The objective of this work is the comparison of two types of feature sets for the classification of encrypted traffic such as SSH. To this end, two learning algorithms - RIPPER and C4.5 - are employed using packet header and flow-based features. Traffic classification is performed without using features such as IP addresses, source/destination ports and payload information. Results indicate that the feature set based on packet header information is comparable with flow based feature set in terms of a high detection rate and a low false positive rate. © 2009 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Alshammari, R., & Zincir-Heywood, A. N. (2009). A preliminary performance comparison of two feature sets for encrypted traffic classification. In Advances in Soft Computing (Vol. 53, pp. 203–210). https://doi.org/10.1007/978-3-540-88181-0_26
Mendeley helps you to discover research relevant for your work.