• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.693-704
• /
• 2020

As a company's network structure is getting bigger and the number of security system is increasing, it is not easy to quickly detect abnormal traffic from huge amounts of security system events. In this paper, We propose traffic visualization analysis system(FDANT-PCSV) that can detect and analyze security events of information security systems such as firewalls in real time. FDANT-PCSV consists of Parallel Coordinates visualization using five factors(source IP, destination IP, destination port, packet length, processing status) and Sankey visualization using four factors(source IP, destination IP, number of events, data size) among security events. In addition, the use of big data-based SIEM enables real-time detection of network attacks and network failure traffic from the internet and intranet. FDANT-PCSV enables cyber security officers and network administrators to quickly and easily detect network abnormal traffic and respond quickly to network threats.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.41-48
• /
• 2016

In this paper we propose a new method of security visualization, VisFlow, using traffic flows to solve the problems of existing traffic flows based visualization techniques that were a loss of end-to-end semantics of communication, reflection problem by symmetrical address coordinates space, and intuitive loss problem in mass of traffic. VisFlow, a simple and effective security visualization interface, can do a real-time analysis and monitoring the situation in the managed network with visualizing a variety of network behavior not seen in the individual traffic data that can be shaped into patterns. This is a way to increase the intuitiveness and usability by identifying the role of nodes and by visualizing the highlighted or simplified information based on their importance in 2D/3D space. In addition, it monitor the network security situation as a way to increase the informational effectively using the asymmetrical connecting line based on IP addresses between pairs of nodes. Administrator can do a real-time analysis and monitoring the situation in the managed network using VisFlow, it makes to effectively investigate the massive traffic data and is easy to intuitively understand the entire network situation.

• Journal of Internet Computing and Services
• /
• v.12 no.3
• /
• pp.89-99
• /
• 2011

The payload signature-based traffic classification system has to deal with large amount of traffic data, as the number of internet-based applications and network traffic continue to grow. While a number of pattern-matching algorithms have been proposed to improve processing speedin the literature, the performance of pattern matching algorithms is restrictive and depends on the features of its input data. In this paper, we studied how to optimize the search space in order to improve the processing speed of the payload signature-based traffic classification system. Also, the feasibility of our design choices was proved via experimental evaluation on our campus traffic trace.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.1
• /
• pp.95-101
• /
• 2005

In this paper, some performance characteristics of multimedia traffic for mobile ad-hoc networks is studied with simulations. Synthetic streaming video is considered as the multimedia traffic for MPEG-coded video in the simulation. The synthetic video stream is generated with a video stream generation algorithm. The algorithm generate VBR traffics for MPEG video streams with special predefined GOP(group of pictures) patterns that is consisted of a sequence of I(intra-coded), P(predicted-coded) and B(bidirectional-coded) frames. The synthetic VBR streams is transmitted through UDP protocol with on-demand mobile ad-hoc network routing protocols like as AODV and DSR. And performances for video streams through mobile ad-hoc networks is evaluated, the throughputs is compared between data and video traffics.

• The Korean Journal of Applied Statistics
• /
• v.28 no.1
• /
• pp.1-8
• /
• 2015

Security has become an issue due to the rapid increases in internet traffic data network. Especially P2P traffic data poses a great challenge to network systems administrators. Preemptive measures are necessary for network quality of service(QoS) and efficient resource management like blocking suspicious traffic data. Deep packet inspection(DPI) is the most exact way to detect an intrusion but it may pose a private security problem that requires time. We used several machine learning methods to compare the performance in classifying network traffic data accurately over time. The Random Forest method shows an excellent performance in both accuracy and time.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.462-463
• /
• 2012

팍스시스템은 의료 영상을 디지탈화한 시스템이다. PACS데이터는 초창기 CR(Computed Radiography)의 경우 10MB내외의 데이터를 발생하였으나 의료장비의 발전으로 인해 DB(Digital Radiography)는 20MB이상의 데이터를 발생하였다. 또 CT(Computed Tomography)의 경우 0.5MB데이터를 100Slice내외의 데이터를 발생하였으나, 현재는 Cardiac/PET 등의 CT는 Multi Frame을 지원하며 300~5000Slice이상의 데이터를 발생하게 됨에 따라 네트워크에 상당한 트래픽이 발생하여 병원 진료 환경에 심각한 영향을 초래한다. 또한, 스마트 폰, 태블릿 pc등의 발전으로 인해 많은 사용자들은 실시간 또는 멀티미디어와 같은 데이터 표현 방식으로 팍스 데이터를 보길 원할 것이며, 팍스 시스템 또한 그러한 요구조건을 만족시키기 위해 발전하고 있다. 병원에서 사용하는 네트워크는 인터넷 서비스의 모토인 best effort방법을 일반적으로 사용한다. 이러한 데이터 전송방식은 진료에 직접적인 영향을 미치는 팍스 데이터의 전송에 영향을 미칠 수 있다. 특히 네트워크의 트래픽이 제한적인 환경에서 높은 대역폭을 요구하는 멀티미디어 팍스 데이터를 다수의 사용자들이 전송받기 원하면 지연시간으로 인해 원활한 진료진행을 방해 받을 수 있다. 이러한 문제를 해결하기 위해 네트워크 개발자들은 QoS라는 개념을 도입하였고, 여러 계층에서 QoS를 보장하기 위한 연구가 진행되였다. 일반적으로, 네트워크에서 QoS를 지원하기 위한 여러가지 형태의 연구들을 조사하고, 분산 시스템을 제어하기 위한 DDS 미들웨어에 대한 연구를 기반으로 병원 네트워크에서 적용 방안을 설계하고 시뮬레이션을 통해 검증함으로써 새로운 형태의 병원 네트워크를 제안하고자 한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.325-326
• /
• 2020

