A Lightweight Software Model for Signature-Based Application-Level Traffic Classification System
- Authors
- Park, Jun-Sang; Yoon, Sung-Ho; Won, Youngjoon; Kim, Myung-Sup
- Issue Date
- 10월-2014
- Publisher
- IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
- Keywords
- Internet traffic classification; payload signature; processing speed; signature hierarchy
- Citation
- IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, v.E97D, no.10, pp.2697 - 2705
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS
- Volume
- E97D
- Number
- 10
- Start Page
- 2697
- End Page
- 2705
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/97170
- DOI
- 10.1587/transinf.2013EDP7454
- ISSN
- 1745-1361
- Abstract
- Internet traffic classification is an essential step for stable service provision. The payload signature classifier is considered a reliable method for Internet traffic classification but is prohibitively computationally expensive for real-time handling of large amounts of traffic on high-speed networks. In this paper, we describe several design techniques to minimize the search space of traffic classification and improve the processing speed of the payload signature classifier. Our suggestions are (1) selective matching algorithms based on signature type, (2) signature reorganization using hierarchical structure and traffic locality, and (3) early packet sampling in flow. Each can be applied individually, or in any combination in sequence. The feasibility of our selections is proved via experimental evaluation on traffic traces of our campus and a commercial ISP. We observe 2 to 5 times improvement in processing speed against the untuned classification system and Snort Engine, while maintaining the same level of accuracy.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Computer and Information Science > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.