The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Performance Improvement of the Statistic Signature based Traffic Identification System

통계 시그니쳐 기반 트래픽 분석 시스템의 성능 향상

  • 박진완 (고려대학교 컴퓨터정보학과) ;
  • 김명섭 (고려대학교 컴퓨터정보학과)
  • Received : 2011.01.24
  • Accepted : 2011.05.17
  • Published : 2011.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services on Internet, which makes the need of traffic identification important for efficient operation and management of network. In recent years traffic identification methodology using statistical features of flow has been broadly studied. We also proposed a traffic identification methodology using payload size distribution in our previous work, which has a problem of low completeness. In this paper, we improved the completeness by solving the PSD conflict using IP and port. And we improved the accuracy by changing the distance measurement between flow and statistic signature from vector distance to per-packet distance. The feasibility of our methodology was proved via experimental evaluation on our campus network.

네트워크의 고속화와 다양한 서비스의 등장으로 오늘날의 네트워크 트래픽은 복잡 다양해지고 있다. 효율적인 네트워크 관리를 위해서는 네트워크에서 발생하는 트래픽에 대한 다양한 분석이 필요하다. QoS, SLA와 같은 정책을 적용하기 위해서는 트래픽 분석 중에서도 트래픽 분류의 중요성이 크다. 현재까지 트래픽 분류에 관한 연구가 활발히 진행되어 왔는데 최근에는 플로우의 통계 정보를 이용한 트래픽 분류 방법론이 많이 연구되고 있다. 본 논문에서는 기존 연구에서 제안한 페이로드 크기 분포를 이용한 트래픽 분류 방법의 문제점인 낮은 분석률 및 정확도를 향상시키는 방법을 제안한다. 본 논문에서 제안하는 방법은 PSD 충돌로 인해 분류하지 못하는 트래픽을 IP와 port정보를 이용하여 추가적으로 분류하여 분석률을 향상시키고 기존 분류 방법에서 트래픽 분류를 위해 사용되던 플로우와 시그니쳐 사이의 거리 측정 방법을 벡터 거리 측정에서 패킷 별 거리 측정으로의 변경으로 통해 분류 방법의 정확도를 향상시킨다. 제안한 방법은 학내 망에서의 실험을 통해 기존 알고리즘에 비해 향상된 알고리즘의 성능을 검증한다.

