Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지

Research on Signature Maintenance Method for Internet Application Traffic Identification using Header Signatures

헤더 기반 인터넷 응용 트래픽 분석을 위한 시그니쳐 관리 방법에 관한 연구

  • 윤성호 (고려대학교 대학원 컴퓨터정보학과) ;
  • 김명섭 (고려대학교 대학원 컴퓨터정보학과)
  • Received : 2011.07.11
  • Accepted : 2011.09.08
  • Published : 2011.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

The need for application traffic classification becomes important for the effective use of network resources. The header-based identification method uses the header signature {IP address, port number, transport layer protocol TCP/UDP)}extracted from Internet application server to overcome some limitations overhead, payload encryption, etc.) of previous methods. A lots signature is extracted because this method uses header information of server. So, we need a maintenance method to keep essential signatures. In this paper, we represent the signature maintenance method using properties of identified traffic and history of the signature. Also, we prove the feasibility and applicability of our proposed method by an acceptable experimental result.

효율적인 네트워크 관리를 위한 응용 트래픽 분석의 중요성이 강조되고 있다. 헤더 기반 분석 방법론은 기존 분석 방법론의 한계점들분석 오버헤드, 페이로드 암호화 등)을 극복하기 위해 응용 트래픽의 헤더 정보를 시그니쳐로 추출{IP address, port number, transport layer protocol TCP/UDP)}하여 트래픽을 분석한다. 헤더 기반 트래픽 분석 방법론은 헤더 정보를 사용하기 때문에 많은 양의 시그니쳐가 추출된다. 따라서 최적의 시그니쳐를 유지할 수 있는 관리 방법이 필요하다. 본 논문에서는 시그니쳐로 분석된 트래픽의 특성과 시그니쳐의 분석이력을 이용하여 최적의 시그니쳐를 관리하는 방법론을 제안한다. 또한, 실험과 검증을 통하여 헤더 시그니쳐 관리 방법의 타당성을 증명한다.

Keywords

References

  1. Myung-Sup Kim, Young J.Won, James Won-Ki Hong, "Application-Level Traffic Monitoring and an Analysis on IP Networks", ETRI Journal, Vol. 27, No.1, pp. 22-42, 2005. https://doi.org/10.4218/etrij.05.0104.0040
  2. S. Sen, J. Wang, "Analyzing peer-to-peer traffic across large networks", Internet Measurement Conference (IMC), Proc. Of the 2nd ACM SIGCOMM Workshop on Internet measurement, pp. 137-150, 2002.
  3. Internet Assigned Numbers Authority list, http://www.iana.org/assignments/port-numbers
  4. A. Moore, K. Papagiannaki, "Toward the Accurate Identification of Network Applications," Proc. PAM 2005, Boston, USA, 2005.
  5. F. Gringoli, L. Salgarelli, M. Dusi, N. Cascarano, F. Risso, K. Claffy, "GT: picking up the truth from the ground for Internet traffic," ACM SIGCOMM Computer Communication Review, 39(4), Oct. 2009.
  6. T. Karagiannis, A.Broido, M. Faloutsos, and kc claffy.Transport layer identification of P2P traffic. InACM/SIGCOMM IMC, 2004.
  7. M. Baldi, A. Baldini, N. Cascarano, and F. Risso, "Service-based traffic classification: Principles and validation", Proc. of the IEEE 2009 Sarnoff Symposium, Princeton, NJ, USA, Mar. 2009.
  8. Sung-Ho Yoon, Jin-Wan Park, Young-Seok Oh, Jun-Sang Park, and Myung-Sup Kim, "Internet Application Traffic Classification Using Fixed IP-port," Proc. of the Asia-Pacific Network Operations and Management Symposium(APNOMS) 2009, LNCS5787, Jeju, Korea, Sep. 23-25, pp. 21-30, 2009.
  9. V. Carela-Espanol, P. Barlet-Ros, M. Sole-Simo, A. Dainotti, W. de Donato, and A. Pescape, "K-Dimensional Trees for Continuous Traffic Classification," in Traffic Monitoring and Analysis: Second International Workshop, TMA 2010, Zurich, Switzerland, pp. 141, 2010.
  10. Byung-Chul Park, Young J. Won, Myung-Sup Kim, James W. Hong, "Towards Automated Application Signature Generation for Traffic Identification," Proc. of the IEEE/IFIP Network Operations and Management Symposium (NOMS) 2008, Salvador, Bahia, Brazil, Apri. 7-11, pp. 160-167, 2008.
  11. Cisco, NetFlow Services and Applications, White Paper, http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html.
  12. Chen, B.C., Yegneswaran, V., Barford, P., Ramakrishnan, R., "Toward a Query Language for Network Attack Data", 22nd International Conference on Data Engineering Workshops (ICDEW'06), pp. 28-36. IEEE Press, New York, 2006
  13. Bittorrent on http://www.bittorrent.com/
  14. Fileguri on http://www.fileguri.com/
  15. Internet Explorer on http://windows.microsoft.com/ko-KR/internet-explorer/downloads/ie
  16. Nateon on http://nateonweb.nate.com/
  17. K. Xu, Z. Zhang, and S. Bhattacharya, "Profiling Internet Backbone Traffic: Behavior Models and Applications", ACM SIGCOMM, pp. 169-180, 2005.
  18. Lan, K and Heidemann, J, "A measurement study of correlations of internet flow characteristics", Elsevier Computer Networks, 50(1), pp. 46-62, 2006. https://doi.org/10.1016/j.comnet.2005.02.008