• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.477-482
• /
• 2007

최근 다양한 P2P 프로그램을 많이 사용함에 따라 네트워크에서 생겨나는 트래픽의 상당 부분이 P2P가 발생시키는 트래픽으로 이미 HTTP, FTP의 양을 훨씬 뛰어넘고 있다. 현재 인터넷 환경에서 방화벽을 통과하기 위해 포트번호를 변경하여 통신을 하는 새로운 P2P응용들의 행동들은 전통적인 well-known port 기반의 응용프로그램을 구분하는 단순한 분석 방법만으로 신뢰하기가 어렵다. 새로운 P2P 응용들과 같은 트래픽 모니터링의 정확도를 높이기 위해서는 TCP/IP 헤더만이 아니라 패킷이 담고 있는 페이로드 내용에 대한 조사 차원의 모니터링 방법이 필요하다. 본 논문에서는 TCP/IP 헤더 정보와 더불어 패킷의 페이로드 내용을 조사하여 P2P 트래픽을 탐지하는 모니터링 기법을 제안한다. 이어 탐지되는 P2P 트래픽에 대하여 Linux Netfilter Framework의 Queuing Discipline에서 제공하는 계층적인 우선순위 큐를 사용하여 일정한 양의 대역폭을 할당하는 정책을 적용함으로써 안정적이면서 효율적인 네트워크 운용 방안을 제시한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.2
• /
• pp.47-56
• /
• 2014

Internet traffic has rapidly increased due to the supplying wireless devices and the appearance of various applications and services. By increasing internet traffic rapidly, the need of Internet traffic classification becomes important for the effective use of network resource. However, the traffic classification scheme is not much studied comparing to the study for classification method. This paper proposes novel classification scheme for multilateral and hierarchical traffic identification. The proposed scheme can support multilateral identification with 4 classification criteria such as service, application, protocol, and function. In addition, the proposed scheme can support hierarchical analysis based on roll-up and drill-down operation. We prove the applicability and advantages of the proposed scheme by applying it to real campus network traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.221-229
• /
• 2007

Security of the port TCP/80 has been demanded by reason that the others besides web services have been rapidly increasing use of the port. Existing traffic analysis approaches can't distinguish web services traffic from application services when traffic passes though the port. monitoring method based on protocol and port analysis were weak in analyzing harmful traffic using the web port on account of being unable to distinguish payload. In this paper, we propose a method of detecting harmful traffic by web traffic analysis. To begin, traffic Capture by real time and classify by web traffic. Classed web traffic sorts each application service details and apply weight and detect harmful traffic. Finally, method propose and implement through coding. Therefore have a purpose of these paper to classify existing traffic analysis approaches was difficult web traffic classified normal traffic and harmful traffic and improved performance.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.557-560
• /
• 2013

MANTET(Mobile Ad-Hoc Networks), which is configured and operated by each terminals with no support of communication infra-structures, is recently expanded its application fields from terrestrial communications to underwater environments with technical advances of Wi/Fi and minimized portable terminals. Underwater sensor network, undersea environment explorations and probes, information transmission for underwater area, etc., is typical application fields of underwater MANET. Especially, Performance measurement and analysis on this application fields is one of important research area and base of design, implementation and operation for underwater MANET. However, the research results are focued on various transmission parameters on network level, and its objects of analysis are also performance of network level. In this paper, transmission performances for application levels are measured and analyzed for user levels on underwater MANET. In this study, voice traffic is assumed as object application traffic, computer simulation which is based on NS-2 having additional implemented functions for underwater communications is used. on some defined scale of MANET, transmission performances according to varying traffic environments are measured and analyzed, operation conditions on underwater MANET is suggested with the analysis.

