• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.7
• /
• pp.519-525
• /
• 2013

The traffic classification is a preliminary and essential step for stable network service provision and efficient network resource management. However, the payload signature-based method has a significant drawback in high-speed network environment that the processing speed is much slower than other method such as header-based and statistical methods. In this paper, We propose the server IP, Port cache-based traffic classification method using application traffic locality to improve the processing speed of traffic classification. The suggested method achieved about 10 folds improvement in processing speed and 10% improvement in completeness over the payload-based classification system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.475-476
• /
• 2009

응용 레벨 트래픽 분류를 위한 다양한 방법 중 페이로드 시그니쳐 기반 분석 방법은 높은 정확성과 분석률을 보인다. 하지만 현재의 인터넷 기반의 응용 프로그램은 사용자의 요구사항을 만족시키고 안정적인 서비스를 제공하기 위해 빠른 속도로 변화하고 있어서 지속적으로 높은 분류 성능을 보장할 수 없다. 따라서 본 논문에서는 페이로드 시그니쳐 기반의 분석 방법을 기반으로 응용 프로그램의 변화, 출현에 유연하게 대처 가능한 시그니쳐 관리 시스템을 제안한다. 또한 시그니쳐 관리 시스템을 학내망에 적용하고 실시간으로 트래픽을 분석하여 그 타당성을 증명한다.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.99-108
• /
• 2010

The traffic classification is a preliminary but essentialstep for stable network service provision and efficient network resource management. While various classification methods have been introduced in literature, the payload signature-based classification is accepted to give the highest performance in terms of accuracy, completeness, and practicality. However, the collection and maintenance of up-to-date signatures is very difficult and time consuming process to cope with the dynamics of Internet traffic over time. In this paper, We propose an automatic payload signature generation mechanism which reduces the time for signature generation and increases the granularity of signatures. Furthermore, We describe a signature update system to keep the latest signatures over time. By experiments with our campus network traffic we proved the feasibility of our mechanism.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.3
• /
• pp.575-585
• /
• 2015

The traffic classification is a preliminary and essential step for stable network service provision and efficient network resource management. However, the payload signature-based method has significant drawbacks in high-speed network environment that the processing speed is much slower than other methods such as header-based and statistical methods. In addition, as signature numbers are increasing, traffic analysis speed also declines because of signature matching method that does not consider analytic efficiency of each signature and traffic occurrence feature. In this paper, we propose a signature list reordering method in order by analytic value of each signature. When we reordered the signature list by the proposed method, we achieved about 30% improvement in speed of the traffic analysis compared with random signature list.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5B
• /
• pp.348-356
• /
• 2012

The application traffic analysis is getting more and more challenging due to the huge amount of traffic from high-speed network link and variety of applications running on wired and wireless Internet devices. Multi-level combination of various analysis methods is desired to achieve high completeness and accuracy of analysis results for a real-time analysis system, while requires much of processing burden on the contrary. This paper proposes a novel architecture for a real-time traffic analysis system which improves the processing performance on multi-core CPU environment. The main contribution of the proposed architecture is an efficient parallel processing mechanism with multiple threads of various analysis methods. The feasibility of the proposed architecture was proved by implementing and deploying it on our campus network.

• Journal of Internet Computing and Services
• /
• v.12 no.3
• /
• pp.89-99
• /
• 2011

The payload signature-based traffic classification system has to deal with large amount of traffic data, as the number of internet-based applications and network traffic continue to grow. While a number of pattern-matching algorithms have been proposed to improve processing speedin the literature, the performance of pattern matching algorithms is restrictive and depends on the features of its input data. In this paper, we studied how to optimize the search space in order to improve the processing speed of the payload signature-based traffic classification system. Also, the feasibility of our design choices was proved via experimental evaluation on our campus traffic trace.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1288-1291
• /
• 2009

네트워크 트래픽 모니터링과 분석은 엔터프라이즈 네트워크의 효율적인 운영과 안정적 서비스를 제공하기 위한 필수적인 요소이다. 다양한 트래픽 분석 방법 중 시그니쳐 기반의 분석 방법은 가장 높은 분석률을 보이지만 모든 시그니쳐를 수작업으로 추출하기 때문에 응용프로그램의 변화와 출현에 유연하게 대응하지 못한다. 따라서 본 논문에서는 응용프로그램 시그니쳐 생성 과정의 단점을 보완할 수 있는 시그니쳐 자동 생성 시스템을 제안한다. 응용프로그램 시그니쳐는 페이로드 내의 고유한 바이트 시퀀스로 정의하며 응용프로그램이 발생시키는 모든 트래픽을 대상으로 추출한다. 또한 생성 시스템의 실효성을 증명할 수 있는 검증 시스템 및 검증 네트워크를 제시한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.2B
• /
• pp.131-140
• /
• 2011

As the number of Internet users and applications is increasing, the importance of application traffic classification is growing more and more for efficient network management. While a number of methods for traffic classification have been introduced, such as signature-based and machine learning-based methods, Skype application, which uses encrypted communication on its own P2P network, is known as one of the most difficult traffic to identify. In this paper we propose a novel method to identify Skype application traffic on the fly. The main idea is to setup a list of Skype host information {IP, port} by examining the packets generated in the Skype login process and utilizes the list to identify other Skype traffic. By implementing the identification system and deploying it on our campus network, we proved the performance and feasibility of the proposed method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.7
• /
• pp.1339-1346
• /
• 2015

The traffic identification is a preliminary and essential step for stable network service provision and efficient network resource management. While a number of identification methods have been introduced in literature, the payload signature-based identification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method's processing speed is much slower than other identification method such as header-based and statistical methods. In this paper, we first classifies signatures by matching type based on range, order, and direction of packet in a flow which was automatically extracted. By using this classification, we suggest a novel method to improve processing speed of payload signature-based identification by reducing searching space.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1287-1294
• /
• 2010

The traffic classification is a preliminary and essential step for stable network service provision and efficient network resource management. While a number of classification methods have been introduced in literature, the payload signature-based classification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method has a significant drawback in high-speed network environment that the processing speed is much slower than other classification method such as header-based and statistical methods. In this paper, We describes various design options to improve the processing speed of traffic classification in design of a payload signature based classification system and describes our selections on the development of our traffic classification system. Also the feasibility of our selection was proved through experimental evaluation on our campus traffic trace.