automated application signatur e generation for traffic
play

Automated Application Signatur e Generation for Traffic - PowerPoint PPT Presentation

Nov 15, 2023 •12 likes •292 views

Automated Application Signatur e Generation for Traffic Identification Young J. Won, Seong-Chul Hong, Byung-Chul Park, and James W. Hong Distributed Processing and Network Management Lab. Dept. of Computer Science and Engineering POSTECH,

  1. Automated Application Signatur e Generation for Traffic Identification Young J. Won, Seong-Chul Hong, Byung-Chul Park, and James W. Hong Distributed Processing and Network Management Lab. Dept. of Computer Science and Engineering POSTECH, Korea {yjwon, jwkhong}@postech.ac.kr Aug. 16, 2008 DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 1/24

  2. Outline  Introduction on DPNM, POSTECH  Our Experience on Measurement  Automated Signature Generation  Conclusion DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 2/24

  3. POSTECH Since 1986  Founded by POSCO – 2 nd largest iron and steel manufact urer in the world 3000 students, 230 faculty members, 800 researchers  Distributed Processing and Network Management Lab. (ht tp://dpnm.postech.ac.kr) since 1995 6 PhD students, 3 MS students, 1 researcher as of 2008 Seoul 400 Km Pohang DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 3/24

  4. Recent Industry Projects Projects Regarding Traffic Measurement & Analysis Only  Korea Telecom (KT) BGP threats & ISP relations (2008~) Bundled service traffic analysis (2007) Application-level traffic classification (2006) High-speed network monitoring system (2005)  POSCO Industrial control networks fault detection & prediction (2008~) Remote monitoring & fault analysis in industrial control network n etworks (2007)  Government CASFI (2008) High-speed traffic monitoring & audit systems (2004~2005)  Others nTelia – Traffic analysis of mobile data networks (2006) DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 4/24

  5. POSTECH’s Experiences in Traffic Measurement & Analysis - Traffic Monitoring Systems - Enterprise Networks - Mobile Data Networks - Industrial Control Networks - IPTV Traffic DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 5/24

  6. Traffic Monitoring Systems  MRTG+ (1997) Extension of MRTG, LIVE visualization of traffic  WebTrafMon-I & II (1998, 2000) Passive traffic monitoring system (up to 100 Mbps) Distributed architecture  NGMON (2002~) Next Generation Network MONitoring and Analysis Sy stem Targeting 1-10 Gbps or higher networks Traffic classification, security attack detection & host analysis DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 6/24

  7. Enterprise Networks  Campus Networks Characteristics analysis of Internet traffic from the perspecti ve of flows [ComCom ‘06] Application-level traffic monitoring & analysis [ETRI ‘05]  Korea Internet eXchange (2004)  Participating DITL packet collection (2007, 2008)  Analysis Categories Flow size / duration / packet distribution / size distribution / f lash flows / volume pattern / flow occurrence period / port n umber distribution and more Flow & Packet-based analysis Focusing on traffic classification & its applications DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 7/24

  8. Mobile Data Networks  Investigating the unique and unusual traffic charac teristics reflecting the user and data service patter ns [PAM ‘07] Previous works are limited to small scale measuremen t study between the selected end hosts They focused on TCP or performance factors rather th an understanding the user behavior and the root caus e for such phenomenon DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 8/24

  9. Industrial Control Networks  Industrial Control Networks (ICN)? Robust communications between controlling and controlled devices in a manufacturing environment • Building, Factory, and Process Automation Mission critical process & Non-fault tolerable networks Emergence of Industrial Ethernet  Ethernet/IP-based • EtherNet/IP, PROFINET, TCnet, Vnet/IP, EPA, RAPIEnet Real-world ICN test bed: POSCO  Problems? The cost of network malfunctioning is severe. ICN fault diagnosis techniques require different standards. • due to differences of traffic nature  Papers Traffic characteristics [APNOMS ‘07] Fault detection and analysis system [ComMag ’08] DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 9/24

  10. IPTV Traffic  Investigation of combinational traffic models for TPS compo nents Bandwidth demand models, Traffic impact analysis  Commercial IPTV traffic measurements [ComMag ‘08] End-user IPTV traffic measurements of residential broadband a ccess networks • IPTV STB over ADSL, Cable, FTTB, and FTTH DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 10/24

  11. Automated Signature Generation for Traff ic Identification DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 11/24

  12. Traffic Classification  Classification has been done based on: [Sz abo ‘08] Port Signature Connection pattern Statistics Information theory Combined classification method  Signature-based method often is used as ground truth for validation We focus on obtaining accurate signatures DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 12/24

