Advanced SearchSearch Tips
Application Traffic Identification Speed Improvement by Optimizing Payload Signature Matching Sequence
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Application Traffic Identification Speed Improvement by Optimizing Payload Signature Matching Sequence
Lee, Sung-Ho; Park, Jun-Sang; Kim, Myung-Sup; Seok, Woojin;
  PDF(new window)
The traffic classification is a preliminary and essential step for stable network service provision and efficient network resource management. However, the payload signature-based method has significant drawbacks in high-speed network environment that the processing speed is much slower than other methods such as header-based and statistical methods. In addition, as signature numbers are increasing, traffic analysis speed also declines because of signature matching method that does not consider analytic efficiency of each signature and traffic occurrence feature. In this paper, we propose a signature list reordering method in order by analytic value of each signature. When we reordered the signature list by the proposed method, we achieved about 30% improvement in speed of the traffic analysis compared with random signature list.
traffic analysis;signature matching;Torrent;Identification;network management;
 Cited by
시그니쳐 매칭 유형 분류를 통한 트래픽 분석 시스템의 처리 속도 향상,정우석;박준상;김명섭;

한국통신학회논문지, 2015. vol.40. 7, pp.1339-1346 crossref(new window)
J. S. Park, J. W. Park, S. H. Yoon, Y. S. Oh, and M. S. Kim, "Development of signature generation system and verification network for application level traffic classification," in Proc. KIPS Conf., pp. 1288-1291, Pusan, Korea, Apr. 2009.

S. H. Yoon, H. G. Roh, and M. S. Kim, "Internet application traffic classification using traffic measurement agent," in Proc. KICS Summer Conf., pp. 1747-1750, Jeju Island, Korea, Jul. 2008.

S.-H. Yoon and M.-S. Kim, "Research on signature maintenance method for internet application traffic identification using header signatures," J. KICS, vol. 36 no. 6, pp. 600- 607, Jun. 2011. crossref(new window)

R. Antonello, S. Fernandes, D. Sadok, and J. Kelner, "Characterizing signature sets for testing DPI systems," in Proc. IEEE GLOBECOM Management of Emerging Networks and Services Workshop, pp. 678- 683, Houston, TX, USA, Dec. 2011.

Y. Jin, N. Duffield, J. Erman, P. Haffner, S. Sen, and Z.-L. Zhang, "A modular machine learning system for flow-level traffic classification in large networks," ACM Trans. Knowledge Discovery from Data, vol. 6, no. 1, pp. 1-34, Mar. 2012.

S.-H. Yoon and M.-S. Kim, "Behavior signature for big data traffic identification," in Proc. Int. Conf. Big Data and Smart Comput. (BigComp), pp. 261-266, Bangkok, Thailand, Jan. 2014.

F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '06), pp. 93-102, San Jose, USA, Dec. 2006.

C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 195-203, Orlando, USA, Dec. 2007.

G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis, "Regular expression matching on graphics hardware for intrusion detection," in Proc. 12th Int. Symp. Recent Advances Intrusion Detection (RAID '09), pp. 265-283, Saint-Malo, France, Sept. 2009.

T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd Ed., MIT Press and McGraw-Hill, 2001.

J.-H. Choi and M.-S. Kim, "Processing speed improvement of traffic classification based on payload signature hierarchy," in Proc. Asia-Pacific Network Operations and Management Symp.(APNOMS), Hiroshima, Japan, Sept. 2013.

S.-H. Yoon and M.-S. Kim, "Performance improvement of a real-time traffic identification system on a multi-core CPU environment," J. KICS, vol. 37B, no. 5, pp. 348-356, May 2012.

A. Mitra, W. Najjar, and L. Bhuyan, "Compiling PCRE to FPGA for accelerating SNORT IDS," in Proc. 3rd ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 127-136, Orlando, USA, Dec. 2007.

J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system using application traffic locality," J. KICS, vol. 38B, no. 7, pp. 519-525, Jul. 2013. crossref(new window)

J. S. Park, S. H. Yoon, M. S. Kim, "Software architecture for a lightweight payload signature-based traffic classification system," in Proc. Traffic Monitoring and Anal. Workshop, pp. 136-149, Vienna, Austria, Apr. 2011.

J. S. Park and M. S. Kim, "Performance improvement of application-level traffic classification system using application traffic pattern," in Proc. KICS Summer Conf., pp. 3-7, Jeju, Korea, Jun. 2011.