Efficient Regular Expression Signature Generation for Network Traffic Classification
نویسندگان
چکیده
Regular expression signatures are most widely used in network traffic classification for trusted network management. These signatures are generated by the sequence alignment of the traffic payload. The most commonly used sequence alignment algorithm is Longest Common Subsequence (LCS) algorithm which computes the global similarity between two strings but it fails in consecutive character matches. This paper presents a new divide and conquer alignment algorithm for generating regular expression signature by rewarding contiguous character matches. The results indicate that the sequence alignment algorithm that used is the space efficient way and the algorithm outperforms LCS in terms of efficiency and accuracy.
منابع مشابه
Generating regular expression signatures for network traffic classification in trusted network management
Network traffic classification is a critical foundation for trusted network management and security systems. Matching application signatures in traffic payload is widely considered to be the most reliable classifying method. However, deriving accurate and efficient signatures for various applications is not a trivial task, for which current practice is mostly manual thus error-prone and of low ...
متن کاملتولید خودکار الگوهای نفوذ جدید با استفاده از طبقهبندهای تک کلاسی و روشهای یادگیری استقرایی
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...
متن کاملNTCA: A High-Performance Network Traffic Classification Architecture
Traffic classification is critical to effective network control and management. Recent researches on Internet traffic classifications have developed several methods for identifying types of application, which have advantages in certain types of network traffic. However, these methods are powerless to measure the network traffic with dynamic port, encrypted payloads, mixing traffic, and real-tim...
متن کاملClassification of encrypted traffic for applications based on statistical features
Traffic classification plays an important role in many aspects of network management such as identifying type of the transferred data, detection of malware applications, applying policies to restrict network accesses and so on. Basic methods in this field were using some obvious traffic features like port number and protocol type to classify the traffic type. However, recent changes in applicat...
متن کاملAn SVM-based machine learning method for accurate internet traffic classification
Accurate and timely traffic classification is critical in network security monitoring and traffic engineering. Traditional methods based on port numbers and protocols have proven to be ineffective in terms of dynamic port allocation and packet encapsulation. The signature matching methods, on the other hand, require a known signature set and processing of packet payload, can only handle the sig...
متن کامل