  13. Motivation  Desire for obtaining accurate, non-bias, and less time-con suming signatures No systematic approach for signature extraction Avoiding tedious and exhaustive search for signatures Dealing with thousands of applications (e.g., P2P)  Validation requirements Cross validation with classification algorithms themselves Relying on signature eventually for ground truth  No concrete set of signatures Proposing a sharing data set for signature list Industry: Ipoque, Sandvine, Procera, and etc.  An extra question in mind What about encrypted traffic applications? DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 13/24

  14. Related Work  POSTECH’s work on classification Flow Relationship Mapping (FRM) [M.Kim, ‘04] Hybrid approach between flow relations and signature matching [Won ‘06] ML-based attempts - papers in Korean  P2P traffic identification using signature Packet inspection [Gummandi ‘03, Karagiannis ‘04] Protocol analysis [Sen ‘04] • Accurate but only for open protocols  Automated worm signature generation [Kim ‘04, Singh ’04, Singh ’05] Sliding-window algorithms [Scheirer ’05] DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 14/24

  15. LASER  We proposed a LCS-based Application Signature ExtRaction technique - LASE R [NOMS ‘08] Longest Common Subsequence algorithm [Cormen ’01] Avoiding exhaustive search for signatures Extracting candidate signature for later an alysis DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 15/24

  16. Constraints of LASER (1/2)  Number of packets per flow A concrete signature exists in the initial few packets of the fl ow [Sen ’04] Tentative packet grouping  Minimum substring length Signature is simply a sequence of substrings Length of substring reflect the significance as a signature To avoid trivial signatures • e.g. ‘/’ in HTTP protocol  Packet size Size differs due to purpose of the packets (signaling or download) Packet size in a close range infers higher chance for valid si gnatures DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 16/24

  17. Constraints of LASER (2/2)  Example: LimeWire Signaling - avg. 390bytes, Downloading - 1460bytes Avoiding unnecessary packet comparisons Reducing garbage characters from the generated signature DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 17/24

  18. LASER Pseudocode DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 18/24

  19. Applying Constraints 3: F1[] ← Iterate, packet dump for Flow 1 4: F2[] ← Iterate, packet dump for Flow 2 5: while i from 0 to #_packet_constraint do 6: while j from 0 to #_packet_constraint do 7: if |F1[i].packet_size - F2[j].packet_size| < threshold 8: result_LCS ← LASER (F1[i], F2[j])  Number of packets per flow constraint  Packet size constraint  F1 and F2 are used as input to LASER DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 19/24

  20. Refining Process 12: S ←s elect the longest from LCS_Pool 13: while i from 0 to number of rest flows of Flow_Pool do 14: Fi ← select one from the rest of Flow_Pool 15: result_LCS ← LASER (S, Fi) 16: S ← select the longest from result_LCS 17: i++, end while, end while  Simply put, Candidate_signature_1 = Signature (Flow 1, Flow 2) Candidate_signature_2 = Signature (Flow 3, Candidate_signature_1) … Candidate signature_n = Signature (Flow n+1, Candidate_signature_n-1) If Candidate_signature_n = Candidate signature_n-1 For the certain iteration counts then Candidate_signature_n is the final signature DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 20/24

  21. Signatures by LASER LimeWire Sequence of 10 substrings - ”LimeWire”, ”Content-Type:”, ”Content-Length:”, ”X-Gn utella-Content-URN”, ”run:sha:1”, ”XAlt”, ”X-Falt”, ”X-C reate-Time:”, ”X-Features:”, ”X-Thex-URI” BitTorrent Sequence of 1 substring- “0x13BitTorrent protocol” Fileguri Sequence of 6 substrings- “HTTP”, “Freechal P2P”, “User-Type:”, “P2PErrorCode:”, “C ontent-Length:”, “Content-Type:”, “Last-Modified”  Choice of P2P applications for early evaluation  Signature extraction from encrypted traffic: Skype v3.0 No signature was found yet The signatures of v1.5 and v2.0 [Ehlert ’06] were not va lid anymore DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 21/24

  22. Classification with Absolute Ground Truth  Validation approaches Cross match with known signatures Cross validation with other classification method Cross validation with ground truth set  Agent-based log collection Traffic Measurement Agent (TMA) VS DPNM, POSTECH CAIDA-WIDE-CASFI Workshop 22/24

Recommend

my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA COLLECTION AND ANALYTICS There is a high demand for reliable Traffic Data but Static data single-purpose data Invasive costly deployment &amp;

