can be classified into the selected application. Our experimental results with a recent traffic data set show that our proposed method successfully deals with multiple matches, achieving a high degree of identification accuracy up to 99% with respect to precision and recall.
Index Terms—Application identification, application signatures, multiple matches, network operations and management

Cite: Justin Tharp, Jinoh Kim, Sang C. Suh, and Hyeonkoo Cho, "Reconciling Multiple Matches for the Signature-Based Application Identification," Journal of Communications, vol. 8, no. 12, pp. 883-892, 2013. doi: 10.12720/jcm.8.12.883-892