한국정보통신학회논문지 (Journal of the Korea Institute of Information and Communication Engineering)

  • 제22권5호
  • /
  • Pages.794-804
  • /
  • 2018
  • /
  • 2234-4772(pISSN)
  • /
  • 2288-4165(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

패킷 페이로드 내 특정 패턴 탐지 알고리즘들의 성능 분석에 관한 연구

Performance Analysis of Detection Algorithms for the Specific Pattern in Packet Payloads

  • Jung, Ku-Hyun (Department of Electronics, Information and Communications Engineering, Daejeon University) ;
  • Lee, Bong-Hwan (Department of Electronics, Information and Communications Engineering, Daejeon University) ;
  • Yang, Dongmin (Graduate School of Archives and Records Management, Chonbuk National University)
  • 투고 : 2018.02.12
  • 심사 : 2018.04.23
  • 발행 : 2018.05.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

컴퓨터에서 실행되는 다양한 응용들은 네트워크를 통해 패킷 형태로 정보를 전달하며 대부분의 패킷들은 TCP/IP 또는 UDP/IP 프로토콜을 따른다. 기업 및 기관의 네트워크 관리 담당자는 네트워크 트래픽 측정 및 감시, 네트워크 보안 등을 위해서 네트워크를 통해 전달되는 패킷들을 지속적으로 관리할 수 있어야 한다. 본 논문에서는 실제 전달되는 데이터를 면밀히 조사하는 DPI(Deep Packet Inspection)에서 페이로드의 특정 패턴을 검색하는 패킷 페이로드 분석 알고리즘들의 성능 분석하는 것을 목적으로 하고 있다. 페이로드를 조사하는 가장 기본적인 과정은 특정 패턴을 페이로드에서 신속하게 검색하는 것이다. 본 논문에서는 페이로드에 특정 패턴이 존재하는 경우, 그 패턴을 검출할 수 있는 여러 알고리즘들을 소개하고, 세 가지 관점에서 수학적으로 성능을 분석하고, 응용프로그램의 목적에 적합한 적용 방안을 제시한다.

Various applications running in computers exchange information in the form of packets through the network. Most packets are formatted into UDP/IP or TCP/IP standard. Network management administrators of enterprises and organizations should be able to monitor and manage packets transmitted over the network for Internet traffic measurement & monitoring, network security, and so on. The goal of this paper is to analyze the performance of several algorithms which closely examine and analyze payloads in a DPI(Deep Packet Inspection) system. The main procedure of packet payload analysis is to quickly search for a specific pattern in a payload. In this paper, we introduce several algorithms which detect a specific pattern in payloads, analyze the performance of them from three perspectives, and suggest an application method suitable for requirements of a given DPI system.

키워드

참고문헌

  1. S.-C. Seo, N.-Y. Ko, "A traffic analysis of Gigabit Ethernet high-speed network design," Journal of the Korea Institute of Information and Communication Engineering, vol. 6, no. 1, pp.48-54, Feb. 2002.
  2. J.-H. Kim, M.-S Kim, "Research on Traffic Classification based on DNS Packet Analysis," Korean Network Operations and Management Review, vol. 13, no. 2, Oct. 2010
  3. Y.-H. Goo, S.-O. Choi, S.-K. Lee, S.-M. Kim, M.-S. Kim, "A Method for Tracking the Source of Cascading Cyber Attack Traffic Using Network Traffic Analysis," The Journal of Korean Institute of Communications and Information Sciences '16-12, vol. 41 no.12, Dec. 2016.
  4. K.-S. Shim, S.-H. Yoon, M.-S. Kim, "The Payload Signature Management System for Network Management on Real-Time," in Proceedings of Korean Information and Communications Society, the summer conference 2015, Ramada Plaza, Jeju, Jun. 23-25, 2015.
  5. A. Hashmi, H. Berry, O. Temam, and M. Lipasti, "IP traceback based on packet marking and logging," in Proceedings of 2005 IEEE International Conference on Communications, Seoul, South Korea, 2005.
  6. B. K. Kim, S. Y. Yoon, J. T. Oh, and J. S. Jang, "High-Performance Intrusion Detection Technology in FPGA-Based Reconfiguration Hardware," ETRI Electronics and Telecommunications Trends, vol. 22, no. 1, pp. 51-58, Feb. 2007.
  7. Vaddempudi Srinidhi, "Classification of User Behaviour in Mobile Internet", Asia-pacific Journal of Convergent Research Interchange, Asia-pacific Journal of Convergent Research Interchange, vol. 2, no. 2, June (2016), pp. 9-18
  8. J.-H. Sung, K.-H. Kim, T.-G. Kwon, B.-T. Kim, "Efficient Contents Filtering Algorithm with TCAM," in Proceedings of Joint Conference on Communications and Information 2005.
  9. B.-H. Chung, S.-H Ryu, J.-D. Lim, Y.-H. Kim, K.-Y Kim, Intrusion detection method in network system, KR100656403B1, 2006.
  10. Y.-H. Goo, K.-S. Shim, S.-H. Lee, Baraka D. Sjia, M.-S. Kim, "Traffic-Classification Method Using the Correlation of the Network Flow," Journal of Korean Institute of Information Scientists and Engineers, vol. 44, no. 4, pp. 433-438, Apr. 2017.
  11. Y.-H. Goo, S.-H. Lee, K.-S. Shim, W.-S. Jung, S.-M. Kim, M.-S. Kim, "Multi-demensional Application Traffic Analysis using Flow Characteristic," in Proceedings of Korean Information and Communications Society Winter Conference 2017, High1 Resort, Kangwon, Jan. 18-20, 2017.
  12. Snort [Internet]. Available: https://www.snort.org/.
  13. The industry-standard windows packet capture library [Internet].Available: https://www.winpcap.org/.