KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Web Application Awareness using HTTP Host

HTTP Host를 이용한 웹 어플리케이션 인식에 관한 연구

  • 최지혁 (고려대학교 컴퓨터정보학과) ;
  • 김명섭 (고려대학교 컴퓨터정보학과)
  • Received : 2013.02.13
  • Accepted : 2013.05.31
  • Published : 2013.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Today's network traffic has become extremely complex and diverse since the speed of network became faster and a variety of application services appear. Moreover, many applications appear and disappear fast and continuously. However, the current traffic classification system does not give much attention to this dynamic change of applications. In this paper, we propose an application awareness system in order to solve this problem. The application awareness system can provide the information, such as the usage trend of conventional applications and the emergence of new applications by recognizing the application name in a rapidly changing network environment. In order to recognize the application name, the Host field of HTTP protocol has been utilized. The proposed mechanism consists of two steps. First, the system generates the candidates of application name by extracting the domain name from the Host field in HTTP packet. Second, the administrator confirms the name afterward. The validity of the proposed system has been proved through the experiments in campus network.

네트워크의 고속화와 다양한 응용 서비스의 등장으로 오늘날의 네트워크 트래픽은 복잡해지고 다양해졌다. 지금 이 순간에도 수 많은 응용들이 나타나고 사라지기를 반복하고 있는데, 이러한 다양한 트래픽의 변화에 현재의 트래픽 분류 시스템은 빠르게 대처 하지 못하고 있다. 본 논문에서는 이러한 문제점을 해결하기 위해 새롭게 출현하는 응용에 빠르게 대처할 수 있는 응용 인식 시스템을 제안한다. 응용 인식 시스템은 빠르게 변화하는 네트워크 환경에서 응용프로그램들의 이름을 인식하여 새로운 응용의 출현과 기존 응용의 변화 추이 등의 정보를 제공한다. 본 논문에서 빠르고 정확한 응용 인식을 위해 HTTP 프로토콜의 Host 필드를 이용한다. Host 필드의 domain정보를 추출하여 응용의 이름을 임시로 정하고 추후 관리자의 개입을 통해 응용의 이름을 확정 짓는 구조이다. 단순히 응용의 이름만을 알아내는데 그치지 않고 응용마다 고유의 Client IP를 카운팅하여 분석 대상 망에서 많이 사용된 응용들을 알아 낼 수 있다. 또한 응용 인식을 통해 나온 응용들을 트래픽 분류 시스템에 등록하여 기존에 분석 되지 않았던 새로운 응용들에 대한 분석도 가능하게 된다. 제안한 방법은 학내 망에서의 실험을 통해 결과를 도출하고 시나리오 별로 결과를 나눠서 분석함으로써 타당성을 증명하였다.

Keywords

References

  1. Myung-Sup Kim, Young J. Won, and James Won-Ki Hong, "Application-Level Traffic Monitoring and an Analysis on IP Networks," ETRI Journal, Vol.27, No.1, Feb., 2005, pp.22-42. https://doi.org/10.4218/etrij.05.0104.0040
  2. Jun-Sang Park, Jin-Wan Park, Sung-Ho Yoon, Young-Seok Oh, Myung-Sup Kim, "Development of signature Generation system and Verification Network for Application Level Traffic classification", Conference of Korea Information Communication Society, Apr. 23-24, 2009, pp.1288-1291.
  3. W. Li et al."Efficient application identificationand the temporal and spatial stability of classification schema", Computer Networks, 2009.doi:10.1016/j.comnet.2008.11.016.
  4. Thomas Karagiannis, Konstantina Papagiannaki, Michalis Faloutsos. "BLINC: Multilevel Traffic Classification in the Dark", Proc. of SIGCOMM 2005, Philadelphia, PA, Aug. 22-26, 2005.
  5. IANA port number list, IANA, http://www.iana.org/assignments/port-numbers.
  6. Jian Zhang and Andrew Moore, "Traffic Trace Artifacts due to Monitoring Via Port Mirroring," Proc. of the IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services (E2EMON) 2007, Munich, Germany, May 21, 2007.
  7. Risso, F. Baldi, M. Morandi, O. Baldini, A.Monclus, P. "Lightweight, Payload-Based Traffic Classification:An Experimental Evaluation," Proc. of the Communications, 2008. ICC '08. IEEE International Conference, 2008.
  8. Jeffrey Erman, Martin Arlitt, Anirban Mahanti,"Traffic Classification Using Clustering Algorithms," Proc. of SIGCOMM Workshop on Mining network data, Pisa, Italy, Sep., 2006, pp.281-286.
  9. Andrew W. Moore and Denis Zuev, "Internet Traffic Classification Using Bayesian Analysis Techniques," Proc. of the ACM SIGMETRICS, Banff, Canada, Jun., 2005.
  10. Thomas Karagiannis, Konstantina Papagiannaki, and Michalis Faloutsos. "BLINC: Multilevel Traffic Classification in the Dark," Proc. of SIGCOMM 2005, Philadelphia, PA, Aug. 22-26, 2005.
  11. Liu, Hui Feng, Wenfeng Huang, Yongfeng Li, Xing "Accurate Traffic Classification", Networking, Architecture, and Storage, 2007. International Conference
  12. Hyun-chul Kim, kc claffy, Marina Fomenkov, Dhiman Barman, Michalis Faloutsos, Ki-young Lee, "Internet Traffic Classification Demystified: Myths, Caveats, and the Best Practices" Proc. of ACM SIGCOMM CoNEXT, Madrid, Spain, Dec., 2008.
  13. Young-suk Oh, Jun-sang Park, Sung-ho Yoon, Jin-wan Park, Sang-woo Lee, Myung-sup Kim, "Multi-Level basd Application Traffic Classification Method", The Korean Institute of Communications and Information Science, Vol.35, No.8, pp.1170-1178.
  14. Jin-Wan Park, Myung-Sup Kim, "Performance Improvement of the Statistic Signature based Traffic Identification System", Conference of Korea Information Communication Society, Aug., 2011.
  15. Hyun-Min An, ji-hyeok Choi, Myung-Sup Kim, "A Method to resolve the Limit of Traffic Classification caused by Abnormal TCP Session", KNOM Review, Vol.15, No.1, Dec., 2012, pp.31-39.
  16. Hyun-Min An, Min Hur, Myung-Sup Kim, "A Study on the Limit of Traffic Classification using Payload Size Distribution caused by Abnormal TCP Session", The Korean Institute of Communications and Information Science, Jun. 20-22, 2012, pp.347-348.
  17. Ji-hyeok Choi, Sung-Ho Yoon, Myung-Sup Kim, "A study on signature extraction method for application-level traffic classification", The Korean Institute of Communications and Information Science, Feb. 8-10, 2012.
  18. Ji-Hyeok Choi, Jun-Sang Park, Myung-Sup Kim, "A Study on Awareness of Application using HTTP Traffic", The Korean Institute of Communications and Information Science, Jun. 20-22, 2012, pp.1000-1001.