[Bro-Dev] paper on protocol identification
vern at icir.org
Fri Oct 28 00:36:38 PDT 2011
> Seems weird that it doesn't reference the DPD paper..
As you work (crawl) your way up the ivory tower, you learn to read tea
leaves associated with lame work. In this case, (1) INFOCOM is an
unimpressive venue to appear in (crap-shoot regarding the significance of
accepted papers), but in particular (2) once you finally read between the
lines, this is a 5-page *workshop* paper co-located with INFOCOM (expected
quality level drops precipitously).
So yeah, the lack of citation winds up not being surprising.
That said, they appear to be pushing on looking at port numbers plus
payload of first packet, which is certainly more light-weight than DPD.
OTOH, I'm pretty sure previous schemes have looked at this, too.
More information about the bro-dev