Identification of source applications for enhanced traffic analysis and anomaly detection

Abstract

This article presents an architecture for managing the identification of applications responsible for generating traffic in a network. The identification is to be explored by network auditing systems, which cooperate with surveyed systems to get the relevant information about the source applications. The ultimate goal of the system is to provide network auditors, such as NIDS, enough information about the exact sources of network traffic. This way, auditors are able to detect unauthorized applications or to detect anomalies in the traffic created by known applications, possibly as a consequence of the action of some malware in the source application or host.