Browse > Article
http://dx.doi.org/10.7840/kics.2013.38B.8.615

Automatic Payload Signature Generation System  

Park, Cheol-Shin (고려대학교 컴퓨터정보학과 네트워크 관리 연구실)
Park, Jun-Sang (고려대학교 컴퓨터정보학과 네트워크 관리 연구실)
Kim, Myung-Sup (고려대학교 컴퓨터정보학과 네트워크 관리 연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.38B, no.8, 2013 , pp. 615-622 More about this Journal
Abstract
Fast and accurate signature extraction is essential to improve the performance of the payload signature-based traffic analysis methods. However the slow manual process in extracting signatures make difficult to deal with the rapidly changing application in current Internet environment. Therefore, in this paper we propose a system automatically generating signatures from ground-truth traffic data. In addition, we improve the efficiency of signature extraction by recognizing the application protocol using a protocol filters and generating signatures automatically according to the application-specific protocol contents. In order to verify the validity of the system proposed in this paper, we compared the signatures automatically generated from our system with the signatures manually created for a few popular applications.
Keywords
Automated Signature Generation; Payload Signature; Signature Generation; Traffic analysis; Traffic Classification;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 TCPDUMP & LiBPCAP, LiBPCAP, Retrieved 3, 2, 2013, from http://www.tcpdump.org.
2 J.-H. Kim, S.-H. Yoon, and M.-S. Kim, "Research on traffic taxonomy for internet traffic classification," in Proc. APNOMS 2011, pp. 21-23, Taipei, Taiwan, Sep. 2011.
3 IANA, IANA port number list, Retrieved 3, 2, 2013, from http://www.iana.org/assignments/port-numbers
4 W. Scheirer and M. Chuah. Comparison of three sliding-window based worm signature generation schemes, Lehigh Univ. Technical Report LU-CSE-05-025, 2005.
5 T. S. Choi, C. H. Kim, S. H. Yoon, J. S. Park, H. S. Chung, B. J. Lee, H. H. Kim, and T. S. Jeong, "Rate-based internet accounting system using application-aware traffic measurement," in Proc. APNOMS 2003, pp. 404-415, Fukuoka, Japan, Oct. 2003.
6 J.-S. Park, J.-W. Park, S.-H. Yoon, H.-S. Lee, and M.-S. Kim, "Development of signature generation and update system for application-level traffic classification," J. KIPS, vol. 17C, no. 1, pp. 99-108, Feb. 2010.   과학기술학회마을   DOI   ScienceOn
7 M. Ye, K. Xu, J. Wu, and H. Po. "AutoSig-automatically generating signatures for applications," in Proc. IEEE CIT '09, vol. 2, pp. 104-109, Xiamen, China, Oct. 2009.
8 C. Mu, X.-H. Huang, X. Tian, Y. Ma, and J.-L. Qi, "Automatic traffic signature extraction based on fixed bit offset algorithm for traffic classification," J. China Univ. Posts Telecommun., vol. 18, no. 2, pp. 79-85, Dec. 2011.   DOI   ScienceOn
9 WinPcap, WinPcap, Retrievd 3, 2, 2013, from http://www.winpcap.org.
10 G. Szabo, Z. Turanyi, L. Toka, S. Molnar, and A. Santos, "Automatic protocol signature generation framework for deep packet inspection," in Proc. ICST VALUETOOLS '11, pp. 291-299, Cachan, France, May 2011.
11 Wireshark, Wireshark, Retrieved 3, 2, 2013, from http://www.wireshark.org/.
12 Microsoft, Microsoft Network Monitor 3.4, Retrieved 3, 2, 2013, from http://www.microsoft.com/en-us/download/details.aspx?id=4865.