Software Architecture for a Lightweight Payload Signature-Based Traffic Classification System

Traffic classification is a preliminary and essential step for achieving stable network service provision and efficient network resource management. While a number of classification methods have been introduced in the literature, the payload signature-based classification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method has a significant drawback in high-speed network environments; the processing speed is much slower than that of other classification methods such as the header-based and statistical methods. In this paper, we describe various design options to improve the processing speed of traffic classification in designing a payload signature-based classification system, and we describe choices we made for designing our traffic classification system. Also, the feasibility of our design choices was proved via experimental evaluation on our campus traffic trace.

[1]  Sung-Ho Yoon,et al.  Internet Application Traffic Classification Using Fixed IP-Port , 2009, APNOMS.

[2]  Wojciech Rytter,et al.  On the Maximal Number of Cubic Runs in a String , 2010, LATA.

[3]  István Szabó,et al.  Accurate Traffic Classification , 2007, 2007 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[4]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[5]  Yan Luo,et al.  DPICO: a high speed deep packet inspection engine using compact finite automata , 2007, ANCS '07.

[6]  Christian Lovis,et al.  Research Paper: Fast Exact String Pattern-matching Algorithms Adapted to the Characteristics of the Medical Language , 2000, J. Am. Medical Informatics Assoc..

[7]  Leili Rafiee Sevyeri,et al.  String Matching , 1996 .

[8]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[9]  Shingo Ata,et al.  Challenges for Next Generation Network Operations and Service Management , 2008, Lecture Notes in Computer Science.

[10]  Sotiris Ioannidis,et al.  Regular Expression Matching on Graphics Hardware for Intrusion Detection , 2009, RAID.

[11]  T. V. Lakshman,et al.  Fast and memory-efficient regular expression matching for deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[12]  Martin Kutrib,et al.  Descriptional and Computational Complexity of Finite Automata , 2009, LATA.

[13]  Fulvio Risso,et al.  Lightweight, Payload-Based Traffic Classification: An Experimental Evaluation , 2008, 2008 IEEE International Conference on Communications.

[14]  James Won-Ki Hong,et al.  Empirical Analysis of Application-Level Traffic Classification Using Supervised Machine Learning , 2008, APNOMS.