404 views • 18 slides
Automated Application Signature Generation Using LASER and Cosine Similarity Byungchul Park, Jae

Automated Application Signature Generation Using LASER and Cosine Similarity Byungchul Park, Jae

Automated Application Signature Generation Using LASER and Cosine Similarity Byungchul Park, Jae Yoon Jung, John Strassner * , and James Won-ki Hong * {fates, dejavu94, johns, jwkhong}@postech.ac.kr Dept. of Computer Science and Engineering,

302 views • 17 slides
Week 3 Video 4 Automated Feature Generation Automated Feature Selection Automated Feature

Week 3 Video 4 Automated Feature Generation Automated Feature Selection Automated Feature

Week 3 Video 4 Automated Feature Generation Automated Feature Selection Automated Feature Generation The creation of new data features in an automated fashion from existing data features Multiplicative Interactions You have variables A

513 views • 33 slides
Improving Test Case Generation for Web Applications Using Automated Interface Discovery William

Improving Test Case Generation for Web Applications Using Automated Interface Discovery William

Improving Test Case Generation for Web Applications Using Automated Interface Discovery William G.J. Halfond and Alessandro Orso Georgia Institute of Technology Web Application Overview Request Web http://host?login=alice&amp;pin=1234

892 views • 40 slides
AUTOMATED TRAFFIC ENFORCEMENT April 23, 2019 Overview Summary of what is changing

AUTOMATED TRAFFIC ENFORCEMENT April 23, 2019 Overview Summary of what is changing

AUTOMATED TRAFFIC ENFORCEMENT April 23, 2019 Overview Summary of what is changing Council Policy What is Different? Provincial Changes Impacting the City Post rationale for sites on website Annual Traffic Safety Plan

559 views • 6 slides
Automated Item Generation Andr F. De Champlain, PhD Director, Psychometrics and Assessment

Automated Item Generation Andr F. De Champlain, PhD Director, Psychometrics and Assessment

Automated Item Generation Andr F. De Champlain, PhD Director, Psychometrics and Assessment Services Medical Council of Canada What is Automated Item Generation (AIG)? Aut utomat ated ed it item em gener generat atio ion (A n (AIG

264 views • 10 slides
Traffic generation for network simulation Tom Kelly NS Tutorial - Microsoft Research Cambridge

Traffic generation for network simulation Tom Kelly NS Tutorial - Microsoft Research Cambridge

Traffic generation for network simulation Tom Kelly NS Tutorial - Microsoft Research Cambridge 9th December 2005 Overview n Why traffic generation is important n Basics of traffic modeling n Open system models n Closed system models n Common

672 views • 19 slides
An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing Marcelo dAmorim (UIUC) Carlos Pacheco (MIT) Tao Xie (NCSU) Darko Marinov (UIUC) Michael D. Ernst (MIT) Automated Software

513 views • 33 slides
Search Based Test Data Generation for Server-side Web Application Testing Nadia Alshahwan and

Search Based Test Data Generation for Server-side Web Application Testing Nadia Alshahwan and

Search Based Test Data Generation for Server-side Web Application Testing Nadia Alshahwan and Mark Harman CREST Centre University College London Automated web application testing using search based software Engineering (ASE 2011) Hill

588 views • 15 slides
Performance Measures via Cloud-based System Architecture Chicago Regional Automated Traffic

Performance Measures via Cloud-based System Architecture Chicago Regional Automated Traffic

Automated Traffic Signal Performance Measures via Cloud-based System Architecture Chicago Regional Automated Traffic Signal Performance Measure Workshop 19 February 2019 Essential Performance Measures for Improved Arterial Roadway Management

601 views • 39 slides
AUTOMATED STORY GENERATION WITH DEEP NEURAL NETS LARA J. MARTIN , PRITHVIRAJ AMMANABROLU, WILLIAM

AUTOMATED STORY GENERATION WITH DEEP NEURAL NETS LARA J. MARTIN , PRITHVIRAJ AMMANABROLU, WILLIAM

EVENT REPRESENTATIONS FOR AUTOMATED STORY GENERATION WITH DEEP NEURAL NETS LARA J. MARTIN , PRITHVIRAJ AMMANABROLU, WILLIAM HANCOCK, SHRUTI SINGH, BRENT HARRISON, AND MARK O. RIEDL GEORGIA INSTITUTE OF TECHNOLOGY AUTOMATED STORY GENERATION

486 views • 15 slides
Integration of Crowdsourced Data into Automated Traffic Signal Performance Measures (ATSPMs)

Integration of Crowdsourced Data into Automated Traffic Signal Performance Measures (ATSPMs)

