DOI QR코드

DOI QR Code

Performance Improvement of the Statistical Information based Traffic Identification System

통계 정보 기반 트래픽 분석 방법론의 성능 향상

  • 안현민 (고려대학교 컴퓨터정보학과) ;
  • 함재현 (고려대학교 컴퓨터정보학과, 국방과학연구소) ;
  • 김명섭 (고려대학교 컴퓨터정보학과)
  • Received : 2013.03.26
  • Accepted : 2013.07.04
  • Published : 2013.08.31

Abstract

Nowadays, the traffic type and behavior are extremely diverse due to the growth of network speed and the appearance of various services on Internet. For efficient network operation and management, the importance of application-level traffic identification is more and more increasing in the area of traffic analysis. In recent years traffic identification methodology using statistical features of traffic flow has been broadly studied. However, there are several problems to be considered in the identification methodology base on statistical features of flow to improve the analysis accuracy. In this paper, we recognize these problems by analyzing the ground-truth traffic and propose the solution of these problems. The four problems considered in this paper are the distance measurement of features, the selection of the representative value of features, the abnormal behavior of TCP sessions, and the weight assignment to the feature. The proposed solutions were verified by showing the performance improvement through experiments in campus network.

네트워크의 고속화와 다양한 서비스의 등장으로 오늘날의 네트워크 트래픽은 복잡 다양해지고 있다. 효율적인 네트워크 관리를 위해서 QoS, SLA와 같은 정책을 적용하기 위해서는 트래픽 분석 중에서도 응용 트래픽 분류의 중요성이 크다. 현재까지 트래픽 분류에 관한 연구가 활발히 진행되어 왔는데 최근에는 플로우의 통계 정보를 이용한 트래픽 분류 방법론이 많이 연구되고 있다. 하지만 플로우의 통계 정보를 이용한 트래픽 분류 방법론에는 필히 고려해야 할 여러 문제점이 있다. 본 논문에서는 정답지 트래픽 분석을 통해 통계 정보 기반 트래픽 분석 방법론의 해결해야 하는 문제점들을 분석하고 그 해결방안에 대해 제안한다. 통계 정보 기반 트래픽 분석 방법론에서 필히 해결해야 할 문제점은 총 네 가지로 Feature들의 거리 측정 방법과 대표값 추출 방법, TCP 세션의 이상동작, 그리고 패킷 별 가중치이다. 제안하는 방법은 선정한 통계 시그니쳐 기반 트래픽 분석 시스템을 이용한 학내 망에서의 실험을 통해 그 성능을 검증한다.

Keywords

References

  1. Myung-Sup Kim, Young J. Won, and James Won-Ki Hong, "Application-Level Traffic Monitoring and an Analysis on IP Networks," ETRI Journal, Vol.27, No.1, Feb., 2005, pp.22-42. https://doi.org/10.4218/etrij.05.0104.0040
  2. Jeffrey Erman, Martin Arlitt, Anirban Mahanti, "Traffic Classification Using Clustering Algorithms," Proc. of SIGCOMM Workshop on Mining network data, Pisa, Italy, Sep., 2006, pp.281-286.
  3. Rentao Gu, Minhuo Hong, Hongxiang Wang, and Yuefeng Ji, "Fast Traffic Classification in High Speed Networks," Proc. of the Asia-Pacific Network Operations and Management Symposium (APNOMS) 2008, LNCS 5297, Beijing, China, Oct. 22-24, 2008, pp.429-432.
  4. Ying-Dar Lina, Chun-Nan Lua, Yuan-Cheng Laib, Wei-Hao Penga and Po-Ching Lina, "Application classification using packet size distribution and port association" Proc. of the Journal of Network and Computer Applications, In Press, Corrected Proof, Available online, March. 20. 2009.
  5. Huifang Feng and Yantai Shu, "Statistical Analysis of Packet Interarrival Times in Wireless LAN," Proc. of the Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference, Shanghai, China, Sept. 21-25, 2007, pp.1888-1891.
  6. Thuy T.T. Nguyen and Grenville Armitage, "A Survey of Techniques for Internet Traffic Classification using Machine Learning," IEEE Communications Surveys and Tutorials, to appear, 2008.
  7. L.Bernaille, R. Teixeira, and K. Salamatian, "Early Application Identification," In: CoNext 2006. Conference on Future Networking Technologies, 2006.
  8. Young T Han, Hong S Park, "Game Traffic Classification Using Statistical Characteristics at the Transport Layer," ETRI Journal, Vol.32, No.1, Feb., 2010, pp.22-32. https://doi.org/10.4218/etrij.10.0109.0236
  9. Gerhard Munz, Hui Dai, Lothar Braun, and Georg Carle, "TCP Traffic Classification Using Markov Models," In Proc. of Traffic Monitoring and Analysis Workshop (TMA) 2010, Zurich, Switzerland, April, 2010.
  10. Valentin Carela-Espanol, Pere Barlet-Ros, Marc Sole-Simo, Alberto Dainotti, Walter de Donato, and Antonio Pescape, "K-dimensional trees for continuous traffic classification," In Proc. of Traffic Monitoring and Analysis Workshop (TMA) 2010, Zurich, Switzerland, April, 2010.
  11. Jin-Wan Park, Myung-Sup Kim, "Performance Improvement of the Statistic Signature based Traffic Identification System", KIPSTC,.18C.4., Aug., 2011, pp.243-250. https://doi.org/10.3745/KIPSTC.2011.18C.4.243
  12. Hyun-Min An, Myung-Sup Kim, "A Method to resolve the Limit of Traffic Classification caused by Abnormal TCP Session", KNOM Review, Vol.15, No.1, Dec., 2012, pp.31-39.
  13. Byung-Chul Park, Young J. Won, Myung-Sup kim, James W. Hong, "Towards Automated Application Signature Generation for Traffic Identification", Proc. of the IEEE/IFIP Network Operations and Management Symposium(NOMS) 2008, Salvador, Bahia, Brazil, April. 7-11, 2008, pp.160-167.

Cited by

  1. Tracking the Source of Cascading Cyber Attack Traffic Using Network Traffic Analysis vol.41, pp.12, 2016, https://doi.org/10.7840/kics.2016.41.12.1771
  2. Service Identification Method for Encrypted Traffic Based on SSL/TLS vol.40, pp.11, 2015, https://doi.org/10.7840/kics.2015.40.11.2160