Browse > Article
http://dx.doi.org/10.7840/kics.2015.40.3.575

Application Traffic Identification Speed Improvement by Optimizing Payload Signature Matching Sequence  

Lee, Sung-Ho (Korea University Department of Computer and Information Science)
Park, Jun-Sang (Korea University Department of Computer and Information Science)
Kim, Myung-Sup (Korea University Department of Computer and Information Science)
Seok, Woojin (University of Science & Technology)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.40, no.3, 2015 , pp. 575-585 More about this Journal
Abstract
The traffic classification is a preliminary and essential step for stable network service provision and efficient network resource management. However, the payload signature-based method has significant drawbacks in high-speed network environment that the processing speed is much slower than other methods such as header-based and statistical methods. In addition, as signature numbers are increasing, traffic analysis speed also declines because of signature matching method that does not consider analytic efficiency of each signature and traffic occurrence feature. In this paper, we propose a signature list reordering method in order by analytic value of each signature. When we reordered the signature list by the proposed method, we achieved about 30% improvement in speed of the traffic analysis compared with random signature list.
Keywords
traffic analysis; signature matching; Torrent; Identification; network management;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 J. S. Park, J. W. Park, S. H. Yoon, Y. S. Oh, and M. S. Kim, "Development of signature generation system and verification network for application level traffic classification," in Proc. KIPS Conf., pp. 1288-1291, Pusan, Korea, Apr. 2009.
2 S. H. Yoon, H. G. Roh, and M. S. Kim, "Internet application traffic classification using traffic measurement agent," in Proc. KICS Summer Conf., pp. 1747-1750, Jeju Island, Korea, Jul. 2008.
3 S.-H. Yoon and M.-S. Kim, "Research on signature maintenance method for internet application traffic identification using header signatures," J. KICS, vol. 36 no. 6, pp. 600- 607, Jun. 2011.   DOI
4 R. Antonello, S. Fernandes, D. Sadok, and J. Kelner, "Characterizing signature sets for testing DPI systems," in Proc. IEEE GLOBECOM Management of Emerging Networks and Services Workshop, pp. 678- 683, Houston, TX, USA, Dec. 2011.
5 Y. Jin, N. Duffield, J. Erman, P. Haffner, S. Sen, and Z.-L. Zhang, "A modular machine learning system for flow-level traffic classification in large networks," ACM Trans. Knowledge Discovery from Data, vol. 6, no. 1, pp. 1-34, Mar. 2012.
6 S.-H. Yoon and M.-S. Kim, "Behavior signature for big data traffic identification," in Proc. Int. Conf. Big Data and Smart Comput. (BigComp), pp. 261-266, Bangkok, Thailand, Jan. 2014.
7 F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '06), pp. 93-102, San Jose, USA, Dec. 2006.
8 C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 195-203, Orlando, USA, Dec. 2007.
9 G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis, "Regular expression matching on graphics hardware for intrusion detection," in Proc. 12th Int. Symp. Recent Advances Intrusion Detection (RAID '09), pp. 265-283, Saint-Malo, France, Sept. 2009.
10 T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd Ed., MIT Press and McGraw-Hill, 2001.
11 J.-H. Choi and M.-S. Kim, "Processing speed improvement of traffic classification based on payload signature hierarchy," in Proc. Asia-Pacific Network Operations and Management Symp.(APNOMS), Hiroshima, Japan, Sept. 2013.
12 S.-H. Yoon and M.-S. Kim, "Performance improvement of a real-time traffic identification system on a multi-core CPU environment," J. KICS, vol. 37B, no. 5, pp. 348-356, May 2012.
13 A. Mitra, W. Najjar, and L. Bhuyan, "Compiling PCRE to FPGA for accelerating SNORT IDS," in Proc. 3rd ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 127-136, Orlando, USA, Dec. 2007.
14 J. S. Park and M. S. Kim, "Performance improvement of application-level traffic classification system using application traffic pattern," in Proc. KICS Summer Conf., pp. 3-7, Jeju, Korea, Jun. 2011.
15 J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system using application traffic locality," J. KICS, vol. 38B, no. 7, pp. 519-525, Jul. 2013.   DOI
16 J. S. Park, S. H. Yoon, M. S. Kim, "Software architecture for a lightweight payload signature-based traffic classification system," in Proc. Traffic Monitoring and Anal. Workshop, pp. 136-149, Vienna, Austria, Apr. 2011.