• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.615-622
• /
• 2013

Fast and accurate signature extraction is essential to improve the performance of the payload signature-based traffic analysis methods. However the slow manual process in extracting signatures make difficult to deal with the rapidly changing application in current Internet environment. Therefore, in this paper we propose a system automatically generating signatures from ground-truth traffic data. In addition, we improve the efficiency of signature extraction by recognizing the application protocol using a protocol filters and generating signatures automatically according to the application-specific protocol contents. In order to verify the validity of the system proposed in this paper, we compared the signatures automatically generated from our system with the signatures manually created for a few popular applications.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.99-108
• /
• 2010

The traffic classification is a preliminary but essentialstep for stable network service provision and efficient network resource management. While various classification methods have been introduced in literature, the payload signature-based classification is accepted to give the highest performance in terms of accuracy, completeness, and practicality. However, the collection and maintenance of up-to-date signatures is very difficult and time consuming process to cope with the dynamics of Internet traffic over time. In this paper, We propose an automatic payload signature generation mechanism which reduces the time for signature generation and increases the granularity of signatures. Furthermore, We describe a signature update system to keep the latest signatures over time. By experiments with our campus network traffic we proved the feasibility of our mechanism.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1288-1291
• /
• 2009

네트워크 트래픽 모니터링과 분석은 엔터프라이즈 네트워크의 효율적인 운영과 안정적 서비스를 제공하기 위한 필수적인 요소이다. 다양한 트래픽 분석 방법 중 시그니쳐 기반의 분석 방법은 가장 높은 분석률을 보이지만 모든 시그니쳐를 수작업으로 추출하기 때문에 응용프로그램의 변화와 출현에 유연하게 대응하지 못한다. 따라서 본 논문에서는 응용프로그램 시그니쳐 생성 과정의 단점을 보완할 수 있는 시그니쳐 자동 생성 시스템을 제안한다. 응용프로그램 시그니쳐는 페이로드 내의 고유한 바이트 시퀀스로 정의하며 응용프로그램이 발생시키는 모든 트래픽을 대상으로 추출한다. 또한 생성 시스템의 실효성을 증명할 수 있는 검증 시스템 및 검증 네트워크를 제시한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.98-107
• /
• 2017

In these days, the increase of applications that highly use network resources has revealed the limitations of the current research phase from the traffic classification for network management. Various researches have been conducted to solutions for such limitations. The representative study is automatic finding of the common pattern of traffic. However, since the study of automatic signature generation is a semi-automatic system, users should collect the traffic. Therefore, these limitations cause problems in the traffic collection step leading to untrusted accuracy of the signature verification process because it does not contain any of the generated signature. In this paper, we propose an automated traffic collection, signature management, signature generation and signature verification process to overcome the limitations of the automatic signature update system. By applying the proposed method in the campus network, actual traffic signatures maintained the completeness with no false-positive.

• The Journal of the Korea Contents Association
• /
• v.7 no.11
• /
• pp.94-101
• /
• 2007

We introduce the way to detect the mutation worm. We implemented the program that can generate signature using LCSeq(Longest Common Subsequence) technique in Suffix Tree studied as pattern recognition algorithm. We also showed the process to detect the mutation of CodeRed worm and Nimda worm and evaluated signatures generated by snort and LCSeq.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.7 no.6
• /
• pp.1206-1213
• /
• 2006

Fast detection and automatic generation of worm signatures are essential to contain zero-day worms because the speed of self-propagating worms is too fast for humans to respond. In this paper, we propose an automatic signature generation method against worm's attack, and show the effectiveness of the proposed method by implementing it and appling it to the DHT based network and generating the worm signatures for it.

• The Journal of the Korea Contents Association
• /
• v.6 no.1
• /
• pp.151-159
• /
• 2006

This paper studied active response policy generation scheme in intrusion detection system. We considered seven requirements of intrusion detection system for active response with components as the preceding study We presented the scheme which I can generate signature with a base with integrate one model with NIDS and ADS. We studied detection of the Unknown Attack which was active, and studied scheme for generated to be able to do signature automatically through Unknown Attack detection.

• Journal of Information Technology and Architecture
• /
• v.10 no.1
• /
• pp.101-111
• /
• 2013

Internet traffic volume has been increasing rapidly due to popularization of various smart devices and Internet development. In particular, HTTP-based traffic volume of smart devices is increasing rapidly in addition to desktop traffic volume. The increased mobile traffic can cause serious problems such as network overload, web security, and QoS. In order to solve these problems of the Internet overload and security, it is necessary to accurately detect applications. Traditionally, well-known port based method is utilized in traffic classification. However, this method shows low accuracy since P2P applications exploit a TCP/80 port, which is used for the HTTP protocol; to avoid firewall or IDS. Signature-based method is proposed to solve the lower accuracy problem. This method shows higher analysis rate but it has overhead of signature generation. Also, previous signature-based study only analyzes applications in HTTP protocol-level not application-level. That is, it is difficult to identify application name. Therefore, previous study only performs protocol-level analysis. In this paper, we propose a signature generation method to classify HTTP-based traffics in application-level using the characteristics of typical semi HTTP header. By applying our proposed method to campus network traffic, we validate feasibility of our method.

• The KIPS Transactions:PartD
• /
• v.11D no.2
• /
• pp.247-258
• /
• 2004

Recently, there have been researches on storage and retrieval technique of moving objects, which are highly concerned by user in database application area such as video databases, spatio-temporal databases, and mobile databases. In this paper, we propose a new signature-based indexing scheme which supports similar sub-trajectory retrieval at well as good retrieval performance on moving objects trajectories. Our signature-based indexing scheme is classified into concatenated signature-based indexing scheme for similar sub-trajectory retrieval, entitled CISR scheme and superimposed signature-based indexing scheme for similar sub-trajectory retrieval, entitled SISR scheme according to generation method of trajectory signature based on trajectory data of moving object. Our indexing scheme can improve retrieval performance by reducing a large number of disk access on data file because it first scans all signatures and does filtering before accessing the data file. In addition, we can encourage retrieval efficiency by appling k-warping algorithm to measure the similarity between query trajectory and data trajectory. Final]y, we evaluate the performance on sequential scan method(SeqScan), CISR scheme, and SISR scheme in terms of data insertion time, retrieval time, and storage overhead. We show from our experimental results that both CISR scheme and SISR scheme are better than sequential scan in terms of retrieval performance and SISR scheme is especially superior to the CISR scheme.

• Journal of Broadcast Engineering
• /
• v.24 no.6
• /
• pp.956-964
• /
• 2019

In the age of personal media such as YouTube and Twitch, individual media content creation and consumption have become simpler. A huge amount of media content is created and consumed through platform services. In this regard, interest in copyright of media contents is increasing. In particular, the sound source is an indispensable element in almost all media contents production. In this paper, we propose a method to store the sound source and its signature using blockchain and distributed storage system to verify the copyright of music contents. We Identify the possibility of including the audio signature extraction result of the sound source as blockchain transaction data. Through experiments, we compare the input and output speed when the sound source and its signature are stored in the distributed storage system.