%0 Conference Proceedings %T Traffic Classification and Application Identification in Network Forensics %+ Brno University of Technology [Brno] (BUT) %A Pluskal, Jan %A Lichtner, Ondrej %A Rysavy, Ondrej %Z Part 3: Network Forensics %< avec comité de lecture %( IFIP Advances in Information and Communication Technology %B 14th IFIP International Conference on Digital Forensics (DigitalForensics) %C New Delhi, India %Y Gilbert Peterson %Y Sujeet Shenoi %I Springer International Publishing %3 Advances in Digital Forensics XIV %V AICT-532 %P 161-181 %8 2018-01-03 %D 2018 %R 10.1007/978-3-319-99277-8_10 %K Protocol identification %K application identification %K machine learning %Z Computer Science [cs]Conference papers %X Network traffic classification is an absolute necessity for network monitoring, security analyses and digital forensics. Without accurate traffic classification, the computational demands imposed by analyzing all the IP traffic flows are enormous. Classification can also reduce the number of flows that need to be examined and prioritized for analysis in forensic investigations.This chapter presents an automated feature elimination method based on a feature correlation matrix. Additionally, it proposes an enhanced statistical protocol identification method, which is compared against Bayesian network and random forests classification methods that offer high accuracy and acceptable performance. Each classification method is used with a subset of features that best suit the method. The methods are evaluated based on their ability to identify the application layer protocols and the applications themselves. Experiments demonstrate that the random forests classifier yields the most promising results whereas the proposed enhanced statistical protocol identification method provides an interesting trade-off between higher performance and slightly lower accuracy. %G English %Z TC 11 %Z WG 11.9 %2 https://inria.hal.science/hal-01988838/document %2 https://inria.hal.science/hal-01988838/file/472401_1_En_10_Chapter.pdf %L hal-01988838 %U https://inria.hal.science/hal-01988838 %~ IFIP-LNCS %~ IFIP %~ IFIP-AICT %~ IFIP-TC %~ IFIP-WG %~ IFIP-TC11 %~ IFIP-DF %~ IFIP-WG11-9 %~ IFIP-AICT-532