Browse > Article
http://dx.doi.org/10.7840/kics.2013.38B.7.519

Performance Improvement of the Payload Signature based Traffic Classification System Using Application Traffic Locality  

Park, Jun-Sang (고려대학교 컴퓨터정보학과 네트워크 관리 연구실)
Yoon, Sung-Ho (고려대학교 컴퓨터정보학과 네트워크 관리 연구실)
Kim, Myung-Sup (고려대학교 컴퓨터정보학과 네트워크 관리 연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.38B, no.7, 2013 , pp. 519-525 More about this Journal
Abstract
The traffic classification is a preliminary and essential step for stable network service provision and efficient network resource management. However, the payload signature-based method has a significant drawback in high-speed network environment that the processing speed is much slower than other method such as header-based and statistical methods. In this paper, We propose the server IP, Port cache-based traffic classification method using application traffic locality to improve the processing speed of traffic classification. The suggested method achieved about 10 folds improvement in processing speed and 10% improvement in completeness over the payload-based classification system.
Keywords
payload signature; Internet traffic identification; cache;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. S. Park, J. W. Park, S. H. Yoon, Y. S. Oh, and M. S. Kim, "Development of signature generation system and verification network for application level traffic classification," in Proc. KIPS Conf., pp. 1288-1291, Pusan, Korea, Apr. 2009.
2 S. H. Yoon, H. G. Roh, and M. S. Kim, "Internet application traffic classification using traffic measurement agent," in Proc. KICS Summer Conf., pp. 1747-1750, Jeju Island, Korea, July 2008.
3 S.-H. Yoon, J.-W. Park, Y.-S. Oh, J.-S. Park, and M.-S. Kim, "Internet Application Traffic Classification Using Fixed IP-port," Lecture Notes in Computer Science, vol. 5787, pp. 21-30, 2009.
4 F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," in Proc. ACM/IEEE Symp. Architecture Networking Commun. Syst. (ANCS '06), pp. 93-102, San Jose, U.S.A., Dec. 2006.
5 C. L. Hayes and Y. Luo, "DPICO: a high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE Symp. Architecture Networking Commun Syst. (ANCS '07), pp. 195-203, Orlando, U.S.A., Dec. 2007.
6 G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis, "Regular expression matching on graphics hardware for intrusion detection," in Proc. 12th Int. Symp. Recent Advances Intrusion Detection (RAID '09), pp. 265-283, Saint-Malo, France, Sep. 2009.
7 T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms, 2nd Ed., MIT Press and McGraw-Hill, 2001.
8 A. Mitra, W. Najjar, and L. Bhuyan, "Compiling PCRE to FPGA for accelerating SNORT IDS," in Proc. 3rd ACM/IEEE Symp. Architecture Networking Commun. Syst. (ANCS '07), pp. 127-136, Orlando, U.S.A., Dec. 2007.
9 S. H. Yoon, J. S. Park, J. W. Park, Y. S. Oh, and M. S. Kim, "A study of evaluation and verification method for internet traffic classification," in Proc. KICS Fall Conf., pp. 864-865, Seoul, Korea, Nov. 2009.
10 S. Campbell and J. Lee, "Prototyping a 100G monitoring system," in Proc. 20th Euromicro Int. Conf. Parallel, Distributed Network-Based Process. (PDP '12), pp. 293-297, Garching, Germany, Feb. 2012.