The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Performance Improvement of Traffic Identification by Categorizing Signature Matching Type

시그니쳐 매칭 유형 분류를 통한 트래픽 분석 시스템의 처리 속도 향상

  • Jung, Woo-Suk (Dept. of Computer and Information Science, Korea University) ;
  • Park, Jun-Sang (Dept. of Computer and Information Science, Korea University) ;
  • Kim, Myung-Sup (Dept. of Computer and Information Science, Korea University)
  • Received : 2015.04.21
  • Accepted : 2015.06.18
  • Published : 2015.07.31
Download PDF
⟨ Previous Next ⟩

Abstract

The traffic identification is a preliminary and essential step for stable network service provision and efficient network resource management. While a number of identification methods have been introduced in literature, the payload signature-based identification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method's processing speed is much slower than other identification method such as header-based and statistical methods. In this paper, we first classifies signatures by matching type based on range, order, and direction of packet in a flow which was automatically extracted. By using this classification, we suggest a novel method to improve processing speed of payload signature-based identification by reducing searching space.

응용 레벨 트래픽 분석은 네트워크의 효율적인 운영과 안정적인 서비스 제공을 위한 필수적인 요소이다. 응용 레벨 트래픽 분석을 위한 다양한 방법이 존재하지만 분류의 정확성, 분석률, 실용성을 고려했을 때 페이로드 시그니쳐 기반 분석 방법이 가장 높은 성능을 보인다. 하지만 페이로드 시그니쳐 기반 분석 방법은 다른 방법론에 비해 처리속도가 느리다는 단점이 있다. 본 논문에서는 각 시그니쳐가 페이로드에 매칭 되는 범위와 패킷의 순서 그리고 방향성과 같은 Offset value을 자동으로 추출하고 활용하여 시그니쳐를 매칭 유형별로 분류한다. 유형별로 분류된 시그니쳐에 최적화된 탐색범위를 지정하여 탐색범위를 최적화함으로써 페이로드 시그니쳐 기반 분석 방법의 처리 속도를 향상 시키는 방법을 제안한다.

Keywords

References

  1. C.-S. Park, J.-S. Park, and M.-S. Kim, "Automatic payload signature generation system," J. KICS, vol. 38B, no. 08, pp. 615-622, Aug. 2013. https://doi.org/10.7840/kics.2013.38B.8.615
  2. J.-H. Choi, J.-S. Park, and M.-S. Kim, "Processing speed improvement of http traffic classification based on hierarchical structure of signature," J. KICS, vol. 39B, no. 04, pp. 191-199, Apr. 2014. https://doi.org/10.7840/kics.2014.39B.4.191
  3. F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '06), pp. 93-102, San Jose, USA, Dec. 2006.
  4. C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 195-203, Orlando, USA, Dec. 2007.
  5. G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis, "Regular expression matching on graphics hardware for intrusion detection," in Proc. 12th Int. Symp. Recent Advances Intrusion Detection (RAID '09), pp. 265-283, Saint-Malo, France, Sept. 2009.
  6. T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd Ed., MIT Press and McGraw-Hill, 2001.
  7. J.-S. Park, S.-H. Yoon, J.-W. Park, H.-S. Lee, S.-W. Lee, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system," J. KICS, vol. 35, no. 09, pp. 1287-1294, Sept. 2010.
  8. J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of signature-based traffic classification system by optimizing the search space," J. KSII, vol. 12, no. 3, pp. 89-99, Jun. 2011.
  9. S.-H. Lee, J.-S. Park, M.-S. Kim, and W.-J. Seok, "Application traffic identification speed improvement by optimizing payload signature matching sequence," J. KICS, vol. 40, no. 03, pp. 575-585, Mar. 2013.

Cited by

  1. K-평균 클러스터링을 이용한 네트워크 유해트래픽 탐지 vol.41, pp.2, 2016, https://doi.org/10.7840/kics.2016.41.2.277