{"title":"应用程序流量的精确实时标记","authors":"Sebastian Schäfer, Alexander Löbel, Ulrike Meyer","doi":"10.1109/LCN53696.2022.9843419","DOIUrl":null,"url":null,"abstract":"In this paper, we present the design and implementation of ATLAS, a novel tool for automatically labeling network packets with the process responsible for them. Our tool is able to label all kinds of outbound packets based on Windows events and TCP stream information with ground-truth accuracy. Additionally, it is able to label DNS packets with the correct process name instead of just the DNS resolver. Using ATLAS, it is possible to create large datasets, e.g., to create software fingerprints or train machine learning classifiers. Another use-case is to inspect the network traffic of a machine to determine which application is communicating with whom. We evaluate the performance considering different load scenarios to demonstrate the real-time capacity of ATLAS. Additionally, we analyze the communication endpoints of a Windows 10 host and compare the results before and after disabling all privacy related settings.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Accurate Real-Time Labeling of Application Traffic\",\"authors\":\"Sebastian Schäfer, Alexander Löbel, Ulrike Meyer\",\"doi\":\"10.1109/LCN53696.2022.9843419\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we present the design and implementation of ATLAS, a novel tool for automatically labeling network packets with the process responsible for them. Our tool is able to label all kinds of outbound packets based on Windows events and TCP stream information with ground-truth accuracy. Additionally, it is able to label DNS packets with the correct process name instead of just the DNS resolver. Using ATLAS, it is possible to create large datasets, e.g., to create software fingerprints or train machine learning classifiers. Another use-case is to inspect the network traffic of a machine to determine which application is communicating with whom. We evaluate the performance considering different load scenarios to demonstrate the real-time capacity of ATLAS. Additionally, we analyze the communication endpoints of a Windows 10 host and compare the results before and after disabling all privacy related settings.\",\"PeriodicalId\":303965,\"journal\":{\"name\":\"2022 IEEE 47th Conference on Local Computer Networks (LCN)\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 47th Conference on Local Computer Networks (LCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN53696.2022.9843419\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN53696.2022.9843419","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Accurate Real-Time Labeling of Application Traffic
In this paper, we present the design and implementation of ATLAS, a novel tool for automatically labeling network packets with the process responsible for them. Our tool is able to label all kinds of outbound packets based on Windows events and TCP stream information with ground-truth accuracy. Additionally, it is able to label DNS packets with the correct process name instead of just the DNS resolver. Using ATLAS, it is possible to create large datasets, e.g., to create software fingerprints or train machine learning classifiers. Another use-case is to inspect the network traffic of a machine to determine which application is communicating with whom. We evaluate the performance considering different load scenarios to demonstrate the real-time capacity of ATLAS. Additionally, we analyze the communication endpoints of a Windows 10 host and compare the results before and after disabling all privacy related settings.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
