The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Multi-Level based Application Traffic Classification Method

멀티 레벨 기반의 응용 트래픽 분석 방법

  • 오영석 (고려대학교 컴퓨터정보학과) ;
  • 박준상 (고려대학교 컴퓨터정보학과) ;
  • 윤성호 (고려대학교 컴퓨터정보학과) ;
  • 박진완 (고려대학교 컴퓨터정보학과) ;
  • 이상우 (고려대학교 컴퓨터정보학과) ;
  • 김명섭 (고려대학교 컴퓨터정보학과)
  • Received : 2010.06.21
  • Accepted : 2010.07.19
  • Published : 2010.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently as the number of users and application traffic is increasing on high speed network, the importance of application traffic classification is growing more and more for efficient network resource management. Although a number of methods and algorithms for traffic classification have been introduced, they have some limitations in terms of accuracy and completeness. In this paper we propose an application traffic classification based multi-level architecture which integrates several signature-based methods and behavior algorithm, and analyzes traffic using correlation among traffic flows. By strengthening the strength and making up for the weakness of individual methods we could construct a flexible and robust multi-level classification system. Also, by experiments with our campus network traffic we proved the performance and validity of the proposed mechanism.

최근 네트워크의 고속화와 인터넷 사용자의 증가에 따른 네트워크 망의 트래픽 급증으로 네트워크 자원의 효율적인 관리와 응용 기반 트래픽 분석의 중요성이 갈수록 강조되고 있다. 이미 기존의 많은 논문들에서 효율적인 네트워크 자원 관리를 위한 응용 프로그램 별 트래픽 분석에 대한 다양한 방법론과 알고리즘을 제안하고 있지만 각각의 연구는 한계점을 가지고 있다. 본 논문에서는 멀티 레벨 기반의 응용 트래픽 분석 방법론을 제안한다. 본 연구는 Header, Statistic, Payload 시그니쳐 기반 개별 분석 방법론과 Behavior 알고리즘을 이용한 방법론의 결과를 바탕으로 트래픽 상관관계를 적용하여 추가적인 분석이 가능하게 한다. 각각의 분석 방법론을 통합하여 기존 하나의 분석 시스템이 가지는 단점을 보완함으로써 유연하고 견고한 멀티 레벨 분석 시스템을 구축하였다. 또한 검증 시스템을 통해 학내 네트워크에 적용하여 그 타당성을 증명하였다.

Keywords

References

  1. Myung-Sup Kim, Young J.Won, James Won-Ki Hong, "Application-Level Traffic Monitoring and an Analysis on IP Networks", ETRI Journal Vol.27, No.1, Feb. 2005.
  2. S. Sen, J. Wang, "Analyzing peer-to-peer traffic across large networks", Internet Measurement Conference (IMC), Proc. of the 2nd ACM SIGCOMM Workshop on lnternet measurement, pp.137-150, 2002.
  3. W. Li et al. "Efficient application idenlÍfication and the temporal and spatial stability of classification schema", Computer Networks, 2009.doi:10.1016/j.comnet. 2008.11.016.
  4. Thomas Karagiannis, Konstantina Papagiannaki, Michalis Faloutsos. "BLINC: Multilevel Traffic Classification in the Dark", Proc. of SIGCOMM 2005, Philadelphia, PA, Aug. 22-26, 2005.
  5. IANA port number list, IANA, http://www.iana.org/assignments/port-numbers.
  6. Jian Zhang and Andrew Moore, "Traffic Trace Artifacts due to Monitoring Via Port Mirroring," Proc. of the IEEF/IFIP Workshop onEnd-to-End Monitoring Techniques and Services (E2EMON) 2007, Munich, Germany, May 21, 2007.
  7. Risso, F. Baldi, M. Morandi, O. Baldini, A. Monclus, P. "Lightweight, Payload-Based Traffic Classification: An Experimental Evaluatìon," Proc. of the Communications, 2008. ICC '08. IEEE International Conference, 2008.
  8. Jeffrey Erman, Martin Arlitt, Anirban Mahanti, "Traffic Classification Using Clustering Algorithms," Proc. of SIGCOMM Workshop on Mining network data, Pisa, Italy, Sep. 2006, pp.281-286.
  9. Andrew W. Moore and Denis Zuev, "Internet Traffic Classification Using Bayesian Analysis Techniques," Proc. of the ACM SIGMETRICS, Banff, Canada, Jun. 2005.
  10. Thomas Karagiannis, Konstantina Papagiannaki, and Michalis Faloutsos. "BLINC: Multilevel Traffic Classification in the Dark," Proc. of SIGCOMM 2005, Philadelphia, PA, Aug. 22-26, 2005.
  11. Sung-Ho Yoon, Jun-Sang Park, Jin-Wan Park, Sang-woo Lee, Myung-Sup Kim, "Fixed IP-port based Application-Level Internet Traffic Classification" , 정보처리학회논문지 C 제17-C권제2호, April. 2010, pp.205-214.
  12. Jin-wan Park, Sung-ho Yoon, Jun-sang Park, Sang-woo Lee, Myung-sup Kim, "Statistic Signature based Application Traffic Classification", Vol.34, No.11, Nov. 2009, pp.1234-1244.
  13. Jun-Sang Park, Jin-Wan Parκ, Sung-Ho Yoon, Hyun-Shin Lee, Myung-Sup Kim, "Developmen of Signature Generation and Update System for Application-level Traffic Classification" 정보처리학회논문지 C 제17-C권 제1호, Feb. 2010, pp. 99-108.
  14. Liu, Hui Fen, Wenfeng Huang, Yongfeng Li, Xing "Accurate Traffic Classification", Networking, Architecture, and Storage, 2007. NAS 2007. International Conference.
  15. Byung-Chul Park, Young J. Won, Myung-Sup Kim, James W. Hong, "Towards Automated Application Signature Generation for Traffic Identification," Proc. of the IEEF/IFIP Network Operations and Management Symposium(NOMS) 2008, Salvador, Bahia, Brazil, pp.160-167, April. 7-11, 2008.
  16. Hyun-chul Kim, kc claffy, Marina Fomenkov, Dhiman Barman, Michalis Faloutsos, Kì-young Lee, "Internet Traffic Classification Demystified: Myths, Caveats, and the Best Practices" Proc. of ACM SIGCOMM CoNEXT, Madrid, Spain, Dec, 2008