The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Behavior Based Signature Extraction Method for Internet Application Traffic Identification

인터넷 응용 트래픽 분석을 위한 행위기반 시그니쳐 추출 방법

  • 윤성호 (고려대학교 컴퓨터정보학과 네트워크 관리 연구실) ;
  • 김명섭 (고려대학교 컴퓨터정보학과 네트워크 관리 연구실)
  • Received : 2013.02.14
  • Accepted : 2013.04.26
  • Published : 2013.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

The importance of application traffic identification is emphasized for the efficient network management with recent rapid development of internet. In this paper, we present the application traffic identification method using the behavior based signature to improve the previous limitations. The behavior based signature is made by combining the existing various traffic features, and uses the Inter-Flow unit that is combination of the first request packet of each flow. All signatures have 100% precision when measured the accuracy of 5 applications using at home and abroad to prove the feasibility of the proposed signature.

최근 급격한 인터넷의 발전으로 효율적인 네트워크관리를 위해 응용 트래픽 분석의 중요성이 강조되고 있다. 본 논문에서는 기존 분석 방법의 한계점을 보완하기 위하여 행위기반 시그니쳐를 이용한 응용 트래픽 분석 방법을 제안한다. 행위기반 시그니쳐는 기존에 제안된 다양한 트래픽 특징을 조합하여 사용할 뿐만 아니라, 복수 개 플로우들의 첫 질의 패킷을 분석 단위로 사용한다. 제안한 행위기반 시그니쳐의 타당성을 검증하기 위해 국내외 응용 5종을 대상으로 정확도를 측정결과, 모든 응용에서 100% Precision을 나타내었다.

Keywords

References

  1. S.-H. Yoon and M.-S. Kim, "A study of performance improvement of internet application traffic identification using flow correlation," J. KICS, vol. 36, no. 6, pp. 600-607, May 2011. https://doi.org/10.7840/KICS.2011.36B.6.600
  2. S. Sen and J. Wang, "Analyzing peer-to-peer traffic across large networks," in Proc. Internet Measurement Conf. (IMC), pp. 137-150, Marseille, France, Nov. 2002.
  3. IANA, IANA port number list, Retrieved 5, 24, 2013, from http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml.
  4. J. Zhang and A. Moore, "Traffic trace artifacts due to monitoring via port mirroring," in Proc. End-to-End Monitoring Techniques and Services (E2EMON), pp. 1-8, Munich, Germany, May 2007.
  5. F. Risso, M. Baldi, O. Morandi, A. Baldini, and P. Monclus, "Lightweight, payload-based traffic classification: an experimental evaluation," in Proc. IEEE Int. Conf. Commun (ICC) '08, pp. 5869-5875, Beijing, China, May 2008.
  6. J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Software architecture for a lightweight payload signature-based traffic classification system," in Proc. 3rd Int. Conf. Traffic Monitoring and Analysis (TMA) '11, pp. 136-149, Vienna, Austria, Apr. 2011.
  7. K. Xu, Z.-L. Zhang, and S. Bhattacharya, "Profiling internet backbone traffic: behavior models and applications," in Proc. ACM SIGCOMM 2005, pp. 169-180, Philadelphia, U.S.A., Aug. 2005.
  8. A. W. Moore and D. Zuev, "Internet traffic classification using bayesian analysis techniques," in Proc. ACM SIGMETRICS, pp. 50-60, Banff, Canada, June 2005.
  9. T. Karagiannis, K. Papagiannaki, and M. Faloutsos, "BLINC: multilevel traffic classification in the dark," in Proc. ACM SIGCOMM 2005, pp. 229-240, Philadelphia, U.S.A., Aug. 2005.
  10. A. Callado, C. Kamienski, G. Szabo, B. Gero, J. Kelner, S. Fernandes, and D. Sadok, "A survey on internet traffic identification," IEEE Commun. Surveys Tutorials, vol. 11, no. 3, pp. 37-52, July 2009. https://doi.org/10.1109/SURV.2009.090304
  11. B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, "Towards automated application signature generation for traffic identification," in Proc. IEEE NOMS 2008, pp. 160-167, Salvador, Brazil, Apr. 2008.