Su-Kang Lee

Traffic Identification Based on Applications using Statistical Signature Free from Abnormal TCP Behavior

As network traffic becomes more complex and diverse from the existence of new applications and services, application-based traffic classification is becoming important for the effective use of network resources. To remedy the drawbacks of traditional methods, such as port-based or payload-based traffic classification, traffic classification methods based on the statistical information of a flow have recently been proposed. However, abnormal TCP behaviors, such as a packet retransmission or out-of-order packets, cause inconsistencies in the statistical information of a flow. Furthermore, the analysis results cannot be trusted without resolving the abnormal behaviors. In this paper, we analyze the limitations of traffic classification caused by abnormal TCP behavior, and propose a novel application-based traffic classification method using a statistical signature with resolving abnormal TCP behaviors. The proposed method resolves abnormal TCP behaviors and generates unique signatures for each application using the packet order, direction, and payload size of the first N packets in a flow, and uses them to classify the application traffic. The evaluation shows that this method can classify application traffic easily and quickly with high accuracy rates of over 99%. Furthermore, the method can classify traffic generated by applications that use the same application protocol or are encrypted.

Payload signature structure for accurate application traffic classification

Emergence of high-speed Internet and various smart devices has led to a rapid increase of applications on the Internet. In order to provide reliable services and efficient management of network resources, accurate traffic classification of various applications is essential. Through various methods of extraction when payload signatures are extracted, most of these payload signature formats are just strings or hex values which appear frequently within payloads. Thus, it is difficult to extract unique signatures for a specific application, because redundant signatures extraction is in most cases unavoidable. In this paper, we propose a more elaborative payload signature structure for accurate classification of each specific application. The formats of this signature structure is composed of three level signatures. These are Content signature which is single contiguous substring in payloads, Packet signature which is the sequence of Content signatures that appear in the same packet, and the Flow signature which is a sequence of Packet signatures that appear in the same flow. By applying and comparing the existing signature format and proposed signature format to the actual application traffic classification, we demonstrate the effectiveness of the proposed signature structure.

Application traffic classification in Hadoop distributed computing environment

Today, network traffic has increased because of the appearance of various applications and services. However, methods for network traffic analysis are not developed to catch up the trend of increasing usage of the network. Most methods for network traffic analysis are operated on a single server environment, which results in the limits about memory, processing speed, storage capacity. When considering the increment of network traffic, we need a method of network traffic to handle the Bigdata traffic. Hadoop system can be effectively used for analyzing Bigdata traffic. In this paper, we propose a method of application traffic classification in Hadoop distributed computing system and compare the processing time of the proposed system with a single server system to show the advantages of Hadoop.

Research on automatic header-signature naming system for Internet service identification

With the rapid growth of the Internet speed and emergence of new applications, the amount of Internet traffic is continuously increasing. In order to provide stable Internet service, efficient network management based on accurate traffic identification is gaining much importance than ever. Header signature-based identification method for network management can be identified the network traffic quickly more than other methods. In this paper, we propose an automatic header-signature naming system and identification system using the named header-signature. The proposed system provides efficient management of header-signature of each service as well. To prove the feasibility of the proposed systems, we applied the system to the campus network environment. In experimental result, we could find the URI information of actual content providers, which cannot find through IP search such as “whois” or command such as “nslookup”. In addition, we can get the characteristics of a network in a short period of time by applying the proposed system.

Framework for multi-level application traffic identification

With the acceleration of the Internet speed and the vigorous emergence of new applications, the amount of Internet traffic has increased. In order to provide stable Internet service, efficient network management based on accurate traffic identification is critical. Although various methods for traffic identification have been proposed, not a single method identifies all types of Internet traffic. In this paper, we propose a framework for multi-level application traffic identification by combining several single methods.

Packet out-of-order and retransmission in statistics-based traffic analysis

With the rapid growth of the Internet, the importance of application traffic analysis increases for efficient network management. The statistical information in traffic flows, can be efficiently utilized for application traffic identification. However, the packet out-of-order and retransmission generated at the traffic collection point reduce the performance of the statistics-based traffic analysis. In this paper, we propose a novel method to detect and resolve the packet out-of-order and retransmission problem in order to improve completeness and accuracy of the traffic identification. To prove the feasibility of the proposed method, we applied our method to a real traffic analysis system using statistical flow information, and compared the performance of the system with the selected 9 popular applications. The experiment showed maximum 4.9% of completeness growth in traffic bytes, which shows that the proposed method contributes to the analysis of heavy flow.