Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : bib : networking : entries : park08towards.xml
Bibliography Details
B. Park, Y. Won, and J. Kim, M.~Hong, "Towards Automated Application Signature Generation", in IEEE/IFIP Network Operations and Management Symposium (NOMS), Apr 2008.
Towards Automated Application Signature Generation
Authors: B. Park
Y. Won
M. Hong, J. Kim
Published: IEEE/IFIP Network Operations and Management Symposium (NOMS), 2008
URL:http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4575130
Entry Dates: 2009-02-11
Abstract: Traditionally, Internet applications have been identified by using predefined well-known ports with questionable accuracy. An alternative approach, applicationlayer signature mapping, involves the exhaustive search of reliable signatures but with more promising accuracy. With a prior protocol knowledge, the signature generation can guarantee a high accuracy. As more applications use proprietary protocols, it becomes increasingly difficult to obtain an accurate signature while avoiding time-consuming and manual signature generation process. This paper proposes an automated approach for generating application-level signature, the LASER algorithm, that does not need to be preceded by an analysis of application protocols. We show that our approach is as accurate and efficient as the approach that uses preceding application protocol analysis.
Results:
  • datasets: full packet trace collected from the POSTECH campus network, 3 hour period on August 16,2007 and total traffic volume was about 450 Gbytes;
  • propose a LCS-based (Longest common subsequence) Application Signature ExtRaction algorithm (LASER), which can automatically determine a trustworthy pattern in the packet's payload without a prior knowledge of protocl formats;
  Last Modified: Thu Oct-19-2017 14:15:33 PDT
  Page URL: http://www.caida.org/publications/bib/networking/entries/park08towards.xml