Обзор задач и методов их решения в области классификации сетевого трафика

Обзор задач и методов их решения в области классификации сетевого трафика

Автор: Гетьман А.И., Маркин Ю.В., Евстропов Е.Ф., Обыденков Д.О.

Журнал: Труды Института системного программирования РАН @trudy-isp-ran

Статья в выпуске: 3 т.29, 2017 года.

Бесплатный доступ

В статье рассматривается задача классификации сетевого трафика: характеристики, используемые для её решения, существующие подходы и области их применимости. Перечисляются прикладные задачи, требующие привлечения компонента классификации и дополнительные требования, проистекающие из особенности основной задачи. Анализируются свойства сетевого трафика, обусловленные особенностями среды передачи,а также применяемых технологий, так или иначе влияющие на процесс классификации. Рассматриваются актуальные направления в современных подходах к анализу и причины их развития.

Анализ сетевого трафика, сетевая безопасность, классификация сетевого трафика, машинное обучение

Короткий адрес: https://sciup.org/14916432

IDR: 14916432   |   DOI: 10.15514/ISPRAS-2017-29(3)-8

Список литературы Обзор задач и методов их решения в области классификации сетевого трафика

  • Cisco WAN and Application Optimization Solution Guide. http://www.cisco.com/c/en/us/td/docs/nsite/enterprise/wan/wan_optimization/wan_opt_sg/chap05.html, accessed 01.12.2015
  • A.I Get’man, E.F Evstropov, Yu. V. Markin, Wirespeed network traffic analysis: survey of applied problems, approaches and solutions. Preprint ISP RAS, 28, 2015, pp. 1-52
  • M.Mellia, A. Pescapè, L. Salgarelli. Traffic classification and its applications to modern networks. Elsevier Computer Networks, Dec. 2008
  • T. Farah, L. Trajkovic. Anonym: A tool for anonymization of the Internet traffic. In IEEE 2013 International Conference on Cybernetics (CYBCONF), 2013, pp. 261-266.
  • V. Carela-Español, T. Bujlow, P. Barlet-Ros. Is Our Ground-Truth for Traffic Classification Reliable? In Proceedings of the 15th International Conference on Passive and Active Measurement -Vol. 8362. Springer-Verlag New York Inc., New York, NY, USA, 2014, pp. 98-108.
  • F. Gringoli, L. Salgarelli, M. Dusi, N. Cascarano, F. Risso, and K. C. Claffy. GT: picking up the truth from the ground for internet traffic//SIGCOMM Computer Communication Review, Volume 39, Issue 5, October 2009, pp. 12-18.
  • J. Erman, M. Arlitt, and A. Mahanti. TrafficClassificaton Using Clustering Algorithms. In ACM SIGCOMM MineNet Workshop, September 2006.
  • N. Williams, S. Zander, and G. Armitage. Apreliminary performance comparison of five machinelearning algorithms for practical ip traffic flowclassification. In ACM SIGCOMM CCR, Vol. 36, No. 5, pp.7-15, October 2006.
  • A. Dainotti, A. Pescapé, C. Sansone. Early classification of network traffic through multi-classification. In Proceedings of the Third international conference on Traffic monitoring and analysis (TMA'11), 2011. Springer-Verlag, Berlin, Heidelberg, pp. 122-135.
  • Cascarano N, Ciminiera L, Risso F. Optimizing deep packet inspection for high-speed traffic analysis. Network System Manager. 2011 19(1), pp. 7-31.
  • S. Kumar and P. Crowley. Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection. In Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM '06), 2006, New York, USA, pp. 339-350.
  • D. Ficara, S. Giordano, G. Procissi, F.Vitucci, G.Antichi, A. Di Pietro. An Improved DFA for Fast Regular Expression Matching. SIGCOMM Comput. Commun. Rev. 38, 5 (September 2008), pp. 29-40.
  • F. Yu, Z. Chen, Y. Diao, T. V. Lakshman, and R. H. Katz. Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection. In Proceedings of the ACM/IEEE symposium on Architecture for networking and communications systems (ANCS '06). 2006, New York, USA, pp. 93-102.
  • S. Kumar, B. Chandrasekaran, J. Turner, and G. Varghese. Curing Regular Expressions Matching Algorithms From Insomnia. In Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems (ANCS '07). 2007,New York, USA, pp. 155-164
  • R. Smith, C. Estan, S. Jha, and S. Kong. Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata. In Proceedings of the ACM SIGCOMM conference on Data communication (SIGCOMM '08). 2008, New York, USA, pp. 207-218.
  • Cao Z., Cao S., Xiong G., Guo L.Progress in Study of Encrypted Traffic Classification. In Proceedings of International standard conference on trustworthy computing and services, 2012, Beijing, China, pp. 78-86