Integration of Crowdsourced Data into Automated Traffic Signal Performance Measures (ATSPMs) Adventures in Crowdsourcing: Traffic Signal Applications February 27, 2020 Justin R. Effinger, P.E. Lake County PASSAGE ATMS Platform

461 views • 18 slides
UNECE Governance of Traffic Safety in an Automated Vehicle Environment Geneva, 28.06.2017

UNECE Governance of Traffic Safety in an Automated Vehicle Environment Geneva, 28.06.2017

Advanced Driver Assistance Systems Demonstration UNECE Governance of Traffic Safety in an Automated Vehicle Environment Geneva, 28.06.2017 Automated Driving Categorization of Functions Catogorization of functions that influence the way the

158 views • 5 slides
Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation Stefan Klikovits Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD Universit e de Gen` eve 28 th September, 2015 Automated Test Reminder: Testing is not easy Case

609 views • 33 slides
Automated Web Search Traffic Greg Buehrer 1 , Jack Stokes 2 and Kumar Chellapilla 1 1 Microsoft

Automated Web Search Traffic Greg Buehrer 1 , Jack Stokes 2 and Kumar Chellapilla 1 1 Microsoft

A Large-scale Study of Automated Web Search Traffic Greg Buehrer 1 , Jack Stokes 2 and Kumar Chellapilla 1 1 Microsoft Live Labs, 2 Microsoft Research Problem Statement Goal Distinguish search queries as either automated or by a human

676 views • 24 slides
Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

1 Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless traffic

720 views • 43 slides
Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

1 Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE KEY FEATURES LEARN MORE 3 OVERVIEW Vulcan generates stateful Ethernet traffic to analyze how

349 views • 34 slides
Collaboration Signatur Collaboration Signatures es Reveal Scientific Impact Reveal Scientific

Collaboration Signatur Collaboration Signatures es Reveal Scientific Impact Reveal Scientific

Collaboration Signatur Collaboration Signatures es Reveal Scientific Impact Reveal Scientific Impact Yuxiao Dong, Reid A. Johnson, Yang Yang, Nitesh V. Chawla Interdisciplinary Center for Network Science and Applications Department of Computer

566 views • 33 slides
Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 14,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 14,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 14, 2017 Agenda Model Overview Application and Selection Timeline Letter of Intent Application Overview 2 Next Generation ACO Model

1.04k views • 67 slides
Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 29,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 29,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 29, 2016 Agenda Model Overview Application and Selection Timeline Letter of Intent Application Overview 2 Next Generation ACO Model

750 views • 27 slides
LED TRAFFIC SIGNS AND BOARDS KEY POINTS OF SUCCESS D World leadership in the development and

LED TRAFFIC SIGNS AND BOARDS KEY POINTS OF SUCCESS D World leadership in the development and

LED TRAFFIC SIGNS AND BOARDS KEY POINTS OF SUCCESS D World leadership in the development and application of LED technologies D Automated manufacturing plant, located in Europe, certified with ISO 9001-2008 D Strong team of Ukrainian,

412 views • 12 slides
AUTOMATED TRAFFIC ENFORCEMENT March 18, 2019 OVERVIEW Highlights from the report 53

AUTOMATED TRAFFIC ENFORCEMENT March 18, 2019 OVERVIEW Highlights from the report 53

AUTOMATED TRAFFIC ENFORCEMENT March 18, 2019 OVERVIEW Highlights from the report 53 pages of detail Try to take main points/story for presentation Focus discussion on recommendations Enough overall information for

895 views • 63 slides
Traffic Operations with Connected and Automated Vehicles Xianfeng (Terry) Yang Assistant

Traffic Operations with Connected and Automated Vehicles Xianfeng (Terry) Yang Assistant

Traffic Operations with Connected and Automated Vehicles Xianfeng (Terry) Yang Assistant Professor Department of Civil, Construction, and Environmental Engineering San Diego State University (619) 594-1934; xyang@mail.sdsu.edu AAAI-17 AI-CAV

251 views • 24 slides
Comparing Different Functional Allocations in Automated Air Traffic Control Design FMCAD 2015,

Comparing Different Functional Allocations in Automated Air Traffic Control Design FMCAD 2015,

Comparing Different Functional Allocations in Automated Air Traffic Control Design FMCAD 2015, September 27-30 Cristian Mattarei 1 , Alessandro Cimatti 1 , Marco Gario 1 , Stefano Tonetta 1 , and Kristin Y. Rozier 2 1 Fondazione Bruno Kessler,

651 views • 36 slides

More recommend