• Title/Summary/Keyword: 트래픽 분류

Search Result 217, Processing Time 0.023 seconds

Hierarchical Internet Application Traffic Classification using a Multi-class SVM (다중 클래스 SVM을 이용한 계층적 인터넷 애플리케이션 트래픽의 분류)

  • Yu, Jae-Hak;Lee, Han-Sung;Im, Young-Hee;Kim, Myung-Sup;Park, Dai-Hee
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.20 no.1
    • /
    • pp.7-14
    • /
    • 2010
  • In this paper, we introduce a hierarchical internet application traffic classification system based on SVM as an alternative overcoming the uppermost limit of the conventional methodology which is using the port number or payload information. After selecting an optimal attribute subset of the bidirectional traffic flow data collected from the campus, the proposed system classifies the internet application traffic hierarchically. The system is composed of three layers: the first layer quickly determines P2P traffic and non-P2P traffic using a SVM, the second layer classifies P2P traffics into file-sharing, messenger, and TV, based on three SVDDs. The third layer makes specific classification of the entire 16 application traffics. By classifying the internet application traffic finely or coarsely, the proposed system can guarantee an efficient system resource management, a stable network environment, a seamless bandwidth, and an appropriate QoS. Also, even a new application traffic is added, it is possible to have a system incremental updating and scalability by training only a new SVDD without retraining the whole system. We validate the performance of our approach with computer experiments.

Performance Improvement of Signature-based Traffic Classification System by Optimizing the Search Space (탐색공간 최적화를 통한 시그니쳐기반 트래픽 분석 시스템 성능향상)

  • Park, Jun-Sang;Yoon, Sung-Ho;Kim, Myung-Sup
    • Journal of Internet Computing and Services
    • /
    • v.12 no.3
    • /
    • pp.89-99
    • /
    • 2011
  • The payload signature-based traffic classification system has to deal with large amount of traffic data, as the number of internet-based applications and network traffic continue to grow. While a number of pattern-matching algorithms have been proposed to improve processing speedin the literature, the performance of pattern matching algorithms is restrictive and depends on the features of its input data. In this paper, we studied how to optimize the search space in order to improve the processing speed of the payload signature-based traffic classification system. Also, the feasibility of our design choices was proved via experimental evaluation on our campus traffic trace.

Assessing Convolutional Neural Network based Malicious Network Traffic Detection Methods (컨볼루션 신경망 기반 유해 네트워크 트래픽 탐지 기법 평가)

  • Yeom, Sungwoong;Nguyen, Van-Quyet;Kim, Kyungbaek
    • KNOM Review
    • /
    • v.22 no.1
    • /
    • pp.20-29
    • /
    • 2019
  • Recently, various machine learning based traffic classification methods are focused on detecting malicious network traffic. In this paper, convolutional neural network based malicious network traffic classification method is introduced and its performance is evaluated. In order to utilize the convolutional neural network which is excellent in analyzing images, a image transform method from important information of network traffic to a standardized image is proposed, and the transformed images are used as learning input of a CNN network traffic classifier. By using the real network traffic dataset, the proposed image transform method and CNN based network traffic classification method are evaluated. Especially, under various configurations of CNN, the performance of the proposed method is evaluated.

Classification of Tor network traffic using CNN (CNN을 활용한 Tor 네트워크 트래픽 분류)

  • Lim, Hyeong Seok;Lee, Soo Jin
    • Convergence Security Journal
    • /
    • v.21 no.3
    • /
    • pp.31-38
    • /
    • 2021
  • Tor, known as Onion Router, guarantees strong anonymity. For this reason, Tor is actively used not only for criminal activities but also for hacking attempts such as rapid port scan and the ex-filtration of stolen credentials. Therefore, fast and accurate detection of Tor traffic is critical to prevent the crime attempts in advance and secure the organization's information system. This paper proposes a novel classification model that can detect Tor traffic and classify the traffic types based on CNN(Convolutional Neural Network). We use UNB Tor 2016 Dataset to evaluate the performance of our model. The experimental results show that the accuracy is 99.98% and 97.27% in binary classification and multiclass classification respectively.

Performance Improvement of Real-time Traffic Classification Algorithm based on Application Signature (시그니처 기반의 실시간 트래픽 분류 알고리즘의 성능 향상)

  • Oh, Young-Seok;Yoon, Sung-Ho;Park, Jun-Sang;Kim, Myung-Sup
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2009.04a
    • /
    • pp.1233-1236
    • /
    • 2009
  • 현재 다량의 네트워크 대역폭을 소모하는 응용 프로그램 트래픽을 확인하고 분류하는데 많은 방법들이 사용되고 있지만 정통적인 트래픽 분류 방법론인, 포트 번호, ip 등 등의 헤더 정보만으로는 응용 프로그램의 트랙픽을 정확하게 분류하지 못한다. 최근 동적인 포트 번호를 사용하는 새로운 트래픽 응용의 등장과 방화벽을 통과하기 위한 포트번호 변경으로 인하여 전통적인 TCP/UDP 헤더 기반의 트랙픽 분류 방법은 부정확해지고 있다. 이러한 트래픽을 정확하게 식별하고 분류하기 위해서는 패킷의 페이로드 내용에 대한 조사도 병행되어야 하고 시그니처 기반의 식별 방법을 사용하여야 한다. 하지만 이 방법은 정확도가 높은 반면 시그니처의 목록을 매번 최신 상태로 유지하여야 하는 단점과 길어지는 탐색 시간에 따른 시스템 부하의 문제를 가지고 있다. 본 연구에서는 이러한 단점을 향상시키는 목적으로 새로운 시그니처 기반의 해쉬 테이블에 캐시를 이용한 방법론인 효율적인 알고리즘을 제안하고 시그니처의 자료구조와 실제 패킷과 시그니처의 비교 방식을 수정함으로써 효율성을 높이는데 목적을 두고 있다.