  • M. Sokolova, N. Japkowicz, S. Szpakowicz. Beyond accuracy, f-score and ROC: a family of discriminant measures for performance evaluation//In Proceedings of the 19th Australian joint conference on Artificial Intelligence: advances in Artificial Intelligence (AI'06), Berlin, Heidelberg, 2006, pp. 1015-1021.
  • S. Valenti, D. Rossi, A. Dainotti, A. Pescapè, A. Finamore, M. Mellia. Reviewing traffic classification//In DataTraffic Monitoring and Analysis, Springer-Verlag, Berlin, Heidelberg, 2013, pp. 123-147.
  • D. Maurizio. Observing routing asymmetry in Internet traffic. https://www.caida.org/research/traffic-analysis/asymmetry
  • K. Fukuda. Difficulties of identifying application type in backbone traffic, 2010 International Conference on Network and Service Management, Niagara Falls, ON, 2010, pp. 358-361
  • H. Balakrishnan and V. Padmanabhan. How network asymmetry affects TCP//IEEE Communications Magazine,Vol. 39, pp. 60 -67, April 2001.
  • Applying Network Policy Control to Asymmetric Traffic: Considerations and Solutions. https://www.sandvine.com/downloads/general/whitepapers/applying-network-policy-control-to-asymmetric-traffic.pdf
  • CAIDAFlowTypes. https://www.caida.org/research/traffic-analysis/flowtypes/, accessed 01.12.2015.
  • N. Borisov, D.J. Brumley, H.J. Wang, J. Dunagan, P. Joshi, C. Guo. A Generic Application-Level Protocol Analyzer and Its Language//In Proceedings of 14th Annual Network and Distributed System Security Symposium, 2007.
  • CiscoNBAR. http://www.cisco.com/c/en/us/products/ios-nx-os-software/network-based-application-recognition-nbar/index.html, accessed 01.12.2015.
  • RFC 2616. Hypertext Transfer Protocol -HTTP/1.1. https://www.ietf.org/rfc/rfc2616.txt, accessed 01.12.2015.
  • RFC 7540. Hypertext Transfer Protocol Version 2 (HTTP/2). https://tools.ietf.org/html/rfc7540, accessed 01.12.2015.
  • Administering Cisco QoS in IP Networks. Including CallManager 3.0, QoS, and uOne. 1st Edition, Syngress 2001, eBook ISBN: 9780080481890, pp. 561
  • L. Deri, M. Martinelli, T. Bujlow, and A. Cardigliano, "ndpi: Opensource high-speed deep packet inspection," in Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International. IEEE, 2014, pp. 617-622.
  • Service Name and Transport Protocol Port Number Registry. http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml, accessed 01.12.2015
  • P. Haffner, S. Sen, O. Spatscheck, D. Wang. ACAS: automated construction of application signatures//In Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data (MineNet '05), ACM, New York, NY, USA, 2005, pp. 197-202.
  • Y. Wang, Y. Xiang, W. Zhou, S. Yu. Generating regular expression signatures for network traffic classification in trusted network management, Journal of Network and Computer Applications. Volume 35, Issue 3, May 2012, pp. 992-1000
  • G. Szabó, Z.Turányi, L. Toka, S. Molnár, A. Santos. 2011. Automatic protocol signature generation framework for deep packet inspection//In Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools, Brussels, Belgium, Belgium, 2011, pp. 291-299.
  • Perspective monitoring. http://amonitoring.ru/service/snort/, accessed 01.12.2015.
  • G. Bossert, F. Guihéry, G. Hiet. Towards automated protocol reverse engineering using semantic information. In Proceedings of the 9th ACM symposium on Information, computer and communications security (ASIA CCS '14). ACM, New York, NY, USA, 2014, pp. 51-62.
  • Get'man A. I., Markin Yu. V., Obydenkov D. O., Padaryan V. A., Tikhonov A. Yu. Methods of presenting the results of network traffic analysis. Trudy ISP RAN/Proc. ISP RAS, vol. 28, issue 6, 2016, pp. 103-110 DOI: 10.15514/ISPRAS-2016-28(6)-7
  • O. Mula-Valls. A practical retraining mechanism for network traffic classification in operational environments//Master Thesis Universitat Poliecnica de Catalunya, 2011.
  • R. Wang, L. Shi, B. Jennings. Ensemble Classifier for Traffic in Presence of Changing Distributions//In Proceedings of the Symposium on Computers and Communications (ISCC 2013), Split, Croatia, 7-10 July, 2013, pp. 629-635
  • J. Zhang, C. Chen, Y. Xiang,.W. Zhou. Robust network traffic identification with unknown applications//In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (ASIA CCS '13), 2013, ACM, New York, NY, USA, pp. 405-414.
