http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
Joint Analysis of Port and Protocol via Endpoint Measurement: An Empirical Study
Chengshang Hou,Gaopeng Gou,Gang Xiong,Zhen Li 한국통신학회 2020 한국통신학회 APNOMS Vol.2020 No.09
As network services continuously evolving, accurately classifying traffic is important for network operators to optimize QoS and customize policy. Network service uses non-standard ports and protocol obfuscation causing damage to the accurate port-based and payload-based traffic classification. However, Deep Packet Inspection (DPI) technique, which combines the payload-based method and port-based method, is still adopted by practitioners from the academic and industrial community. In this paper, we investigate the DPI classification result on a large network to estimate the impact of two factors. We qualify the popularity of non-standard port among different protocols. By endpoint filtering, we discover a large proportion of non-standard ports are opened temporally. We show there still is strong association between P2P protocols and camouflaged protocol. In particular, using both host and label association between endpoints, we find camouflaged protocols exhibit an abnormal port span that is different with the original protocol and are similar to the port span of P2P protocols.