• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.11
• /
• pp.2160-2168
• /
• 2015

The SSL/TLS, one of the most popular encryption protocol, was developed as a solution of various network security problem while the network traffic has become complex and diverse. But the SSL/TLS traffic has been identified as its protocol name, not its used services, which is required for the effective network traffic management. This paper proposes a new method to generate service signatures automatically from SSL/TLS payload data and to classify network traffic in accordance with their application services. We utilize the certificate publication information field in the certificate exchanging record of SSL/TLS traffic for the service signatures, which occurs when SSL/TLS performs Handshaking before encrypt transmission. We proved the performance and feasibility of the proposed method by experimental result that classify about 95% SSL/TLS traffic with 95% accuracy for every SSL/TLS services.

• The Journal of Society for e-Business Studies
• /
• v.17 no.3
• /
• pp.61-72
• /
• 2012

Since XML allows users to define any tags, XML documents with various structures have been created. Accordingly, many studies on clustering and searching the XML documents based on the similarity of paths have been done in order to manage the documents efficiently. To retrieve XML documents having similar structures, the three-dimensional bitmap indexing technique uses a path as a unit when it creates an index. If a path structure is changed, the technique recognizes it as a new path. Thus, another technique to measure the similarity of paths was proposed. To compute the similarity between two paths, the technique compares every node of the paths. It causes unnecessary comparison of the nodes, which do not exist in common between the two paths. In this paper, we propose a new technique that minimizes the comparison using signatures and show the performance evaluation results of the technique. The comparison speed of proposed technique was 20 percent faster than the existing technique.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1234-1244
• /
• 2009

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services and applications on Internet, which makes the need of application-level traffic classification important for the efficient management and control of network resources. Although lots of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in terms of accuracy and completeness. In this paper we propose an application traffic classification method using statistic signatures, defined as a directional sequence of packet size in a flow, which is unique for each application. The statistic signatures of each application are collected by our automatic grouping and extracting mechanism which is mainly described in this paper. By matching to the statistic signatures we can easily and quickly identify the application name of traffic flows with high accuracy, which is also shown by comprehensive excrement with our campus traffic data.

• The KIPS Transactions:PartC
• /
• v.18C no.4
• /
• pp.243-250
• /
• 2011

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services on Internet, which makes the need of traffic identification important for efficient operation and management of network. In recent years traffic identification methodology using statistical features of flow has been broadly studied. We also proposed a traffic identification methodology using payload size distribution in our previous work, which has a problem of low completeness. In this paper, we improved the completeness by solving the PSD conflict using IP and port. And we improved the accuracy by changing the distance measurement between flow and statistic signature from vector distance to per-packet distance. The feasibility of our methodology was proved via experimental evaluation on our campus network.

• The Transactions of the Korea Information Processing Society
• /
• v.3 no.4
• /
• pp.720-732
• /
• 1996

Spatial match retrieval methods for iconic image databases recognize an image document as several icon symbols. Therefore the iconic symbols are used as primary keys to index the image document. When a user requires content-based retrieval ofimages, a spatial match retrieval method converts a query image into iconic symbols and then retrieves relevant images by accessing stored images. In order to support content-based image retrieval efficiently, we, in this paper, propose spatial match retrieval methods using signatures for iconic image databases. For this, we design new index representations of two-dimensional iconic images and explain implemented system.. In addition, we compare the conventional 9-DLT and our two-dimensional image retrieval method in terms of retrieval precision and recall ratio. We show that our method is more efficient than the conventional method.

• Journal of KIISE
• /
• v.43 no.3
• /
• pp.289-295
• /
• 2016

Malware authors spread malware variants in order to evade detection. It's hard to detect malware variants using static analysis. Therefore dynamic analysis based on API call information is necessary. In this paper, we proposed a malware family recommendation method to assist malware analysts in classifying malware variants. Our proposed method extract API call information of malware families by dynamic analysis. Then the multiple sequence alignment technique was applied to the extracted API call information. A signature of each family was extracted from the alignment results. By the similarity of the extracted signatures, our proposed method recommends three family candidates for unknown malware. We also measured the accuracy of our proposed method in an experiment using real malware samples.

• Journal of Internet Computing and Services
• /
• v.12 no.3
• /
• pp.89-99
• /
• 2011

The payload signature-based traffic classification system has to deal with large amount of traffic data, as the number of internet-based applications and network traffic continue to grow. While a number of pattern-matching algorithms have been proposed to improve processing speedin the literature, the performance of pattern matching algorithms is restrictive and depends on the features of its input data. In this paper, we studied how to optimize the search space in order to improve the processing speed of the payload signature-based traffic classification system. Also, the feasibility of our design choices was proved via experimental evaluation on our campus traffic trace.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.12
• /
• pp.2931-2946
• /
• 1997

In multimedia information retrieval applications, content-based image retrieval is essential for retrieving relevant multimedia documents. The purpose of our paper is to provide effective representation and efficient retrieval of images when a pixel-level original image is automatically or manually transformaed into its iconic image containing meaningful graphic descriptions, called icon objects. For this, we first propose new spatial match representationschemes to describe spatial relationships between icon objects accurately by expressing them as rectangles, rather than as points. In order to accelerate image searching, we also design an efficient retrieval method using a two-dimensional signature file organization. Finally, we show from our experiment that the proposed representation schemes achieve better retrieval effectiveness than the 9-DLT (Direction Lower Triangular) scheme.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.6B
• /
• pp.600-607
• /
• 2011

As network traffic is dramatically increasing due to the popularization of Internet, the need for application traffic identification becomes important for the effective use of network resources. In this paper, we present an Internet application traffic identification method based on flow correlation to overcome limitation of signature-based identification methods and to improve performance (completeness) of it. The proposed method can identify unidentified flows from signature-based method using flow correlation between identified and unidentified flows. We propose four separate correlation methods such as Server-Client, Time, Host-Host, and Statistic correlation and describe a flow correlation-based identification system architecture which incorporates the four separate methods. Also we prove the feasibility and applicability of our proposed method by an acceptable experimental result.

• Journal of the Korean Institute of Telematics and Electronics B
• /
• v.31B no.6
• /
• pp.1-9
• /
• 1994

Astorage structure using signatures is proposed to evaluate efficently queries including conditions of nested attributes in the nested relational databases This method stores a subrelation signature into the storage structure for a nested tuple with its subrelation pointer. During query processing steps, the subrelation signatures are matched first with the nested predicates in the query. When the match operation completes with success then physical retrieval of the subrelation occurrs resulting in reduction of disk 1/Os.