Using of Flow Statistics for Improvement of Protocol Detection

• Authors: PISKAČ Pavel; NOVOTNÝ Jiří
• Year of publication: 2011
• Type: Article in Proceedings
• Conference: Security and Protection of Information 2011
• MU Faculty or unit: Institute of Computer Science
• Field: Informatics
• Keywords: NetFlow IPFIX protocol detection SSH clustering inter-packet gaps
• Description: This paper describes a protocol detection using statistic information about a flow extended by packet sizes and time characteristics about inter-packet gaps. The data is processed by QT clustering algorithm which divides flows into specific groups.

Related projects

• CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment