A feasibility study of stateful automaton packet inspection for streaming application detection systems |
| |
Authors: | Kuo-Kun Tseng Jiao Lo Yiming Liu Madjid Merabti Felix C K Ng |
| |
Institution: | 1. Department of Computer Science and Technology, Harbin Institute of Technology, Shenzhen Graduate School, Shenzhen, China;2. School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, UK;3. Department of Industrial and Systems Engineering, The Hong Kong Polytechnic University, Hong Kong, China |
| |
Abstract: | The rapid development of the internet has brought huge benefits and social impacts; however, internet security has also become a great problem for users, since traditional approaches to packet classification cannot achieve satisfactory detection performance due to their low accuracy and efficiency. In this paper, a new stateful packet inspection method is introduced, which can be embedded in the network gateway and used by a streaming application detection system. This new detection method leverages the inexact automaton approach, using part of the header field and part of the application layer data of a packet. Based on this approach, an advanced detection system is proposed for streaming applications. The workflow of the system involves two stages: the training stage and the detection stage. In the training stage, the system initially captures characteristic patterns from a set of application packet flows. After this training is completed, the detection stage allows the user to detect the target application by capturing new application flows. This new detection approach is also evaluated using experimental analysis; the results of this analysis show that this new approach not only simplifies the management of the state detection system, but also improves the accuracy of data flow detection, making it feasible for real-world network applications. |
| |
Keywords: | Firewall packet classification stateful automaton Aho–Corasick |
|
|