On the Accuracy of Signature-based Traffic Identification Technique in IP Networks

On the Accuracy of Signature-based Traffic Identification Technique in IP Networks

The accurate identification of network traffic associated with application layer protocols is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, and service differentiation. However well-known port numbers can no long...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Yongmin Choi
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Capacity planning
IP networks
Libraries
Monitoring
Pattern matching
Payloads
Protocols
Reliability engineering
Spine
Telecommunication traffic
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 12
container_issue
container_start_page 1
container_title
container_volume
creator Yongmin Choi
description The accurate identification of network traffic associated with application layer protocols is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, and service differentiation. However well-known port numbers can no longer be used to reliably identify network applications since there is a variety of new Internet applications that either do not use well-known port numbers or use other protocols, such as HTTP, to evade firewalls that prevent using specific applications such as P2P or instant messenger. In this article we present a framework for identifying network traffic based on application level signatures. We first identify the application level signatures by investigating protocols and packet level traces. Then we express the identified signatures in regular expressions and apply them to an IP traffic monitoring system. Since the identification of network traffic based on packet payload characteristics is a resource-intensive job, it is required to resolve several issues to measure and analyze traffic on high-speed links. In addition we analyze the accuracy of traffic identification using application layer signatures comparing with the traditional port-based method. Our measurements show that the proposed technique improves the accuracy of traffic identification in that it decreases unidentified traffic by 11% compared with the port-based method. It also identifies several types of P2P and web folder traffic that would be otherwise classified incorrectly.
doi_str_mv 10.1109/BCN.2007.372735
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4238832</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4238832</ieee_id><sourcerecordid>4238832</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-555171ae77f7f4e4823051ac090c3ac78e2f54658ce1019d45d90cf0fd4d8c873</originalsourceid><addsrcrecordid>eNotjMtKxDAYRgMiqOOsXbjJC7Tm2iTLsahTGGZEux9i8seJl1TTFJm3t6Df5hw48CF0RUlNKTE3t-22ZoSomiumuDxBF1QwISgzSp-h5Ti-kXnc8KbR5-hpl3A5AF45N2XrjngI-Dm-JlumDNWLHcHjPtsQosOdh1TibLbEIeEe3CHF7wlwTLh7xFsoP0N-Hy_RabAfIyz_uUD9_V3frqvN7qFrV5sqGlIqKSVV1IJSQQUBQjNOJLWOGOK4dUoDC1I0UjughBovpJ9LIMELr51WfIGu_24jAOy_cvy0-bgXjGvNGf8FnuFMiw</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>On the Accuracy of Signature-based Traffic Identification Technique in IP Networks</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Yongmin Choi</creator><creatorcontrib>Yongmin Choi</creatorcontrib><description>The accurate identification of network traffic associated with application layer protocols is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, and service differentiation. However well-known port numbers can no longer be used to reliably identify network applications since there is a variety of new Internet applications that either do not use well-known port numbers or use other protocols, such as HTTP, to evade firewalls that prevent using specific applications such as P2P or instant messenger. In this article we present a framework for identifying network traffic based on application level signatures. We first identify the application level signatures by investigating protocols and packet level traces. Then we express the identified signatures in regular expressions and apply them to an IP traffic monitoring system. Since the identification of network traffic based on packet payload characteristics is a resource-intensive job, it is required to resolve several issues to measure and analyze traffic on high-speed links. In addition we analyze the accuracy of traffic identification using application layer signatures comparing with the traditional port-based method. Our measurements show that the proposed technique improves the accuracy of traffic identification in that it decreases unidentified traffic by 11% compared with the port-based method. It also identifies several types of P2P and web folder traffic that would be otherwise classified incorrectly.</description><identifier>ISBN: 1424412978</identifier><identifier>ISBN: 9781424412976</identifier><identifier>DOI: 10.1109/BCN.2007.372735</identifier><language>eng</language><publisher>IEEE</publisher><subject>Capacity planning ; IP networks ; Libraries ; Monitoring ; Pattern matching ; Payloads ; Protocols ; Reliability engineering ; Spine ; Telecommunication traffic</subject><ispartof>2007 2nd IEEE/IFIP International Workshop on Broadband Convergence Networks, 2007, p.1-12</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4238832$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4238832$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Yongmin Choi</creatorcontrib><title>On the Accuracy of Signature-based Traffic Identification Technique in IP Networks</title><title>2007 2nd IEEE/IFIP International Workshop on Broadband Convergence Networks</title><addtitle>BCN</addtitle><description>The accurate identification of network traffic associated with application layer protocols is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, and service differentiation. However well-known port numbers can no longer be used to reliably identify network applications since there is a variety of new