• Annual Conference of KIPS
• /
• 2004.05a
• /
• pp.1659-1662
• /
• 2004

본 논문에서는 스토리지만을 위한 전용 네트워크인 파이버 채널대신, 최근 대중화되고 있는 IP 네트워크를 사용하는 IP 네트워크 스토리지에 QoS를 제공하기위한 연구의 일환으로 스토리지 입출력 트래픽에 의해서 발생되는 네트워크 트래픽의 변화를 분석하였다. iSCSI 프로토콜을 사용하여 구성한 IP 네트워크 스토리지 환경하에서, 스토리지 트래픽에 따른 네트워크 트래픽은 패턴에 있어 거의 동일한 양상을 보이지만 iSCSI 프로토콜의 영향으로 호스트 스토리지의 트래픽보다 네트워크 트래픽에 burstiness가 더해진다는 것을 알 수 있다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.5
• /
• pp.995-1003
• /
• 2004

A number of Internet application services are used with the development of Internet backbone nowadays. Well-known services such as WWW, ]n, email are provided at first time. Tremendous unwell-known services are presented according to the demands of various contents. After analyzing PDU information of the packet using unwell-known port travelling on the internet, searching internet service type and its statistical data is provided with internet traffic analyst as very useful information. This paper presents the mechanism to extract the internet application services operated on (un)well-known port of UDP or TCP used occasionally through netflow and tcpdump method introduced by ethereal and the operation scheme of the service. Afterwards to get the detailed statistics of the analyzed application service, the agent and the server environment, the agent gathering raw data traffics and the server adapting the traffic received from the agent BNF(Backus-Naur Form) method, is also introduced. Adapting the presented mechanism eve. LAN of Andong national university, the internet traffic service type and the detailed statistics of the analyzed application services which provides with internet traffic analyst are presented as very useful information.

• Korean Management Science Review
• /
• v.16 no.1
• /
• pp.25-38
• /
• 1999

기존의 데이터망과는 달리 B-ISDN은 데이터, variable-rate 비디오 등과 같은 bursty하고 variable bit rate를 갖는 트래픽원으로부터 smooth하고 constant bit rate를 갖는 트래픽원까지 광범위한 계층의 트래픽을 모두 수용해야만 한다. 게다가 이 망은 다양한 계층의 트래픽에게 일정 수준 이상의 품질, 즉 QoS(Quality of Service)를 보장해 주어야만 한다. 셀 손실이나 지연시간 그리고 지연시간 jittere등을 포함하는 QoS 성능척도들은 응용서비스 별로 서로 다를 것이고 특히 실시간(real-time) 응용 서비스를 지원하는 망에서의 QoS문제는 특별히 중요성을 더하게 된다. 따라서 통계적 다중화에 의해 얻어지는 망자원의 효율성을 확보하면서 end-to-end QoS 보장을 해주는 문제는 B-ISDN에서 매우 중요하나 아직 대부분 미해결 문제로 남아 있는 분야이다. 본 연구에서는 end-to-end 분석에 가장 큰 에로점으로 부각되는 multi-hop망 환경하에서 트래픽 분석에 초점을 맞추어 기존 연구결과등을 폭넓게 비교 분석하고 최근 연구 동향 및 추후 연구 사항을 제시하고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.274-276
• /
• 2004

본 논문에서는 현재 웹에서 제공되는 사이버 강의를 수강자가 인터넷을 통해 제공받을 때 사이버 교육컨텐츠들이 대역폭에 미치는 영향을 측정 분석한다. 또한 이더넷(Ethernet)을 통하여 스트리밍 형식의 사이버 강의를 수강할 경우 네트워크에 존재하는 설러 종류의 배경(Background)트래픽에 의하여 대역폭이 점유되므로 한정된 네트워크 환경에서는 강의 수강에 어려움이 있을 것으로 예상된다. 따라서 컨텐츠의 원활한 전달을 위해 FTP(File Transfer Protocol)를 이용하여 배경 트래픽을 발생시켜 이때 측정되는 사이버 강의 트래픽을 분석하여 강의의 전달 특성과 문제점을 파악한다. 마지막으로 사이버 강의를 수강하는 학습자의 위치에 따라 네트워크 환경을 살펴본 후 각각의 환경에서 강의를 수강할 경우를 가정하여 실제 트래픽을 측정 분석함으로써 강의제작에 선행되어야할 바랑직한 조건을 제안한다.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.51-60
• /
• 2003

One of the most important matters in designing network and realizing service, is to grip on the traffic characteristics. Conventional traffic prediction and analysis used the models which based on the Poisson or Markovian. Recently, experimental research on the LAN, WAN and VBR traffic properties have been pointed rut that they weren't able to display actual real traffic specificities because the models based on the Poisson assumption had been underestimated the long range dependency of network traffic and self-similar peculiarities, it has been lately presented that the new approach method using self-similarity characteristics as similar as the real traffic models. Therefore, in this paper, we generated self-similar data traffic like real traffic as background load. On the existing ABR congestion control algorithm, we analyzed by classify into ACR, buffer utilization. cell drop rate, transmission throughput with the representative EFCI, ERICA, EPRCA and NIST twitch algorithm to show the efficient reaction about the burst traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.73-80
• /
• 2021

In this paper, we propose a packet processing method capable of handling large-capacity traffic over 20Gbps using multi-core and huge page memory approaches. As ICT technology advances, the global average monthly traffic is expected to reach 396 exabytes by 2022. With the increase in network traffic, cyber threats are also increasing, increasing the importance of traffic analysis. Traffic analyzed as an existing high-cost foreign product simply stores statistical data and visually shows it. Network administrators introduce and analyze many traffic analysis systems to analyze traffic in various sections, but they cannot check the aggregated traffic of the entire network. In addition, since most of the existing equipment is of the 10Gbps class, it cannot handle the increasing traffic every year at a fast speed. In this paper, as a method of processing large-capacity traffic over 20Gbps, the process of processing raw packets without copying from single-core and basic SMA memory approaches to high-performance packet reception, packet detection, and statistics using multi-core and NUMA memory approaches suggest When using the proposed method, it was confirmed that more than 50% of the traffic was processed compared to the existing equipment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.11
• /
• pp.2160-2168
• /
• 2015

The SSL/TLS, one of the most popular encryption protocol, was developed as a solution of various network security problem while the network traffic has become complex and diverse. But the SSL/TLS traffic has been identified as its protocol name, not its used services, which is required for the effective network traffic management. This paper proposes a new method to generate service signatures automatically from SSL/TLS payload data and to classify network traffic in accordance with their application services. We utilize the certificate publication information field in the certificate exchanging record of SSL/TLS traffic for the service signatures, which occurs when SSL/TLS performs Handshaking before encrypt transmission. We proved the performance and feasibility of the proposed method by experimental result that classify about 95% SSL/TLS traffic with 95% accuracy for every SSL/TLS services.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.21-28
• /
• 2012

Recently, the necessity for good techniques of detecting network traffic attack has increased. In this paper, we suggest a new method of detecting abnormal patterns of network traffic data by visualizing their IP and port information into two dimensional images. The proposed approach first generates four 2D images from IP data of transmitters and receivers, and makes one 2D image from port data. Analyzing those images, it then extracts their major features such as linear patterns or high intensity values, and determines if traffic data contain DDoS or DoS Attacks. To comparatively evaluate the performance of the proposed algorithm, we show that our abnormal pattern detection method outperforms the existing algorithm in terms of accuracy and speed.

• Journal of IKEEE
• /
• v.13 no.2
• /
• pp.200-207
• /
• 2009

In this paper, novel traffic gromming algorithms are proposed with a primary goal of maximize the throughput in WDM(Wavelength Division Multiplexing) ring networks. To achieve this goal, we analyze two network designs that are Lightpath Designs and Virtual Topology Designs and simulate the throughput in various traffic environments. From this methods, we propose novel traffic gromming algorithms to maximize the throughput.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.640-642
• /
• 2002

본 논문에서는 실제 네트워크에서 측정되고 있는 시간축상으로 매우 불안정한 상태의 트래픽 즉, ON／OFF 소스 모델로 가정하여 발생시킨 self-similar 트래픽을 이용하여 다단으로 이루어진 스위치 모델의 처리시간(processing time)에 따른 출력단에서self-similarity의 변화와 이용도(utilization) 등을 사용하여 네트워크의 성능을 분석한다.