Browse > Article
http://dx.doi.org/10.7840/kics.2016.41.10.1301

High Performance Signature Generation by Quality Evaluation of Payload Signature  

Lee, Sung-Ho (Korea University Department of Computer and Information Science)
Kim, Jong-Hyun (Network Security Research Section, Cyber Security Research Laboratory, ETRI)
Goo, Young-Hoon (Korea University Department of Computer and Information Science)
Sija, Baraka D. (Korea University Department of Computer and Information Science)
Kim, Myung-Sup (Korea University Department of Computer and Information Science)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.41, no.10, 2016 , pp. 1301-1308 More about this Journal
Abstract
Internet traffic identification is an essential preliminary step for stable service provision and efficient network management. The payload signature-based-classification is considered as a reliable method for Internet traffic identification. But its performance is highly dependent on the number and the structure of signatures. If the numbers and structural complexity of signatures are not proper, the performance of payload signature-based-classification easily deteriorates. Therefore, in order to improve the performance of the identification system, it is necessary to regulate the numbers of the signature. In this paper, we propose a novel signature quality evaluation method to decide which signature is highly efficient for Internet traffic identification. We newly define the signature quality evaluation criteria and find the highly efficient signature through the method. Quality evaluation is performed in three different perspectives and the weight of each signature is computed through those perspectives values. And we construct the signature map(S-MAP) to find the highly efficient signature. The proposed method achieved an approximately fourfold increased efficiency in application traffic identification.
Keywords
Application Traffic Identification; Application Signature; Signature Quaility Evaluation S-Map;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 J. S. Park, J. W. Park, S. H. Yoon, Y. S. Oh, and M. S. Kim, "Development of signature generation system and verification network for application level traffic classification," in Proc. KIPS Conf., pp. 1288-1291, Pusan, Korea, Apr. 2009.
2 S. H. Yoon, H. G. Roh, and M. S. Kim, "Internet application traffic classification using traffic measurement agent," in Proc. KIPS Conf., pp. 618, Jeju Island, Korea, Jul. 2008.
3 F. Yu, Z. Chen, Y. Dino, T. V. Lakshman, and R. H. Katz, "Fast and memory efficient regular expression matching for deep packet inspection," ANCS, San jose, California, USA, Dec. 2006.
4 C. L. Hayes and Y. Luo, "DPICO: a high speed deep packet inspection engine using compact finite automata," ACM/IEEE Symp. Architecture Netw. Commun. Syst., Orlando, Florida, USA, Dec. 2007.
5 C. L. Hayes and Y. Luo, "DPICO: A high speed deep packet inspection engine using compact finite automata," in Proc. ACM/IEEE ANCS '07, pp. 195-203, Orlando, USA, Dec. 2007.
6 J. S. Park and M. S. Kim, "Performance improvement of application-level traffic classification system using application traffic pattern," in Proc. KICS Int. Conf. Commun., pp. 3-7, Jeju, Korea, Jun. 2011.
7 J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system using application traffic locality," J. KICS, vol. 38B, no. 7, pp. 519-525, Jul. 2013.   DOI
8 J.-H. Choi, J.-S. Park, and M.-S. Kim, "Processing speed improvement of traffic classification based on payload signature hierarchy," J. KICS, vol. 39B, no. 04, pp. 191-199, Apr. 2014.   DOI
9 C.-S. Park, J.-S. Park, and M.-S. Kim, "Automatic payload signature generation system," J. KICS, vol. 38B, no. 08, pp. 615-622, Aug. 2013.   DOI
10 W.-S. Jung, J.-S. Park, and M.-S. Kim, "Performance improvement of traffic identification by categorizing the signature matching type," J. KICS, vol. 40, no. 07, pp. 1-8, Jul. 2015.   DOI