Browse > Article

Pattern-based Signature Generation for Identification of HTTP Applications  

Jin, Chang-Gyu (Department of Computer Science, Kangwon National University)
Choi, Mi-Jung (Department of Computer Science, Kangwon National University)
Publication Information
Journal of Information Technology and Architecture / v.10, no.1, 2013 , pp. 101-111 More about this Journal
Abstract
Internet traffic volume has been increasing rapidly due to popularization of various smart devices and Internet development. In particular, HTTP-based traffic volume of smart devices is increasing rapidly in addition to desktop traffic volume. The increased mobile traffic can cause serious problems such as network overload, web security, and QoS. In order to solve these problems of the Internet overload and security, it is necessary to accurately detect applications. Traditionally, well-known port based method is utilized in traffic classification. However, this method shows low accuracy since P2P applications exploit a TCP/80 port, which is used for the HTTP protocol; to avoid firewall or IDS. Signature-based method is proposed to solve the lower accuracy problem. This method shows higher analysis rate but it has overhead of signature generation. Also, previous signature-based study only analyzes applications in HTTP protocol-level not application-level. That is, it is difficult to identify application name. Therefore, previous study only performs protocol-level analysis. In this paper, we propose a signature generation method to classify HTTP-based traffics in application-level using the characteristics of typical semi HTTP header. By applying our proposed method to campus network traffic, we validate feasibility of our method.
Keywords
HTTP application traffic analysis; signature generation; regular expression;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Huifang Feng, and Yantai Shu, "Statistical Analysis of Packet Interarrival Times in Wireless," Proc. of the Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference, Shanghai, China, pp. 1888-1891, Sept., 21-25, 2007.
2 Risso, F. Baldi, M. Morandi, O. Baldini, A. Monclus, P. Lightweight, "Payload-Based Traffic Classification: An Experimental Evaluation," Proc. of the IEEE International Conference (ICC), 2008.
3 Rentao Gu, Minhuo Hong, Hongxiang Wang, and Yuefeng Ji, "Fast Traffic Classification in High Speed Networks," Proc. of the Asia-Pacific Network Operations and Management Symposium (APNOMS) 2008, LNCS 5297, Beijing, China, pp. 429-432, Oct., 22-24, 2008.
4 Ying-Dar Lina, Chun-Nan Lua, Yuan-Cheng Laib, Wei-Hao Penga, and Po-Ching Lina, "Application classification using packet size distribution and port association," Proc. of the Journal of Network and Computer Applications, In Press, Corrected Proof, Available online, March, 20, 2009.
5 나종회, 최영진, 신동익, "스마트워크 환경에서의 보안 위협에 관한 탐색적 연구," 정보기술아키텍처연구, 제9권 1호, 2012. 3.
6 강복영, 김동수, 강석호 "비획득 정보 처리를 위한 대체 기반 실시간 비즈니스 프로세스 모니터링 방법론 개발," 정보기술아키텍처연구, 제7권 2호, 2010.10.
7 Jeffrey Erman, Martin Arlitt, Anirban Mahanti, "Traffic Classification Using Clustering Algorithms", Proc. of SIGCOMM Workshop on Mining network data, Pisa, Italy, pp. 281-286, Sep., 2006.
8 A. Moore and K. Papagiannaki, "Toward the Accurate Identification of Network Applications," Passive and Active Measurements Workshop, Boston, MA, USA, March 31, April 1, 2005.
9 Wei Li, Andrew W. Moore, and Marco Canini, "Classifying HTTP Traffic in the New Age," ACM SIGCOMM'08, Seattle, USA, August 17-22, 2008.
10 Dainotti, A., Pescape, A., and Claffy, K., "Issues and future directions in traffic classification," IEEE Networks, Vol. 26, No. 1, pp. 35-40, 2012.
11 Byung-Chul Park, Young J. Won, Myung-Sup Kim, and James Won-Ki Hong. "Towards Automated Application Signature Generation for Traffic Identification," Proc. of the IEEE/IFIP Network Operations and Management Symposium (NOMS 2008), Salvador, Brazil, Apr. 7-11, 2008, pp. 160-167.
12 Hur Min, Myung-Sup Kim, "Towards Smart Phone Traffic Classification," Proc. of the Asia-Pacific Network Operations and Management Symposium (APNOMS) 2012, Seoul, Korea, Sep. 25-27, 2012.
13 최미정, 진창규, 김명섭, "HTTP 트래픽의 클라이언트측 어플리케이션별 분류," 한국통신학회논문지, Vol. 36, No. 11, Nov. 2011, pp. 1277-1284.
14 Internet Assigned Numbers Authority list, http://www.iana.org/assignments /port-numbers
15 "RFC 1945", HTTP://www.ietf.org/rfc/rfc1945.txt
16 Myung-Sup Kim, Young J. Won, and James Won-Ki Hong, "Application-Level Traffic Monitoring and an Analysis on IP Networks," ETRI Journal, Vol. 27, No. 1, pp. 22-42, Feb., 2005.   DOI