DOI QR코드

DOI QR Code

페이로드 시그니쳐 매칭 순서 최적화를 통한 응용 트래픽 분류 속도 향상

Application Traffic Identification Speed Improvement by Optimizing Payload Signature Matching Sequence

  • Lee, Sung-Ho (Korea University Department of Computer and Information Science) ;
  • Park, Jun-Sang (Korea University Department of Computer and Information Science) ;
  • Kim, Myung-Sup (Korea University Department of Computer and Information Science) ;
  • Seok, Woojin (University of Science & Technology)
  • 투고 : 2014.11.03
  • 심사 : 2015.03.16
  • 발행 : 2015.03.31

초록

응용 레벨 트래픽 분류는 안정적인 네트워크 운영과 자원 관리를 위해서 필수적으로 요구된다. 트래픽분류에 있어 페이로드 시그니쳐 기반 응용 레벨 트래픽 분류 방법은 고속 링크의 트래픽을 실시간으로 처리하는 과정에 서 헤더 정보 및 통계 정보 이용 방법론에 비해 상대적으로 높은 부하를 발생시키고 시그니쳐 개수가 증가 할수록 트래픽의 발생 특징과 각 시그니쳐의 가치를 반영하지 않은 매칭 방법 때문에 분석 속도가 감소하는 단점이 있다. 본 논문에서는 페이로드 시그니쳐 기반 응용 트래픽 분석 속도의 향상을 위하여 각 페이로드 시그니쳐 별 트래픽 분석 효율을 고려하여 리스트에 존재하는 시그니쳐 순서를 재정렬 하는 방법을 제안한다. 제안하는 방법은 재정렬되지 않은 시그니쳐 리스트를 적용했을 때 보다 평균 30%정도의 분석 속도 향상을 얻을 수 있었다.

The traffic classification is a preliminary and essential step for stable network service provision and efficient network resource management. However, the payload signature-based method has significant drawbacks in high-speed network environment that the processing speed is much slower than other methods such as header-based and statistical methods. In addition, as signature numbers are increasing, traffic analysis speed also declines because of signature matching method that does not consider analytic efficiency of each signature and traffic occurrence feature. In this paper, we propose a signature list reordering method in order by analytic value of each signature. When we reordered the signature list by the proposed method, we achieved about 30% improvement in speed of the traffic analysis compared with random signature list.

키워드

참고문헌

  1. J. S. Park, J. W. Park, S. H. Yoon, Y. S. Oh, and M. S. Kim, "Development of signature generation system and verification network for application level traffic classification," in Proc. KIPS Conf., pp. 1288-1291, Pusan, Korea, Apr. 2009.
  2. S. H. Yoon, H. G. Roh, and M. S. Kim, "Internet application traffic classification using traffic measurement agent," in Proc. KICS Summer Conf., pp. 1747-1750, Jeju Island, Korea, Jul. 2008.
  3. S.-H. Yoon and M.-S. Kim, "Research on signature maintenance method for internet application traffic identification using header signatures," J. KICS, vol. 36 no. 6, pp. 600- 607, Jun. 2011. https://doi.org/10.7840/KICS.2011.36B.6.600
  4. R. Antonello, S. Fernandes, D. Sadok, and J. Kelner, "Characterizing signature sets for testing DPI systems," in Proc. IEEE GLOBECOM Management of Emerging Networks and Services Workshop, pp. 678- 683, Houston, TX, USA, Dec. 2011.
  5. Y. Jin, N. Duffield, J. Erman, P. Haffner, S. Sen, and Z.-L. Zhang, "A modular machine learning system for flow-level traffic classification in large networks," ACM Trans. Knowledge Discovery from Data, vol. 6, no. 1, pp. 1-34, Mar. 2012.
  6. S.-H. Yoon and M.-S. Kim, "Behavior signature for big data traffic identification," in Proc. Int. Conf. Big Data and Smart Comput. (BigComp), pp. 261-266, Bangkok, Thailand, Jan. 2014.
  7. F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '06), pp. 93-102, San Jose, USA, Dec. 2006.
  8. C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 195-203, Orlando, USA, Dec. 2007.
  9. G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis, "Regular expression matching on graphics hardware for intrusion detection," in Proc. 12th Int. Symp. Recent Advances Intrusion Detection (RAID '09), pp. 265-283, Saint-Malo, France, Sept. 2009.
  10. T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd Ed., MIT Press and McGraw-Hill, 2001.
  11. J.-H. Choi and M.-S. Kim, "Processing speed improvement of traffic classification based on payload signature hierarchy," in Proc. Asia-Pacific Network Operations and Management Symp.(APNOMS), Hiroshima, Japan, Sept. 2013.
  12. S.-H. Yoon and M.-S. Kim, "Performance improvement of a real-time traffic identification system on a multi-core CPU environment," J. KICS, vol. 37B, no. 5, pp. 348-356, May 2012.
  13. A. Mitra, W. Najjar, and L. Bhuyan, "Compiling PCRE to FPGA for accelerating SNORT IDS," in Proc. 3rd ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 127-136, Orlando, USA, Dec. 2007.
  14. J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system using application traffic locality," J. KICS, vol. 38B, no. 7, pp. 519-525, Jul. 2013. https://doi.org/10.7840/kics.2013.38B.7.519
  15. J. S. Park, S. H. Yoon, M. S. Kim, "Software architecture for a lightweight payload signature-based traffic classification system," in Proc. Traffic Monitoring and Anal. Workshop, pp. 136-149, Vienna, Austria, Apr. 2011.
  16. J. S. Park and M. S. Kim, "Performance improvement of application-level traffic classification system using application traffic pattern," in Proc. KICS Summer Conf., pp. 3-7, Jeju, Korea, Jun. 2011.