Browse > Article
http://dx.doi.org/10.6109/jkiice.2018.22.4.794

Performance Analysis of Detection Algorithms for the Specific Pattern in Packet Payloads  

Jung, Ku-Hyun (Department of Electronics, Information and Communications Engineering, Daejeon University)
Lee, Bong-Hwan (Department of Electronics, Information and Communications Engineering, Daejeon University)
Yang, Dongmin (Graduate School of Archives and Records Management, Chonbuk National University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.22, no.5, 2018 , pp. 794-804 More about this Journal
Abstract
Various applications running in computers exchange information in the form of packets through the network. Most packets are formatted into UDP/IP or TCP/IP standard. Network management administrators of enterprises and organizations should be able to monitor and manage packets transmitted over the network for Internet traffic measurement & monitoring, network security, and so on. The goal of this paper is to analyze the performance of several algorithms which closely examine and analyze payloads in a DPI(Deep Packet Inspection) system. The main procedure of packet payload analysis is to quickly search for a specific pattern in a payload. In this paper, we introduce several algorithms which detect a specific pattern in payloads, analyze the performance of them from three perspectives, and suggest an application method suitable for requirements of a given DPI system.
Keywords
DPI(Deep Packet Inspection); packet payload; mathematical performance analysis; fragmentation; segmentation;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S.-C. Seo, N.-Y. Ko, "A traffic analysis of Gigabit Ethernet high-speed network design," Journal of the Korea Institute of Information and Communication Engineering, vol. 6, no. 1, pp.48-54, Feb. 2002.
2 J.-H. Kim, M.-S Kim, "Research on Traffic Classification based on DNS Packet Analysis," Korean Network Operations and Management Review, vol. 13, no. 2, Oct. 2010
3 Y.-H. Goo, S.-O. Choi, S.-K. Lee, S.-M. Kim, M.-S. Kim, "A Method for Tracking the Source of Cascading Cyber Attack Traffic Using Network Traffic Analysis," The Journal of Korean Institute of Communications and Information Sciences '16-12, vol. 41 no.12, Dec. 2016.
4 K.-S. Shim, S.-H. Yoon, M.-S. Kim, "The Payload Signature Management System for Network Management on Real-Time," in Proceedings of Korean Information and Communications Society, the summer conference 2015, Ramada Plaza, Jeju, Jun. 23-25, 2015.
5 A. Hashmi, H. Berry, O. Temam, and M. Lipasti, "IP traceback based on packet marking and logging," in Proceedings of 2005 IEEE International Conference on Communications, Seoul, South Korea, 2005.
6 B. K. Kim, S. Y. Yoon, J. T. Oh, and J. S. Jang, "High-Performance Intrusion Detection Technology in FPGA-Based Reconfiguration Hardware," ETRI Electronics and Telecommunications Trends, vol. 22, no. 1, pp. 51-58, Feb. 2007.
7 Vaddempudi Srinidhi, "Classification of User Behaviour in Mobile Internet", Asia-pacific Journal of Convergent Research Interchange, Asia-pacific Journal of Convergent Research Interchange, vol. 2, no. 2, June (2016), pp. 9-18
8 J.-H. Sung, K.-H. Kim, T.-G. Kwon, B.-T. Kim, "Efficient Contents Filtering Algorithm with TCAM," in Proceedings of Joint Conference on Communications and Information 2005.
9 B.-H. Chung, S.-H Ryu, J.-D. Lim, Y.-H. Kim, K.-Y Kim, Intrusion detection method in network system, KR100656403B1, 2006.
10 Y.-H. Goo, K.-S. Shim, S.-H. Lee, Baraka D. Sjia, M.-S. Kim, "Traffic-Classification Method Using the Correlation of the Network Flow," Journal of Korean Institute of Information Scientists and Engineers, vol. 44, no. 4, pp. 433-438, Apr. 2017.
11 Y.-H. Goo, S.-H. Lee, K.-S. Shim, W.-S. Jung, S.-M. Kim, M.-S. Kim, "Multi-demensional Application Traffic Analysis using Flow Characteristic," in Proceedings of Korean Information and Communications Society Winter Conference 2017, High1 Resort, Kangwon, Jan. 18-20, 2017.
12 The industry-standard windows packet capture library [Internet].Available: https://www.winpcap.org/.
13 Snort [Internet]. Available: https://www.snort.org/.