Browse > Article
http://dx.doi.org/10.7840/kics.2015.40.7.1339

Performance Improvement of Traffic Identification by Categorizing Signature Matching Type  

Jung, Woo-Suk (Dept. of Computer and Information Science, Korea University)
Park, Jun-Sang (Dept. of Computer and Information Science, Korea University)
Kim, Myung-Sup (Dept. of Computer and Information Science, Korea University)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.40, no.7, 2015 , pp. 1339-1346 More about this Journal
Abstract
The traffic identification is a preliminary and essential step for stable network service provision and efficient network resource management. While a number of identification methods have been introduced in literature, the payload signature-based identification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method's processing speed is much slower than other identification method such as header-based and statistical methods. In this paper, we first classifies signatures by matching type based on range, order, and direction of packet in a flow which was automatically extracted. By using this classification, we suggest a novel method to improve processing speed of payload signature-based identification by reducing searching space.
Keywords
traffic analysis; signature matching type; payload signature; processing speed;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 C.-S. Park, J.-S. Park, and M.-S. Kim, "Automatic payload signature generation system," J. KICS, vol. 38B, no. 08, pp. 615-622, Aug. 2013.   DOI
2 J.-H. Choi, J.-S. Park, and M.-S. Kim, "Processing speed improvement of http traffic classification based on hierarchical structure of signature," J. KICS, vol. 39B, no. 04, pp. 191-199, Apr. 2014.   DOI
3 F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '06), pp. 93-102, San Jose, USA, Dec. 2006.
4 C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE Symp. Architecture Netw. Commun. Syst. (ANCS '07), pp. 195-203, Orlando, USA, Dec. 2007.
5 G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis, "Regular expression matching on graphics hardware for intrusion detection," in Proc. 12th Int. Symp. Recent Advances Intrusion Detection (RAID '09), pp. 265-283, Saint-Malo, France, Sept. 2009.
6 T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd Ed., MIT Press and McGraw-Hill, 2001.
7 J.-S. Park, S.-H. Yoon, J.-W. Park, H.-S. Lee, S.-W. Lee, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system," J. KICS, vol. 35, no. 09, pp. 1287-1294, Sept. 2010.
8 J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of signature-based traffic classification system by optimizing the search space," J. KSII, vol. 12, no. 3, pp. 89-99, Jun. 2011.
9 S.-H. Lee, J.-S. Park, M.-S. Kim, and W.-J. Seok, "Application traffic identification speed improvement by optimizing payload signature matching sequence," J. KICS, vol. 40, no. 03, pp. 575-585, Mar. 2013.