Flow-based traffic retrieval using statistical features

摘要

This paper proposes a new technique, flow-based traffic retrieval (FBTR), to find traffic flows that satisfy an information need from within large collections of network traffic. It is shown that flow-based traffic retrieval will become a powerful tool in network management and security. For example, the retrieved traffic flows can be used to help analysing new applications/protocols and detecting unknown attacks. In the context of flow-based traffic retrieval, a traffic flow is represented by a vector that consists of a set of flow statistics, such as the average of packet sizes and the average of inter-packet times. The user can submit a traffic flow, or several traffic flows, and ask for “similar” traffic flows to be retrieved from a traffic collection. Similarity search is based on comparing flow vectors in a feature space. We have done some preliminary experiments to evaluate the performance of flow-based traffic retrieval. The results show flow-based traffic retrieval has potential to quickly and accurately find user-interested network traffic, even encrypted traffic.