DOI QR코드

DOI QR Code

Automatic Payload Signature Generation for Accurate Identification of Internet Applications and Application Services

  • Sija, Baraka D (Department of Computer and Information Science Korea University, Sejong Campus) ;
  • Shim, Kyu-Seok (Department of Computer and Information Science Korea University, Sejong Campus) ;
  • Kim, Myung-Sup (Department of Computer and Information Science Korea University, Sejong Campus)
  • Received : 2017.07.15
  • Accepted : 2017.10.30
  • Published : 2018.04.30

Abstract

The diversity and fast growth of Internet traffic volume are highly influenced by mobile and computer applications being developed. Moreover, the developed applications are too dynamic to be identified and monitored by network administrators. Several approaches have been proposed to identify network applications, however, are still not robust enough to identify modern applications. This paper proposes both, TSA (Traffic collection, Signature generation and Applications identification) system and a derived algorithm so called CSP (Contiguous Sequential Patterns) to identify applications for management and security in IP networks. The major focus of this paper is the CSP algorithm which is automated in two modules (Signature generation and Applications identification) of the proposed system. The proposed CSP algorithm generates DNA-like unique signatures capable of identifying applications and their individual services. In this paper, we show that the algorithm is suitable for generating efficient signatures to identify applications and application services in high accuracy.