Internet applications that either do not use well-known port numbers or use other protocols, such as HTTP, to evade firewalls that prevent using specific applications such as P2P or instant messenger. In this article we present a framework for identifying network traffic based on application level signatures. We first identify the application level signatures by investigating protocols and packet level traces. Then we express the identified signatures in regular expressions and apply them to an IP traffic monitoring system. Since the identification of network traffic based on packet payload characteristics is a resource-intensive job, it is required to resolve several issues to measure and analyze traffic on high-speed links. In addition we analyze the accuracy of traffic identification using application layer signatures comparing with the traditional port-based method. Our measurements show that the proposed technique improves the accuracy of traffic identification in that it decreases unidentified traffic by 11% compared with the port-based method. It also identifies several types of P2P and web folder traffic that would be otherwise classified incorrectly.</description><subject>Capacity planning</subject><subject>IP networks</subject><subject>Libraries</subject><subject>Monitoring</subject><subject>Pattern matching</subject><subject>Payloads</subject><subject>Protocols</subject><subject>Reliability engineering</subject><subject>Spine</subject><subject>Telecommunication traffic</subject><isbn>1424412978</isbn><isbn>9781424412976</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2007</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjMtKxDAYRgMiqOOsXbjJC7Tm2iTLsahTGGZEux9i8seJl1TTFJm3t6Df5hw48CF0RUlNKTE3t-22ZoSomiumuDxBF1QwISgzSp-h5Ti-kXnc8KbR5-hpl3A5AF45N2XrjngI-Dm-JlumDNWLHcHjPtsQosOdh1TibLbEIeEe3CHF7wlwTLh7xFsoP0N-Hy_RabAfIyz_uUD9_V3frqvN7qFrV5sqGlIqKSVV1IJSQQUBQjNOJLWOGOK4dUoDC1I0UjughBovpJ9LIMELr51WfIGu_24jAOy_cvy0-bgXjGvNGf8FnuFMiw</recordid><startdate>200705</startdate><enddate>200705</enddate><creator>Yongmin Choi</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200705</creationdate><title>On the Accuracy of Signature-based Traffic Identification Technique in IP Networks</title><author>Yongmin Choi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-555171ae77f7f4e4823051ac090c3ac78e2f54658ce1019d45d90cf0fd4d8c873</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2007</creationdate><topic>Capacity planning</topic><topic>IP networks</topic><topic>Libraries</topic><topic>Monitoring</topic><topic>Pattern matching</topic><topic>Payloads</topic><topic>Protocols</topic><topic>Reliability engineering</topic><topic>Spine</topic><topic>Telecommunication traffic</topic><toplevel>online_resources</toplevel><creatorcontrib>Yongmin Choi</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Yongmin Choi</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>On the Accuracy of Signature-based Traffic Identification Technique in IP Networks</atitle><btitle>2007 2nd IEEE/IFIP International Workshop on Broadband Convergence Networks</btitle><stitle>BCN</stitle><date>2007-05</date><risdate>2007</risdate><spage>1</spage><epage>12</epage><pages>1-12</pages><isbn>1424412978</isbn><isbn>9781424412976</isbn><abstract>The accurate identification of network traffic associated with application layer protocols is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, and service differentiation. However well-known port numbers can no longer be used to reliably identify network applications since there is a variety of new Internet applications that either do not use well-known port numbers or use other protocols, such as HTTP, to evade firewalls that prevent using specific applications such as P2P or instant messenger. In this article we present a framework for identifying network traffic based on application level signatures. We first identify the application level signatures by investigating protocols and packet level traces. Then we express the identified signatures in regular expressions and apply them to an IP traffic monitoring system. Since the identification of network traffic based on packet payload characteristics is a resource-intensive job, it is required to resolve several issues to measure and analyze traffic on high-speed links. In addition we analyze the accuracy of traffic identification using application layer signatures comparing with the traditional port-based method. Our measurements show that the proposed technique improves the accuracy of traffic identification in that it decreases unidentified traffic by 11% compared with the port-based method. It also identifies several types of P2P and web folder traffic that would be otherwise classified incorrectly.</abstract><pub>IEEE</pub><doi>10.1109/BCN.2007.372735</doi><tpages>12</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 1424412978
ispartof 2007 2nd IEEE/IFIP International Workshop on Broadband Convergence Networks, 2007, p.1-12
issn
language eng
recordid cdi_ieee_primary_4238832
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Capacity planning
IP networks
Libraries
Monitoring
Pattern matching
Payloads
Protocols
Reliability engineering
Spine
Telecommunication traffic
title On the Accuracy of Signature-based Traffic Identification Technique in IP Networks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-12T00%3A50%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=On%20the%20Accuracy%20of%20Signature-based%20Traffic%20Identification%20Technique%20in%20IP%20Networks&rft.btitle=2007%202nd%20IEEE/IFIP%20International%20Workshop%20on%20Broadband%20Convergence%20Networks&rft.au=Yongmin%20Choi&rft.date=2007-05&rft.spage=1&rft.epage=12&rft.pages=1-12&rft.isbn=1424412978&rft.isbn_list=9781424412976&rft_id=info:doi/10.1109/BCN.2007.372735&rft_dat=%3Cieee_6IE%3E4238832%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4238832&rfr_iscdi=true