JISE


  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]


Journal of Information Science and Engineering, Vol. 33 No. 2, pp. 537-569


SigBox: Automatic Signature Generation Method for Fine-grained Traffic Identification   


KYU-SEOK SHIM, SUNG-HO YOON, SU-KANG LEE AND MYUNG-SUP KIM+
Department of Computer and Information Science
Korea University
Sejong, 30019 Korea
E-mail: {kusuk007; sungho_yoon; sukanglee; tmskim}@korea.ac.kr


    The continual appearance of new applications and their frequent updates emphasize the need for automatic signature generation. Although several automatic methods have been proposed, there are still limitations to their adoption in a real network environment in terms of automation, robustness, and elaboration. To address this issue, we propose an automatic signature generation method, so called SigBox, for fine-grained traffic identification. Using a modified sequence pattern algorithm, this system extracts three types of signatures: content, packet, and flow signature. A flow signature, the final result of this system, consists of a series of packet signatures, and a packet signature consists of a series of content signatures. A content signature is defined as a distinguishable and unique substring of the packet payload. By using the modified sequence pattern algorithm, we can improve the system performance in terms of automation and robustness. In addition, the proposed method can generate an elaborated signature for fine-grained traffic identification by using flow-level features beyond those of the packet level. In order to verify the feasibility of our proposed system, we present the results of experiments based on ten popular applications according to three defined metrics: redundancy, coverage, and accuracy. In addition, we show the quality of the generated signatures as compared to those produced by existing methods.    

 


Keywords: traffic identification, traffic classification, automatic signature generation, se-quence pattern algorithm, Apriori algorithm

  Retrieve PDF document (JISE_201702_15.pdf)