Advanced SearchSearch Tips
Performance Improvement of Traffic Identification by Categorizing Signature Matching Type
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Performance Improvement of Traffic Identification by Categorizing Signature Matching Type
Jung, Woo-Suk; Park, Jun-Sang; Kim, Myung-Sup;
  PDF(new window)
The traffic identification is a preliminary and essential step for stable network service provision and efficient network resource management. While a number of identification methods have been introduced in literature, the payload signature-based identification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method's processing speed is much slower than other identification method such as header-based and statistical methods. In this paper, we first classifies signatures by matching type based on range, order, and direction of packet in a flow which was automatically extracted. By using this classification, we suggest a novel method to improve processing speed of payload signature-based identification by reducing searching space.
traffic analysis;signature matching type;payload signature;processing speed;
 Cited by
페이로드 시그니쳐 품질 평가를 통한 고효율 응용 시그니쳐 탐색,이성호;김종현;구영훈;;김명섭;

한국통신학회논문지, 2016. vol.41. 10, pp.1301-1308 crossref(new window)
K-평균 클러스터링을 이용한 네트워크 유해트래픽 탐지,신동혁;안광규;최성춘;최형기;

한국통신학회논문지, 2016. vol.41. 2, pp.277-284 crossref(new window)
C.-S. Park, J.-S. Park, and M.-S. Kim, "Automatic payload signature generation system," J. KICS, vol. 38B, no. 08, pp. 615-622, Aug. 2013. crossref(new window)

J.-H. Choi, J.-S. Park, and M.-S. Kim, "Processing speed improvement of http traffic classification based on hierarchical structure of signature," J. KICS, vol. 39B, no. 04, pp. 191-199, Apr. 2014. crossref(new window)

F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '06), pp. 93-102, San Jose, USA, Dec. 2006.

C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 195-203, Orlando, USA, Dec. 2007.

G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis, "Regular expression matching on graphics hardware for intrusion detection," in Proc. 12th Int. Symp. Recent Advances Intrusion Detection (RAID '09), pp. 265-283, Saint-Malo, France, Sept. 2009.

T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd Ed., MIT Press and McGraw-Hill, 2001.

J.-S. Park, S.-H. Yoon, J.-W. Park, H.-S. Lee, S.-W. Lee, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system," J. KICS, vol. 35, no. 09, pp. 1287-1294, Sept. 2010.

J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of signature-based traffic classification system by optimizing the search space," J. KSII, vol. 12, no. 3, pp. 89-99, Jun. 2011.

S.-H. Lee, J.-S. Park, M.-S. Kim, and W.-J. Seok, "Application traffic identification speed improvement by optimizing payload signature matching sequence," J. KICS, vol. 40, no. 03, pp. 575-585, Mar. 2013.