首页 | 本学科首页   官方微博 | 高级检索  
     


Improving signature quality for network application identification
Affiliation:1. Department of Computer Science, Texas A&M University-Commerce, P.O. Box 3011, Commerce, TX, 75429, USA;2. Sysmate Inc., 41 Yuseong-daero 1184 beon-gil, Yuseong-gu, Daejeon, 34109, South Korea
Abstract:Network application identification is one of the core elements in network operations and management to provide enhanced network service and security. For accurate identification, an approach using common patterns called “signatures” is widely used to compensate the limitations of the traditional transport-layer port-based classification. However, our simulation results indicate that using the signatures generated from a set of well known algorithms may lead to very poor identification performance, with less than 60% of true positives even in an optimal case. To improve the quality of signatures, we present a technique in this paper, which consists of two steps: (i) pairwise merging to consider every possible combination of the initially collected signatures to reduce their specificity that causes the signatures to be less common; and (ii) signature reduction to identify effective signatures with greater importance from a large set of signatures produced in the merging step, so as to manage the space/time complexity in the identification process for greater scalability. Our experimental results show that the proposed technique can dramatically improve the performance, even with a small number of signatures (e.g., 95% true positives rate with 30 signatures per application) which is more compact than the initial signature set.
Keywords:Network application identification  Application signatures  Pairwise merging  Signature reduction  Explicit string patterns
本文献已被 ScienceDirect 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号