The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

High Performance Signature Generation by Quality Evaluation of Payload Signature

페이로드 시그니쳐 품질 평가를 통한 고효율 응용 시그니쳐 탐색

  • Lee, Sung-Ho (Korea University Department of Computer and Information Science) ;
  • Kim, Jong-Hyun (Network Security Research Section, Cyber Security Research Laboratory, ETRI) ;
  • Goo, Young-Hoon (Korea University Department of Computer and Information Science) ;
  • Sija, Baraka D. (Korea University Department of Computer and Information Science) ;
  • Kim, Myung-Sup (Korea University Department of Computer and Information Science)
  • Received : 2016.07.31
  • Accepted : 2016.09.21
  • Published : 2016.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Internet traffic identification is an essential preliminary step for stable service provision and efficient network management. The payload signature-based-classification is considered as a reliable method for Internet traffic identification. But its performance is highly dependent on the number and the structure of signatures. If the numbers and structural complexity of signatures are not proper, the performance of payload signature-based-classification easily deteriorates. Therefore, in order to improve the performance of the identification system, it is necessary to regulate the numbers of the signature. In this paper, we propose a novel signature quality evaluation method to decide which signature is highly efficient for Internet traffic identification. We newly define the signature quality evaluation criteria and find the highly efficient signature through the method. Quality evaluation is performed in three different perspectives and the weight of each signature is computed through those perspectives values. And we construct the signature map(S-MAP) to find the highly efficient signature. The proposed method achieved an approximately fourfold increased efficiency in application traffic identification.

인터넷 속도의 증가와 다양한 응용의 개발로 인해 인터넷 사용자와 이들이 발생시키는 인터넷 트래픽의 양이 급격히 증가하고 있다. 트래픽 분석에 있어서 트래픽 응용 식별 방법은 페이로드 시그니쳐에 의존적이기 때문에 시그니쳐의 구성이나 개수에 따라 높은 부하와 처리 속도가 느린 단점을 갖는다. 따라서 본 논문에서는 응용 식별을 위한 페이로드 시그니쳐의 중요도를 평가하는 방법과 이를 바탕으로 높은 효율의 시그니쳐를 탐색하는 방법을 제안한다. 각 시그니쳐 별로 3가지 기준을 바탕으로 가중치를 계산하고 계산된 가중치와 시그니쳐 맵을 통해 고효율의 시그니쳐 세트를 탐색한다. 제안하는 방법을 실제 트래픽에 적용했을 때 기존 대비 약 4배의 응용 식별 능력을 가진 높은 효율의 시그니쳐들을 정의할 수 있었다.

Keywords

References

  1. J. S. Park, J. W. Park, S. H. Yoon, Y. S. Oh, and M. S. Kim, "Development of signature generation system and verification network for application level traffic classification," in Proc. KIPS Conf., pp. 1288-1291, Pusan, Korea, Apr. 2009.
  2. S. H. Yoon, H. G. Roh, and M. S. Kim, "Internet application traffic classification using traffic measurement agent," in Proc. KIPS Conf., pp. 618, Jeju Island, Korea, Jul. 2008.
  3. F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," ANCS, San jose, California, USA, Dec. 2006.
  4. C. L. Hayes and Y. Luo, "DPICO: a high speed deep packet inspection engine using compact finite automata," ACM/IEEE Symp. Architecture Netw. Commun. Syst., Orlando, Florida, USA, Dec. 2007.
  5. C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE ANCS '07, pp. 195-203, Orlando, USA, Dec. 2007.
  6. J. S. Park and M. S. Kim, "Performance improvement of application-level traffic classification system using application traffic pattern," in Proc. KICS Int. Conf. Commun., pp. 3-7, Jeju, Korea, Jun. 2011.
  7. J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system using application traffic locality," J. KICS, vol. 38B, no. 7, pp. 519-525, Jul. 2013. https://doi.org/10.7840/kics.2013.38B.7.519
  8. J.-H. Choi, J.-S. Park, and M.-S. Kim, "Processing speed improvement of traffic classification based on payload signature hierarchy," J. KICS, vol. 39B, no. 04, pp. 191-199, Apr. 2014. https://doi.org/10.7840/kics.2014.39B.4.191
  9. C.-S. Park, J.-S. Park, and M.-S. Kim, "Automatic payload signature generation system," J. KICS, vol. 38B, no. 08, pp. 615-622, Aug. 2013. https://doi.org/10.7840/kics.2013.38B.8.615
  10. W.-S. Jung, J.-S. Park, and M.-S. Kim, "Performance improvement of traffic identification by categorizing the signature matching type," J. KICS, vol. 40, no. 07, pp. 1-8, Jul. 2015. https://doi.org/10.7840/kics.2015.40.1.1