A Stream Pattern Matching Method for Traffic Analysis

A Stream Pattern Matching Method for Traffic Analysis

下载PDF

导出

摘要 In order to identify any traces of suspicious activities for the networks security, Network Traffic Analysis has been the basis of network security and network management. With the continued emergence of new applications and encrypted traffic, the currently available approaches can not perform well for all kinds of network data. In this paper, we propose a novel stream pattern matching technique which is not only easily deployed but also includes the advantages of different methods. The main idea is： first, defining a formal description specification, by which any series of data stream can be unambiguously descrbed by a special stream pattern; then a tree representation is constructed by parsing the stream pattern; at last, a stream pattern engine is constructed with the Non-t-mite automata （S-CG-NFA） and Bit-parallel searching algorithms. Our stream pattern analysis system has been fully prototyped on C programming language and Xilinx Vn-tex2 FPGA. The experimental results show the method could provides a high level of recognition efficiency and accuracy.

作者 Zhu Hui Li Hui Mo Can

机构地区 Key Laboratory of Computer Network and Information Security

出处《China Communications》 SCIE CSCD 2010年第6期86-93,共8页 中国通信（英文版）

基金 This work is supported by the following projects： National Natural Science Foundation of China grant 60772136, 111 Development Program of China NO.B08038, National Science ＆ Technology Pillar Program of China NO.2008BAH22B03 and NO. 2007BAH08B01.

关键词 traffic analysis stream pattern match non-finite automata bit-parallel 匹配方法交通模式网络流量分析网络安全 Xilinx 程序设计语言流模式网络管理

分类号 TP393.07 [自动化与计算机技术—计算机应用技术] TN919.81 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献13

1SEN S, SPATSCHECH O, WANG D. Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures [C]// Proceedings of the 13th International Conference on World Wide Web, New York, 2004.
2KANG H, KIM M, HONG J. A Method on Multimedia Service Traffic Monitoring and Analysis [J]. Lecture Notes in Computer Science. Heidelberg, Germany, 2004, 2867: 489-501.
3LEVANDOSK J, SOMMER E, STRAIT M. Application Layer Packet Classifier for Linux[CP/OL]. http://17-filter. sourceforge.net/, 2006.
4ZUEV D, MOORE A W. Traffic Classification Using a Statistical Approach[J]. Lecture Notes in Computer Science, 2005, 3431 : 321-324.
5MOORE A, ZUEV D, CROGAN M. Discriminators for Use in Flow based Classification [D]. Department of Computer Science, Queen Mary, University of London, 2005.
6BERRY G, SETHI R. From Regular Expression to Deterministic Automata. Theoretical Computer Science, 1986, 48(1): 117-126.
7CHANG C H, PAIGE R. From Regular Expression to DFA's Using NFA's [ C]// Proceedings of the 3rd Annual Symposium on Combinatorial Pattern Matching. Lecture Notes in Computer Science. Springer-Verlag, 1992, 644: 90-110.
8KILPEL? INEN P, TUHKANEN R. Regular Expressions with Numerical Occurrence Indicators-preliminary Results [C]//Proceedings of the Eighth Symposium on Programming Languages and Software Tools. Kuopio, Finland, 2003, 163-173.
9KILPEL? INEN P, UHKANEN R T. One-unambiguity of Regular Expressions with Numeric Occurrence Indicators [J]. Information Compute, 2007, 205 (6): 890-916.
10BECCHI M, CROWLEY P. Extending Finite Automata to Efficiently Match Perl-Compatible Regular Expressions [C]// Proceedings of the 2008 ACM Conference on E-merging Network Experiment and Technology. Madrid, Spain, 2008.

1金然,王清贤.基于哈希和流量分析的IP回溯[J].计算机工程与应用,2004,40(19):157-161.
2马琳,秦丹阳,徐玉滨.Traffic analysis on carrier accessing for WLAN indoor positioning system[J].Journal of Harbin Institute of Technology(New Series),2012,19(2):113-118.
3崔子筠,罗庆华.SNMP协议在网络流量分析中的应用[J].微型电脑应用,2002,18(6):30-33. 被引量：2
4亚信总集成中国移动IP承载网项目[J].电信技术,2007(8):106-106.
5王鹏,Zhong Xiaofeng,Xiao Limin,Zhou Shidong,Wang Jing,Bai Yong.On opportunistic spectrum efficiency in cognitive radio systems[J].High Technology Letters,2009,15(2):170-174.
6孙晓燕,姜锐,汪秉宏.Increase of Traffic Flux in Two-Route Systems by Disobeying the Provided Information[J].Chinese Physics Letters,2010,27(5):268-270. 被引量：1
7Jian-Wei Zhong Mei Xie.A Fingerprint Minutiae Matching Method Based on Line Segment Vector[J].Journal of Electronic Science and Technology of China,2007,5(3):260-263. 被引量：2
8郭晓军,程光,朱琛刚,TRUONG Dinh-Tu,周爱平.主动网络流水印技术研究进展[J].通信学报,2014,35(7):178-192. 被引量：9
9赵永利.A traffic model of optical networks based on time-space complexity and traffic grooming[J].High Technology Letters,2009,15(2):198-202.
10黄海峰.运营商面临“流量风暴”挑战华为推网络流量分析系统uTraffic[J].通信世界,2012(38):33-33.

China Communications

2010年第6期

浏览历史

内容加载中请稍等...

A Stream Pattern Matching Method for Traffic Analysis

参考文献13

相关作者

相关机构

相关主题

浏览历史