Keywords

References

  1. Myung-Sup Kim, Young J. Won, and James Won-Ki Hong, "Application-Level Traffic Monitoring and an Analysis on IP Networks," ETRI Journal, Vol.27, No.1, Feb., 2005, pp.22-42. https://doi.org/10.4218/etrij.05.0104.0040
  2. Jeffrey Erman, Martin Arlitt, Anirban Mahanti, "Traffic Classification Using Clustering Algorithms," Proc. of SIGCOMM Workshop on Mining network data, Pisa, Italy, Sep., 2006, pp.281-286.
  3. Rentao Gu, Minhuo Hong, Hongxiang Wang, and Yuefeng Ji, "Fast Traffic Classification in High Speed Networks," Proc. of the Asia-Pacific Network Operations and Management Symposium (APNOMS) 2008, LNCS 5297, Beijing, China, Oct., 22-24, 2008, pp.429-432.
  4. Ying-Dar Lina, Chun-Nan Lua, Yuan-Cheng Laib, Wei-Hao Penga and Po-Ching Lina, "Application classification using packet size distribution and port association" Proc. of the Journal of Network and Computer Applications, In Press, Corrected Proof, Available online, March, 20. 2009.
  5. Huifang Feng and Yantai Shu, "Statistical Analysis of Packet Interarrival Times in Wireless LAN," Proc. of the Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference, Shanghai, China, Sept. 21-25, 2007, pp.1888-1891.
  6. Thuy T.T. Nguyen and Grenville Armitage, "A Survey of Techniques for Internet Traffic Classification using Machine Learning," IEEE Communications Surveys and Tutorials, to appear, 2008. https://doi.org/10.1109/SURV.2008.080406
  7. L.Bernaille, R. Teixeira, and K. Salamatian, "Early Application Identification," In: CoNext 2006. Conference on Future Networking Technologies., 2006.
  8. Young-Tae Han and Hong-Shik Park, "Game Traffic Classification Using Statistical Characteristics at the Transport Layer," ETRI Journal, Vol.32, No.1, Feb., 2010, pp.22-32. https://doi.org/10.4218/etrij.10.0109.0236
  9. Gerhard Munz, Hui Dai, Lothar Braun, and Georg Carle, "TCP Traffic Classification Using Markov Models," In Proc. of Traffic Monitoring and Analysis Workshop (TMA) 2010, Zurich, Switzerland, April, 2010.
  10. Valentin Carela-Espanol, Pere Barlet-Ros, Marc Sole-Simo, Alberto Dainotti, Walter de Donato, and Antonio Pescape, "K-dimensional trees for continuous traffic classification," In Proc. of Traffic Monitoring and Analysis Workshop (TMA) 2010, Zurich, Switzerland, April, 2010.
  11. 박진완, 윤성호, 박준상, 이상우, 김명섭, "통계 시그니쳐 기반의 응용 트래픽 분류", 통신학회논문지 Vol.34 No.11, , Nov., 2009, pp.1234-1244.
  12. Byung-Chul Park, Young J. Won, Myung-Sup Kim, James W. Hong, "Towards Automated Application Signature Generation for Traffic Identification," Proc. of the IEEE/IFIP Network Operations and Management Symposium (NOMS) 2008, Salvador, Bahia, Brazil, April. 7-11, 2008, 160-167. https://doi.org/10.1109/NOMS.2008.4575130
  13. Ying-Dar Lina, Chun-Nan Lua, Yuan-Cheng Laib, Wei-Hao Penga and Po-Ching Lina, "Application classification using packet size distribution and port association" Proc. of the Journal of Network and Computer Applications, In Press, Corrected Proof, Available online, March, 20. 2009.
  14. Huifang Feng, Yantai Shu, "Statistical Analysis of Packet Interarrival Times in Wireless" Proc. of the Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference, Shanghai, China, Sept., 21-25, 2007, pp.1888-1891. https://doi.org/10.1109/WICOM.2007.473
  15. Jacobus van der Merwe, Ramon Caceres, Yang-hua Chu, and Cormac Sreenan "mmdump - A Tool for Monitoring Internet Multimedia Traffic," ACM Computer Communication Review, 30(4), October, 2000.
  16. Hun-Jeong Kang, Myung-Sup Kim, and James Won-Ki Hong, "Streaming Media and Multimedia Conferencing Traffic Analysis Using Payload Examination," ETRI Journal, Vol.26, No.3, Jun., 2004, pp.203-217 https://doi.org/10.4218/etrij.04.0103.0052
  17. Y.J. Won, B.C. Park, H.T. Ju, M.S. Kim, and J. W. Hong. "A hybrid approach for accurate application traffic identification," In IEEE/IFIP E2EMON, April, 2006. https://doi.org/10.1109/E2EMON.2006.1651273
  18. Sung-Ho Yoon, Jin-Wan Park, Young-Seok Oh, Jun-Sang Park, and Myung-Sup Kim, "Internet Application Traffic Classification Using Fixed IP-port," Proc. of the Asia-Pacific Network Operations and Management Symposium (APNOMS) 2009, LNCS5787, Jeju, Korea, Sep., 23-25, 2009, pp.21-30.

Cited by

  1. Performance Improvement of the Statistical Information based Traffic Identification System vol.2, pp.8, 2013, https://doi.org/10.3745/KTCCS.2013.2.8.335
  2. A Method to Resolve TCP Packet Out-of-order and Retransmission Problem at the Traffic Collection Point vol.39B, pp.6, 2014, https://doi.org/10.7840/kics.2014.39B.6.350