  • R. Wang. Advances in Machine-Learning-Based Traffic Classifiers. https://labs.ripe.net/Members/rwang/advances-in-machine-learning-based-traffic-classifiers
  • A. White, S. Krishnan, M. Bailey, F. Monrose, P. Porras. Clear and Present Data: Opaque Traffic and its Security Implications for the Future. NDSS, 2013.
  • J. Olivain, J. Goubault-Larrecq. Detecting subverted cryptographicprotocols by entropy checking. Technical report, Laboratoire Spcificationet Verification, June 2006.
  • L.Bernaille, R. Teixeira. Early recognition of encrypted applications. In Proceedings of the 8th international conference on Passive and active network measurement (PAM'07), 2007, Springer-Verlag, Berlin, Heidelberg, 165-175.
  • Global Internet Phenomena Spotlight: Encrypted Internet Traffic. https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/encrypted-internet-traffic.pdf, accessed 01.12.2015
  • IP Fragmentation Attacks on Checkpoint Firewalls. https://www.giac.org/paper/gsec/589/ip-fragmentation-attacks-checkpoint-firewalls/101350, accessed 01.12.2015
  • M. Handley, V. Paxson, C. Kreibich. Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In Proceedings of the 10th conference on USENIX Security Symposium, Vol. 10. USENIX Association, Berkeley, CA, USA, 2001, pp. 9-25.
  • M. Baldi, A. Baldini, N. Cascarano, F. Risso. Service-based traffic classification: Principles and validation. In Proceedings of the IEEE Sarnoff Symposium (SARNOFF’09), 2009. IEEE Press, Piscataway, NJ, pp. 115-120.
  • W. Moore, K. Papagiannaki. Toward the AccurateIdentification of Network Applications. InternationalWorkshop on Passive and Active Network Measurement (PAM 2005), 2005, Boston MA, USA, vol. 3431, pp. 41-54.
  • T. Karagiannis, A. Broido, M. Faloutsos, Kc. Claffy. Transport layer identification of P2P traffic. In Proceedings of 4th ACM SIGCOMM conference on Internet measurement, 2004, pp. 121 -134.
  • QosmosixEngine. http://www.qosmos.com/products/deep-packet-inspection-engine/, accessed 01.12.2015
  • Ipoque PACE. https://www.ipoque.com/products/pace, accessed 01.12.2015
  • Windriver Content Inspection Engine. http://www.windriver.com/products/product-overviews/PO_Wind-River-Content-Inspection-Engine.pdf, accessed 01.12.2015
  • Procera PacketLogic Content Intelligence. https://www.proceranetworks.com/content-intelligence.html, accessed 01.12.2015
  • DPI-SSL. https://www.sonicwall.com/ssl-decryption-and-inspection/, accessed 01.12.2015
  • G. Aceto, A. Dainotti, W. de Donato, A. Pescap. PortLoad: Taking the Best of Two Worlds in Traffic Classification," in IEEE INFOCOM 2010 -WIP Track, 2010.
  • L7-filter. http://l7-filter.sourceforge.net/, accessed 01.12.2015.
  • S. Alcock, R. Nelson, Libprotoident: Traffic Classification Using Lightweight Packet Inspection, Technical report, University of Waikato, 2013. http://www.wand.net.nz/publications/lpireport, accessed 01.12.2015
  • Wireshark. https://www.wireshark.org/, accessed 01.12.2015.
  • T.Karagiannis, K.Papagiannaki, M. Faloutsos. BLINC: multilevel traffic classification in the dark. In Proceedings of the SIGCOMM '05. 2005, ACM, New York, NY, USA, pp.229-240.
  • M. Iliofotou, H. Kim, M. Faloutsos, M.Mitzenmacher, P. Pappu, G. Varghese. Graph-based P2P traffic classification at the internet backbone. In Proceedings of the INFOCOM'09. 2009, IEEE Press, Piscataway, NJ, USA, pp. 37-42.
  • M.Iliofotou, M. Faloutsos, M.Mitzenmacher. Exploiting dynamicity in graph-based traffic analysis: techniques and applications. In Proceedings of the CoNEXT '09. 2009, ACM, New York, NY, USA, pp. 241-252.
  • S. Lee, H. Kim, D. Barman, S. Lee, C. Kim, T. Kwon, Y. Choi. NeTraMark: a network traffic classification benchmark. SIGCOMM Comput. Commun. Rev. 41, 1 (January 2011), pp. 22-30
  • A. Dainotti, W. Donato, A.Pescapé. TIE: A Community-Oriented Traffic Classification Platform. In Proceedings of the First International Workshop on Traffic Monitoring and Analysis (TMA '09), 2009, Springer-Verlag, Berlin, Heidelberg, pp. 64-74.
  • W. Donato, A. Pescape, A. Dainotti. Traffic identification engine: an open platform for traffic classification. In IEEE Network, vol. 28, no. 2, pp. 56-64, March-April 2014.
  • G. Szabo, I. Szabo, D. Orincsay. Accurate Traffic Classification. IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, Espoo, Finland, 2007, pp. 1-8.
Еще
Статья научная
SciUp 2024 © 2024 ©