최근 5G의 영향으로 인터넷에 연결되는 사람과 기기가 더욱 증가하고 있고 새로운 사물인터넷(Internet of Things) 애플리케이션이 가능해짐에 따라 트래픽 양이 급증하고 있다. 그러나 국내의 많은 기업은 이러한 트래픽을 분석하기 위해 고비용의 외산 제품을 이용하고 있다. 그러나 이러한 제품은 네트워크상에서 처리되는 트래픽에 대한 통계 데이터를 저장하고 보여주는 것을 주된 목적으로 사용하고 있을 뿐 패킷을 자세하게 분석하기 어렵다는 단점이 있다. 따라서 본 논문에서는 대용량 트래픽 처리를 위한 효율적인 패킷 처리 엔진을 제안한다. 이 패킷 처리 엔진은 다수의 Core Process를 활용하여 시스템 자원을 최대한 활용할 수 있도록 하고, 멀티 프로세싱을 통하여 각 노드의 작업부하를 균등하게 유지함으로써 작업의 대기시간을 줄이고, 각 작업의 수행 시간을 최소화한다. 본 논문에서 제안하는 대용량 트래픽 처리를 위한 패킷 처리 엔진은 기존의 트래픽 처리를 수행하는 패킷 처리 엔진보다 고성능 컴퓨팅 시스템의 성능 향상 면에서 우수함을 보인다.

• The Journal of the Korea Contents Association
• /
• v.11 no.7
• /
• pp.38-50
• /
• 2011

For energy-efficiency in Wireless Sensor Networks (WSNs), when a sensor node detects events, the sensing period for collecting the detailed information is likely to be short. The lifetime of WSNs decreases because communication modules are used excessively on a specific sensor node. To solve this problem, the TARP decentralized network packets to neighbor nodes. It considered the average data transmission rate as well as the data distribution. However, since the existing scheme did not consider the energy consumption of a node in WSNs, its network lifetime is reduced. The proposed scheme considers the remaining amount of energy and the transmission rate on a single node in fitness evaluation. Since the proposed scheme performs an efficient congestion control it extends the network lifetime. The simulation result shows that our scheme enhances the data fairness and improves the network lifetime by about 27% on average over the existing scheme.

• Proceedings of the Optical Society of Korea Conference
• /
• 2001.02a
• /
• pp.12-13
• /
• 2001

인터넷의 대중화로 폭발적으로 증가하는 데이터 및 영상 정보를 수용하기 위해 초고속 전송 시스템이 요구되고 있다. 그림 1은 1996년을 기준으로 통신네트워크의 트래픽 증가 추세를 나타내었다. 데이터를 포함한 총 트래픽은 매년 2배 이상씩 증가하므로 2006년에는 현재보다 100 배 많은 트래픽이 예측된다. 그러므로 2.5 Gb/s 16 ～ 32 채널 WDM (Wavelength Division Multiplexing) 광전송 시스템이 주로 사용되고 있는 현시점과 비교하면 2006년에는 4 Tb/s 이상의 WDM 광전송 시스템이 필요할 것이다. (중략)

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.71-80
• /
• 2020

In order to provide realistic traffic to the cyber warfare training system, it is necessary to prepare a traffic distribution plan in advance and to create a training data set using normal/threat data sets. This paper presents the design and implementation results of a method for creating a traffic distribution plan and a training data set to provide background traffic like a real environment to a cyber warfare training system. We propose a method of a traffic distribution plan by using the network topology of the training environment to distribute traffic and the traffic attribute information collected in real and simulated environments. We propose a method of generating a training data set according to a traffic distribution plan using a unit traffic and a mixed traffic method using the ratio of the protocol. Using the implemented tool, a traffic distribution plan was created, and the training data set creation result according to the distribution plan was confirmed.