• Annual Conference of KIPS
• /
• 2009.04a
• /
• pp.1112-1115
• /
• 2009

네트워크 관리자 입장에서 효율적인 네트워크 관리를 위해 응용 프로그램 별 트래픽 분류의 중요성이 커지고 있다. 응용 프로그램 별 트래픽 분류를 위해 signature 기반, machine learning 방법들이 제안되고 있지만 p2p 방식의 Skype 응용프로그램에 대한 적용결과는 그 신뢰성이 떨어지고 있는 것은 사실이다. 본 논문에서는 Skype의 트래픽을 분류하기 위해 각 Client 마다 Skype application install 시 동적으로 변화하는 Port 를 알아내는 방법, UDP 패킷의 특정위치의 특정 signature, TCP signal flow의 특정위치 패킷에 대한 payload 크기 등을 이용한 Skype traffic 분류 방법을 제안한다. 제안된 방법론은 학내 네트워크에 적용하여 그 타당성을 TMA를 통해 검증하였다.

• Journal of KIISE:Information Networking
• /
• v.37 no.6
• /
• pp.477-482
• /
• 2010

Recently, advanced Internet applications such as Internet telephone, multimedia streaming, and file sharing have appeared. Especially, P2P or web-based file sharing applications have been notorious for their illegal usage of contents and massive traffic consumption by a few users. This paper presents a novel method to identify the P2P or web-based file names with traffic monitoring. For this purpose, we have utilized the Korean decoding method on the IP packet payload. From experiments, we have shown that the file names requested by BitTorrent, Clubbox, and Tple applications could be correctly identified.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.368-376
• /
• 2013

The importance of application traffic identification is emphasized for the efficient network management with recent rapid development of internet. In this paper, we present the application traffic identification method using the behavior based signature to improve the previous limitations. The behavior based signature is made by combining the existing various traffic features, and uses the Inter-Flow unit that is combination of the first request packet of each flow. All signatures have 100% precision when measured the accuracy of 5 applications using at home and abroad to prove the feasibility of the proposed signature.

• Journal of KIISE:Information Networking
• /
• v.37 no.4
• /
• pp.263-271
• /
• 2010

SIP/RTP-based VoIP services are being popular. Recently, however, VoIP anomaly traffic such as delay, interference and termination of call establishment, and degradation of voice quality has been reported. An attacker could intercept a packet, and obtain user and header information so as to generate an anomaly traffic, because most Korean VoIP applications do not use standard security protocols. In this paper, we propose three VoIP anomaly traffic generation methods for CANCEL;BYE DoS and RTP flooding, and a detection method through flow-based traffic measurement. From our experiments, we showed that 97% of anomaly traffic could be detected in real commercial VoIP networks in Korea.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.335-342
• /
• 2013

Nowadays, the traffic type and behavior are extremely diverse due to the growth of network speed and the appearance of various services on Internet. For efficient network operation and management, the importance of application-level traffic identification is more and more increasing in the area of traffic analysis. In recent years traffic identification methodology using statistical features of traffic flow has been broadly studied. However, there are several problems to be considered in the identification methodology base on statistical features of flow to improve the analysis accuracy. In this paper, we recognize these problems by analyzing the ground-truth traffic and propose the solution of these problems. The four problems considered in this paper are the distance measurement of features, the selection of the representative value of features, the abnormal behavior of TCP sessions, and the weight assignment to the feature. The proposed solutions were verified by showing the performance improvement through experiments in campus network.

• Journal of Information Technology and Architecture
• /
• v.10 no.1
• /
• pp.101-111
• /
• 2013

Internet traffic volume has been increasing rapidly due to popularization of various smart devices and Internet development. In particular, HTTP-based traffic volume of smart devices is increasing rapidly in addition to desktop traffic volume. The increased mobile traffic can cause serious problems such as network overload, web security, and QoS. In order to solve these problems of the Internet overload and security, it is necessary to accurately detect applications. Traditionally, well-known port based method is utilized in traffic classification. However, this method shows low accuracy since P2P applications exploit a TCP/80 port, which is used for the HTTP protocol; to avoid firewall or IDS. Signature-based method is proposed to solve the lower accuracy problem. This method shows higher analysis rate but it has overhead of signature generation. Also, previous signature-based study only analyzes applications in HTTP protocol-level not application-level. That is, it is difficult to identify application name. Therefore, previous study only performs protocol-level analysis. In this paper, we propose a signature generation method to classify HTTP-based traffics in application-level using the characteristics of typical semi HTTP header. By applying our proposed method to campus network traffic, we validate feasibility of our method.