JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Automatic Payload Signature Generation System
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Automatic Payload Signature Generation System
Park, Cheol-Shin; Park, Jun-Sang; Kim, Myung-Sup;
  PDF(new window)
 Abstract
Fast and accurate signature extraction is essential to improve the performance of the payload signature-based traffic analysis methods. However the slow manual process in extracting signatures make difficult to deal with the rapidly changing application in current Internet environment. Therefore, in this paper we propose a system automatically generating signatures from ground-truth traffic data. In addition, we improve the efficiency of signature extraction by recognizing the application protocol using a protocol filters and generating signatures automatically according to the application-specific protocol contents. In order to verify the validity of the system proposed in this paper, we compared the signatures automatically generated from our system with the signatures manually created for a few popular applications.
 Keywords
Automated Signature Generation;Payload Signature;Signature Generation;Traffic analysis;Traffic Classification;
 Language
Korean
 Cited by
1.
페이로드 시그니쳐 품질 평가를 통한 고효율 응용 시그니쳐 탐색,이성호;김종현;구영훈;;김명섭;

한국통신학회논문지, 2016. vol.41. 10, pp.1301-1308 crossref(new window)
2.
학내 망 자원 효율화를 위한 빅 데이터 트래픽 분석,안현민;이수강;심규석;김익한;진서훈;김명섭;

한국통신학회논문지, 2015. vol.40. 3, pp.541-550 crossref(new window)
3.
네트워크 트래픽 분석을 위한 Snort Content 규칙 자동 생성,심규석;윤성호;이수강;김성민;정우석;김명섭;

한국통신학회논문지, 2015. vol.40. 4, pp.666-677 crossref(new window)
4.
시그니쳐 매칭 유형 분류를 통한 트래픽 분석 시스템의 처리 속도 향상,정우석;박준상;김명섭;

한국통신학회논문지, 2015. vol.40. 7, pp.1339-1346 crossref(new window)
 References
1.
IANA, IANA port number list, Retrieved 3, 2, 2013, from http://www.iana.org/assignments/port-numbers

2.
W. Scheirer and M. Chuah. Comparison of three sliding-window based worm signature generation schemes, Lehigh Univ. Technical Report LU-CSE-05-025, 2005.

3.
T. S. Choi, C. H. Kim, S. H. Yoon, J. S. Park, H. S. Chung, B. J. Lee, H. H. Kim, and T. S. Jeong, "Rate-based internet accounting system using application-aware traffic measurement," in Proc. APNOMS 2003, pp. 404-415, Fukuoka, Japan, Oct. 2003.

4.
J.-S. Park, J.-W. Park, S.-H. Yoon, H.-S. Lee, and M.-S. Kim, "Development of signature generation and update system for application-level traffic classification," J. KIPS, vol. 17C, no. 1, pp. 99-108, Feb. 2010. crossref(new window)

5.
M. Ye, K. Xu, J. Wu, and H. Po. "AutoSig-automatically generating signatures for applications," in Proc. IEEE CIT '09, vol. 2, pp. 104-109, Xiamen, China, Oct. 2009.

6.
C. Mu, X.-H. Huang, X. Tian, Y. Ma, and J.-L. Qi, "Automatic traffic signature extraction based on fixed bit offset algorithm for traffic classification," J. China Univ. Posts Telecommun., vol. 18, no. 2, pp. 79-85, Dec. 2011. crossref(new window)

7.
G. Szabo, Z. Turanyi, L. Toka, S. Molnar, and A. Santos, "Automatic protocol signature generation framework for deep packet inspection," in Proc. ICST VALUETOOLS '11, pp. 291-299, Cachan, France, May 2011.

8.
Wireshark, Wireshark, Retrieved 3, 2, 2013, from http://www.wireshark.org/.

9.
Microsoft, Microsoft Network Monitor 3.4, Retrieved 3, 2, 2013, from http://www.microsoft.com/en-us/download/details.aspx?id=4865.

10.
TCPDUMP & LiBPCAP, LiBPCAP, Retrieved 3, 2, 2013, from http://www.tcpdump.org.

11.
WinPcap, WinPcap, Retrievd 3, 2, 2013, from http://www.winpcap.org.

12.
J.-H. Kim, S.-H. Yoon, and M.-S. Kim, "Research on traffic taxonomy for internet traffic classification," in Proc. APNOMS 2011, pp. 21-23, Taipei, Taiwan, Sep. 2011.