Automatically Mining Application Signatures for Lightweight Deep Packet Inspection  

作　　者：鲁刚 张宏莉 张宇 Mahmoud T. Qassrawi 余翔湛 彭立志 

机构地区：[1]School of Computer Science and Technology,Harbin Institute of Technology

出　　处：《China Communications》2013年第6期86-99,共14页中国通信（英文版）

基　　金：supported by the National Key Basic Research Program of China (973 Program) under Grant No. 2011CB302605;the National High Technical Research and Development Program of China (863 Program) underGrants No. 2010AA012504,No. 2011AA010705;the National Natural Science Foundation of China under Grant No. 60903166;the National Science and Technology Support Program under Grants No. 2012BAH37B00,No. 2012-BAH37B01

摘　　要：Automatic signature generation approaches have been widely applied in recent traffic classification.However,they are not suitable for LightWeight Deep Packet Inspection(LW_DPI) since their generated signatures are matched through a search of the entire application data.On the basis of LW_DPI schemes,we present two Hierarchical Clustering(HC) algorithms:HC_TCP and HC_UDP,which can generate byte signatures from TCP and UDP packet payloads respectively.In particular,HC_TCP and HC_ UDP can extract the positions of byte signatures in packet payloads.Further,in order to deal with the case in which byte signatures cannot be derived,we develop an algorithm for generating bit signatures.Compared with the LASER algorithm and Suffix Tree(ST)-based algorithm,the proposed algorithms are better in terms of both classification accuracy and speed.Moreover,the experimental results indicate that,as long as the application-protocol header exists,it is possible to automatically derive reliable and accurate signatures combined with their positions in packet payloads.Automatic signature generation approaches have been widely applied in recent traffic classification. However, they are not suitable for LightWeight Deep Packet Inspection （LW DPI） since their generated signatures are matched through a search of the entire application data. On the basis of LW_DPI schemes, we present two Hierarchical Clustering （HC） algorithms： HC_TCP and HC_UDP, which can generate byte signatures from TCP and UDP packet payloads respectively. In particular, HC_TCP and HC_ UDP can extract the positions of byte signatures in packet payloads. Further, in order to deal with the case in which byte signatures cannot be derived, we develop an algorithm for generating bit signatures. Compared with the LASER algorithm and Suffix Tree （ST）-based algorithm, the proposed algorithms are better in terms of both classification accuracy and speed. Moreover, the experimental results indicate that, as long as the application-protocol header exists, it is possible to automatically derive reliable and accurate signatures combined with their positions in packet payloads.

关 键 词：traffic classification automatic signature generation association mining hierarchical clustering LW_ DPI 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]