Browse > Article

GENESIS: An Automatic Signature-generating Method for Detecting Internet Disk P2P Application Traffic  

Lee, Byung-Joon (한국전자통신연구원 NCP기술팀)
Yoon, Seung-Hyun (한국전자통신연구원 NCP기술팀)
Lee, Young-Seok (충남대학교 전기정보통신공학부 컴퓨터)
Publication Information
Journal of KIISE:Information Networking / v.34, no.4, 2007 , pp. 246-255 More about this Journal
Abstract
Due to the bandwidth-consuming characteristics of the heavy-hitter P2P applications, it has become critical to have the capability of pinpointing and mitigating P2P traffic. Traditional port-based classification scheme is no more adequate for this purpose because of newer P2P applications, which incorporating port-hopping techniques or disguising themselves as HTTP-based Internet disk services. Alternatively, packet filtering scheme based on payload signatures suggests more practical and accurate solution for this problem. Moreover, it can be easily deployed on existing IDSes. However, it is significantly difficult to maintain up-to-date signatures of P2P applications. Hence, the automatic signature generation method is essential and will be useful for successful signature-based traffic identification. In this paper, we suggest an automatic signature generation method for Internet disk P2P applications and provide an experimental results on CNU campus network.
Keywords
P2P; signature; traffic measurement; flow; IDS;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Sen, O. Spatscheck, and D. Wang, ' Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures,' WWW, 2004
2 S. Singh, C. Estan, G. Varghese, and S. Savage, ' Automated Worm Fingerprinting,' OSDI, 2004
3 T. Karagiannis, K. Papagiannaki, and M. Faloutsos, 'BLINC: Multilevel Traffic Classification in the Dark,' ACM SIGCOMM, 2005
4 T. Choi, S. Yoon, H. Chung, J. Park, B. Lee, S. Yoon, and T. Jeong, ' Flow-based Applicationaware Internet Traffic Monitoring and Field Trial Experiences,' APNOMS, 2005
5 W. Moore and D. Zuev, 'Internet Traffic Classification Using Bayesian Analysis Techniques,' ACM SIGMETRICS, 2005
6 Luca Deri, ' Open Source VoIP Traffic Monitoring,' SANE 2006
7 J. Newsome, B. Karp, and D. Song, 'Polygraph: Automatically Generating Signatures for Polymorphic Worms,' IEEE Symposium on Security and Privacy, 2005
8 T. Karagiannis, A. Broido, M. Faloutsos, and K. C. Claffy, 'Transport Layer Identification of P2P Traffic,' ACM Internet Measurement Conference, 2004
9 M. Roughan, S. Sen, O. Spatscheck, and N. Duffield,' Class-of-Service Mapping for QoS: A Statistical Signature-based Approach to IP Traffic Classification,' ACM Internet Measurement Conference, 2004
10 H. Kim and B. Karp, 'Autograph: Toward Automated, Distributed Worm Signature Detection,' 13th USENIX Security Symposium, 2004
11 P. Haffnet, S. Sen, O. Spatscheck, and D. Wang, 'ACAS: Automated Construction of Application Signatures,' ACM SIGCOMM, 2005