Keywords

References

  1. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016-2021, , Document ID; 1454457600805266, Mar 2017
  2. Young-Joon Won, Seong-Chul Hong, Byung-Chul Park, and James Won-Ki Hong "Automated Application Signature Generation for Traffic Identification," POSTECH, Korea, Aug. 16, 2008.
  3. Ramakrishnan Srikant and Rakesh Agrawal, "Mining Sequential Patterns: Generalizations and Performance Improvements," in Proc. of Proceedings of the 5th International Conference on Extending Database Technology: Advances in Database Technology, p.3-17, March 25-29, 1996.
  4. Florent Masseglia, Fabienne Cathala and Pascal Poncelet, "The PSP Approach for Mining Sequential Patterns," in Proc. of Proceedings of the Second European Symposium on Principles of Data Mining and Knowledge Discovery, p.176-184, September 23-26, 1998.
  5. Carl Mooney and John Roddick, "Sequential pattern mining approaches and algorithms," ACM Computing Surveys (CSUR), v.45 n.2, p.1-39, February 2013,
  6. Pham, Thi-Thiet, "Efficiently Mining Sequential Generator Patterns Using Prefix Trees," Fundamenta Informaticae, vol. 138, no.3 pp. 373-386, 2015.
  7. Tae-Ho Kang, Jae-Soo Yoo and Hak-Yong Kim 2008. "Mining frequent contiguous sequence patterns in biological sequences," in Proc. of IEEE International Conference on Bioinformatics and Bioengineering, 2007, pages 723-8.
  8. Syeda Farzana Zerin, Chowdhury Farhan Ahmed, Syed Khairuzzaman Tanbeer and Byeong-Soo Jeong, "A fast-indexed based contiguous sequential pattern mining technique in biological data sequences," in Proc. of Proceedings of 2nd International Conference on Emerging Databases (EBD'10), Jeju.
  9. Subramanian Rajasekaran, Lawrence Arockiam, "Frequent Contiguous Pattern Mining Algorithms for Biological Data Sequences," International Journal of Computer Applications, vol. 951, no. 14, 15-20 June 2014. https://doi.org/10.5120/16661-6646
  10. Md. Rezaul Karim, Md. Mamunur Rashid, Byeong-Soo Jeong and Ho-Jin Choi, "An Efficient Approach to Mining Maximal Contiguous Frequent Patterns from Large DNA Sequence Databases," Genomics & Informatics, vol. 10, no. 1, pp.51-57, March 2012. https://doi.org/10.5808/GI.2012.10.1.51
  11. Syeda Farzana Zerin and Byeong-Soo Jeong, "A Fast-Contiguous Sequential Pattern Mining Technique in DNA Sequences Using Position Information," IETE Technical Review, vol.28, Issue. 6, Sep 2014.
  12. P.K. Janbandhu, M.Y. Siyal, "Novel biometric digital signatures for Internet‐based applications," Information Management & Computer Security, vol. 9, Issue. 5, pp.205-212, 2001. https://doi.org/10.1108/09685220110408022
  13. James Newsome, Brad Karp, Dawn Song, Polygraph: "Automatically generating signatures for polymorphic worms," in Proc. of Security and Privacy 2005 IEEE Symposium on, IEEE, pp. 226-241, 2005.
  14. Byung-Chul Park, Young-Joon Won, Myung-Sup Kim, James Won-Ki Hong, "Towards automated application signature generation for traffic identification," in Proc. of Network Operations and Management Symposium, 2008. NOMS 2008. IEEE, pp. 160-167, 2008.
  15. Mingjiang Ye, Ke Xu, Jianping Wu and Hu Po, "Autosig-automatically generating signatures for applications," in Proc. of Computer and Information Technology, 2009. CIT'09. Ninth IEEE International Conference on, IEEE, pp. 104-109, 2009.
  16. Roberto Perdisci, Wenke Lee and Nick Feamster, "Behavioral clustering of HTTP-based malware and signature generation using malicious network traces," in Proc. of Proceedings of the 7th USENIX conference on Networked systems design and implementation, p.26-26, April 28-30, 2010, San Jose, California.
  17. Zhanyi Wang, "The Applications of Deep Learning on Traffic Identification," networks[C]//Advances in neural information processing systems, pp.1097‐1105, 2012.
  18. Yu Wang, Yang Xiang, Wanlei Zhou, Shunzheng Yu, "Generating regular expression signatures for network traffic classification," Trusted network management Journal of Network and Computer Applications, vol. 35, pp. 992-1000, 2012. https://doi.org/10.1016/j.jnca.2011.03.017
  19. Rafique M.Z. and Caballero J. "FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors," in Proc. of International Workshop on Recent Advances in Intrusion Detection, Research in Attacks, Intrusions, and Defenses. RAID 2013. Lecture Notes in Computer Science, vol. 8145. Springer, Berlin, Heidelberg, 2013.
  20. Mu Cheng, Huang Xiaohong, Wu Jun and Ma Yan, "Network traffic signature generation mechanism using principal component analysis," China Communications, Nov 2013, Vol 10, Issue 11, Page(s). 95 - 106. https://doi.org/10.1109/CC.2013.6674214
  21. Cheng Mu, Xu TIAN, Xiao-hong HUANG and Yan Ma, "FlowAntEater: network traffic automatic signature generator," The Journal of China Universities of Posts and Telecommunications, vol. 20, August 2013, Pages 69-74.
  22. Justin Tharp, Jin-Oh Kim, Sang C. Suh and Hyeon-Koo Cho, "Reconciling Multiple Matches for the Signature-Based Application Identification," Journal of Communications, vol. 8, no. 12, December 2013.
  23. Hwan-Hee Kim, Mi-Jung Choi, "Towards Automatic Signature Generation for Identification of HTTP-based Applications," in Proc. of the Asia-Pacific Network Operations and Management Symposium (APNOMS), Hiroshima, Japan, Sep. 25. 2013.
  24. Sung-Ho Yoon, Jun-Sang Park and Myung-Sup Kim. "Behavior Signature for Fine-grained Traffic Identification," Applied Mathematics & Information Sciences, vol. 9, no. 2L, pp. 523-534, 2015.
  25. Q. Xu, Y. Liao, S. Miskovic, Z. M. Mao, M. Baldi, A. Nucci, T. Andrews, "Automatic generation of mobile app signatures from traffic observations," in Proc. of Computer Communications (INFOCOM) 2015 IEEE Conference on., pp. 1481-1489, 2015.
  26. Deep Mann, Shashank Gupta, Ankit Sharma and Shakil Akhtar, "Digital Signature using Biometrics," in Proc. of Proceedings of the World Congress on Engineering and Computer Science 2015 Vol I WCECS 2015, San Francisco, USA, October 21-23, 2015.
  27. Hyun-Min An, Su-Kang Lee, Jae-Hyun Ham and Myung-Sup Kim, "Traffic Identification Based on Applications using Statistical Signature Free from Abnormal TCP Behavior," J. Inf. Sci. Eng. Vol. 31, no. 5, pp.1669-1692, 2015.
  28. Kyu-Seok Shim, Sung-Ho Yoon, Su-Kang Lee, Young-Joo Won and Myung-Sup Kim, "SigBox: Automatic Signature Generation Method for Fine-grained Traffic Identification," Journal of Information Science and Engineering, vol. 33, no. 2, 2017.
  29. Vinoth George C and Vinodh Ewards, "A Survey on Signature Generation Methods for Network Traffic Classification," International Journal of Advanced Research in Computer Science, Vol 4, No.4, Mar-Apr 2013.
  30. I. Butun, M. Erol-Kantarci, B. Kantarci, H. Song, "Cloud-centric multi-level authentication as a service for secure public safety device networks," IEEE Commun. Mag., vol. 54, no. 4, pp. 47-53, Apr. 2016. https://doi.org/10.1109/MCOM.2016.7452265
  31. Xiao Liu, Yuxin Liu, Houbing Song, and Anfeng Liu, "Big Data Orchestration as a Service Networking," IEEE Commun. Mag., vol. 55, Issue 9, pp. 94 - 101, Sep. 2017.
  32. Saeed Javanmardi, Mohammad Shojafar, Shahdad Shariatmadari and Sima S. Ahrabi, "FR trust: a fuzzy reputation-based model for trust management in semantic P2P grids", International Journal of Grid and Utility Computing, vol. 6 no. 1, p.57-66, December 2015.
  33. G. Combs. Wireshark [Online], accessed on Jun. 2014. Available: Article (CrossRef Link)
  34. Microsoft. Microsoft Network Monitor, Jun. 24th, 2010.

Cited by

  1. Two-Pathway Model for Enhancement of Protocol Reverse Engineering vol.14, pp.11, 2018, https://doi.org/10.3837/tiis.2020.11.004