Network managers are inevitably called upon to associate network traffic with particular applications. Indeed, this operation is critical for a wide range of management functions ranging from debugging and security analytics policy support. Traditionally, have relied on application adherence well established global port mapping: Web 80, mail 25 so on. However, factors - including firewall blocking, tunneling, dynamic allocation, bloom new distributed applications has weakened the value approach. We analyze three alternative mechanisms using statistical structural content models automatically identifying that uses same application-layer protocol, relying solely flow content. In manner, known may be identified regardless number, while one unknown will as distinct another. evaluate each mechanism's classification performance real-world traces multiple sites.

Load

Load