With the continual appearance of new applications and the frequent update of these applications, the need for automatic signature generation is emphasized. Although several automatic methods have been proposed, there are still limitations to adopt rea...
With the continual appearance of new applications and the frequent update of these applications, the need for automatic signature generation is emphasized. Although several automatic methods have been proposed, there are still limitations to adopt real network environment in terms of automation, robustness, and sophistication. To address this issue, we propose an automatic signature generation method, called SigBox, for fine-grained traffic identification. This system extracts three types of signature such as content, packet, and flow signature using a modified sequence pattern algorithm. The flow signature, final result of this system, consists of a series of packet signatures, and the packet signature consists of a series of content signatures. The content signature means distinguishable and unique substring of packet payload, and consists of a series of characters or hex values. Using the modified sequence pattern algorithm, we can improve system performance in aspect of automation and robustness. Also, the proposed method can generate sophisticated signature for fine-grained traffic identification by using flow-level features beyond ones of packet-level. In order to prove the feasibility of our proposed system, we present experimental results based on ten popular applications after defining three metrics such as redundancy, coverage, and accuracy. Also, we show the quality of signature compared to existing methods.