Towards automated application signature generation for traffic identification
作者: Byung-Chul Park , Young J. Won , Myung-Sup Kim , James W. Hong
DOI: 10.1109/NOMS.2008.4575130
关键词:
摘要: Traditionally, Internet applications have been identified by using predefined well-known ports with questionable accuracy. An alternative approach, application-layer signature mapping, involves the exhaustive search of reliable signatures but more promising With a prior protocol knowledge, generation can guarantee high As use proprietary protocols, it becomes increasingly difficult to obtain an accurate while avoiding time-consuming and manual process. This paper proposes automated approach for generating application-level signature, LASER algorithm, that does not need be preceded analysis application protocols. We show our is as efficient uses preceding analysis.
korea.ac.kr参考文章(14)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
TH Cormen, RL Rivest, CE Leiserson, C Stein, Introduction to Algorithms, 2nd edition. ,(2001)
Laurent Bernaille, Renata Teixeira, Early recognition of encrypted applications passive and active network measurement. ,vol. 4427, pp. 165- 175 ,(2007) , 10.1007/978-3-540-71617-4_17
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, The EarlyBird System for Real-time Detection of Unknown Worms ,(2005)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Subhabrata Sen, Oliver Spatscheck, Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures Proceedings of the 13th conference on World Wide Web - WWW '04. pp. 512- 521 ,(2004) , 10.1145/988672.988742
D. Brumley, J. Newsome, D. Song, Hao Wang, Somesh Jha, Towards automatic generation of vulnerability-based signatures ieee symposium on security and privacy. pp. 2- 16 ,(2006) , 10.1109/SP.2006.41
Y.J. Won, Byung-Chul Park, Hong-Taek Ju, Myung-Sup Kim, J.W. Hong, A Hybrid Approach for Accurate Application Traffic Identification 2006 4th IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services. pp. 1- 8 ,(2006) , 10.1109/E2EMON.2006.1651273
Sandrine Petgang, Sven Ehlert, Analysis and Signature of Skype VoIP Session Traffic ,(2006)
J. Newsome, B. Karp, D. Song, Polygraph: automatically generating signatures for polymorphic worms ieee symposium on security and privacy. pp. 226- 241 ,(2005) , 10.1109/SP.2005.15