[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3837/tiis.2019.03.009

Automatic Payload Signature Update System for the Classification of Dynamically Changing Internet Applications

Shim, Kyu-Seok (Dept. of Computer and Information Science Korea University)
Goo, Young-Hoon (Dept. of Computer and Information Science Korea University)
Lee, Dongcheul (Dept. of Multimedia Engineering Hannam University)
Kim, Myung-Sup (Dept. of Computer and Information Science Korea University)

Publication Information

KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.3, 2019 , pp. 1284-1297 More about this Journal

Abstract

The network environment is presently becoming very increased. Accordingly, the study of traffic classification for network management is becoming difficult. Automatic signature extraction system is a hot topic in the field of traffic classification research. However, existing automatic payload signature generation systems suffer problems such as semi-automatic system, generating of disposable signatures, generating of false-positive signatures and signatures are not kept up to date. Therefore, we provide a fully automatic signature update system that automatically performs all the processes, such as traffic collection, signature generation, signature management and signature verification. The step of traffic collection automatically collects ground-truth traffic through the traffic measurement agent (TMA) and traffic management server (TMS). The step of signature management removes unnecessary signatures. The step of signature generation generates new signatures. Finally, the step of signature verification removes the false-positive signatures. The proposed system can solve the problems of existing systems. The result of this system to a campus network showed that, in the case of four applications, high recall values and low false-positive rates can be maintained.

Keywords

Automatic; Traffic Classification; Association Rule Mining; Payload Signature;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	D.M.POWERS, "Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation," Journal of Machine Learning Technologies, Dec, 2011.
2	S.H. Yoon, J.S. Park, and M.S. Kim , "Behavior Signature for Fine-grained Traffic Identification," Applied Mathematics & Information Sciences, Vol. 9, No. 2L, pp. 523-534, Apr. 2015.
3	S. H. Yoon, H. G. Roh, and M. S. Kim, "Internet Application Traffic Classification using Traffic Measurement Agent" KIPS Commun., pp. 946-949, Daegu, Korea, May 2008.
4	M. Ye, K. Xu, J. Wu, and H. Po, "Autosig-automatically generating signatures for applications," in Proc. of the 9th IEEE International Conference on Computer and Information Technology, pp. 104-109, 2009.
5	M.-S. Kim, Y. J. Won, and J. W.-K. Hong, "Application-level traffic monitoring and an analysis on IP networks," ETRI journal, vol. 27, pp. 22-42, 2005. DOI
6	B. Park, Y. Won, J. Chung, M. S. Kim, and J. W. K. Hong, "Fine-grained traffic classification based on functional separation," International Journal of Network Management, vol. 23, pp. 350-381, Sep 2013. DOI
7	B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, "Towards automated application signature generation for traffic identification," in Proc. of Network Operations and Management Symposium, NOMS 2008, IEEE, pp. 160-167, 2008.
8	X. Feng, X. Huang, X. Tian, and Y. Ma, "Automatic traffic signature extraction based on Smith-waterman algorithm for traffic classification," in Proc. of Broadband Network and Multimedia Technology (IC-BNMT), 2010 3rd IEEE International Conference on, pp. 154-158, 2010.
9	H.-A. Kim and B. Karp, "Autograph: Toward Automated, Distributed Worm Signature Detection," in Proc. of USENIX security symposium, 2004.
10	Y. Wang, Y. Xiang, and S. Z. Yu, "An automatic application signature construction system for unknown traffic," Concurrency and Computation-Practice & Experience, vol. 22, pp. 1927-1944, Sep 2010. DOI
11	Y. Choi, An Automated Classifier Generation System for Application-Level Mobile Traffic Identification, 2011.
12	P. Haffner, S. Sen, O. Spatscheck, and D. Wang, "ACAS: automated construction of application signatures," in Proc. of the 2005 ACM SIGCOMM workshop on Mining network data, pp. 197-202, 2005.
13	IANA port number list. Available: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
14	T. Choi, C. Kim, S. Yoon, J. Park, B. Lee, H. Kim, et al., "Content-aware internet application traffic measurement and analysis," in Proc. of Network Operations and Management Symposium, 2004. NOMS 2004, IEEE/IFIP, pp. 511-524, 2004.
15	N. F. Huang, G. Y. Jai, H. C. Chao, Y. J. Tzang, and H. Y. Chang, "Application traffic classification at the early stage by characterizing application rounds," Information Sciences, vol. 232, pp. 130-142, May 2013. DOI
16	R. Agrawal and R. Srikant, "Mining sequential patterns," in Proc. of Data Engineering the Eleventh International Conference on, pp. 3-14, 1995.
17	R. Agrawal and R. Srikant, "Fast algorithms for mining association rules," in Proc. of 20th int. conf. very large data bases, VLDB, pp. 487-499, 1994.
18	S.H.Yoon, H.G.No, M.S.Kim, "Internet Application Traffic Classification using the TMA(Traffic Measurement Agent)," in Proc. of 29th KIPS, Daegu, KyungIl University, Vol.15, No.1, pp.946-949, May. 17, 2008.
19	K.S.Shim, S.H.Yoon, S.K.Lee, S.M.Kim, W.S.Jung, M.S.Kim, "Automatic Generation of Snort Content Rule for Network Traffic Analysis," KICS, Vol.40, No.04, pp.666-677, April, 2015. DOI