Research on Skype Traffic Classification (Skype 트래픽 분류에 관한 연구)

  • Lee, Sang-Woo;Jung, Ah-Joo;Lee, Hyun-Shin;Kim, Myung-Sup
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2009.04a
    • /
    • pp.1112-1115
    • /
    • 2009
  • 네트워크 관리자 입장에서 효율적인 네트워크 관리를 위해 응용 프로그램 별 트래픽 분류의 중요성이 커지고 있다. 응용 프로그램 별 트래픽 분류를 위해 signature 기반, machine learning 방법들이 제안되고 있지만 p2p 방식의 Skype 응용프로그램에 대한 적용결과는 그 신뢰성이 떨어지고 있는 것은 사실이다. 본 논문에서는 Skype의 트래픽을 분류하기 위해 각 Client 마다 Skype application install 시 동적으로 변화하는 Port 를 알아내는 방법, UDP 패킷의 특정위치의 특정 signature, TCP signal flow의 특정위치 패킷에 대한 payload 크기 등을 이용한 Skype traffic 분류 방법을 제안한다. 제안된 방법론은 학내 네트워크에 적용하여 그 타당성을 TMA를 통해 검증하였다.

Improvement of Attack Traffic Classification Performance of Intrusion Detection Model Using the Characteristics of Softmax Function (소프트맥스 함수 특성을 활용한 침입탐지 모델의 공격 트래픽 분류성능 향상 방안)

  • Kim, Young-won;Lee, Soo-jin
    • Convergence Security Journal
    • /
    • v.20 no.4
    • /
    • pp.81-90
    • /
    • 2020
  • In the real world, new types of attacks or variants are constantly emerging, but attack traffic classification models developed through artificial neural networks and supervised learning do not properly detect new types of attacks that have not been trained. Most of the previous studies overlooked this problem and focused only on improving the structure of their artificial neural networks. As a result, a number of new attacks were frequently classified as normal traffic, and attack traffic classification performance was severly degraded. On the other hand, the softmax function, which outputs the probability that each class is correctly classified in the multi-class classification as a result, also has a significant impact on the classification performance because it fails to calculate the softmax score properly for a new type of attack traffic that has not been trained. In this paper, based on this characteristic of softmax function, we propose an efficient method to improve the classification performance against new types of attacks by classifying traffic with a probability below a certain level as attacks, and demonstrate the efficiency of our approach through experiments.

Graphical Representation of Network Traffic Data for Intrusion Detection (침입탐지를 위한 네트웍 트래픽 데이터 도시)

  • 곽미라;조동섭
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2003.11b
    • /
    • pp.529-532
    • /
    • 2003
  • 침입 탐지를 위하여 수집되는 네트웍 트래픽은 보통 분석 처리 프로그램으로 입력되기 위해 수치적으로 표현된다. 이러한 데이터로부터 그 가운데 드러나는 경향을 한 눈에 발견하는 데에는 어려움이 있어, 이에 대해 프로토콜, 서비스 및 세션 등을 기준으로 분류하는 처리를 수행한 결과를 바탕으로 세세한 분석과정을 거치는 것이 일반적이다. 네트웍 트래픽 데이터를 도시하여 그 추이를 직관적으로 살필 수 있게 한다면 여러 기준에 따라 분류된 각 트래픽이 가지는 특징을 쉽게 발견할 수 있다. 이러한 트래픽 추이와 특징 파악의 용이함은 트래픽에서 비정상적인 부분을 식별해내는 것을 쉽게 한다 이것은 시스템 관리자가 현재 해당 시스템에 설치되어 작동되고 있는 침입탐지 시스템이나 방화벽 시스템에 대해 독립적으로 편리하게 네트웍 트래픽의 특징을 살피고 이상을 발견할 수 있도록 하며, 경고되거나 차단되지 않은 이상에 대해 신속히 대응할 기회를 준다. 이에 본 연구에서는 네트웍 트래픽들의 특징을 설명할 수 있는 요소들을 조합하여 표현함으로써 네트웍 트래픽의 특징과 이상 파악에 편리한 데이터 도시 방법을 제안한다.

  • PDF

Study on the Functional Classification of IM Application Traffic using Automata (오토마타를 이용한 메신저 트래픽의 기능별 분류에 관한 연구)

  • Lee, Sang-Woo;Park, Jun-Sang;Yoon, Sung-Ho;Kim, Myung-Sup
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.36 no.8B
    • /
    • pp.921-928
    • /
    • 2011
  • The increase of Internet users and services has caused the upsurge of data traffic over the network. Nowadays, variety of Internet applications has emerged which generates complicated and diverse data traffic. For the efficient management of Internet traffic, many traffic classification methods have been proposed. But most of the methods focused on the application-level classification, not the function-level classification or state changes of applications. The functional classification of application traffic makes possible the in-detail understanding of application behavior as well as the fine-grained control of applications traffic. In this paper we proposed automata based functional classification method of IM application traffic. We verified the feasibility of the proposed method with function-level control experiment of IM application traffic.

Classification of Traffic Classes for Application Services in Military Communication Networks (군 통신망 응용서비스를 위한 트래픽 클래스 분류 방법)

  • Choi, Geun-Kyung;Kim, Bo-Sung;Roh, Byeong-Hee
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.1C
    • /
    • pp.76-88
    • /
    • 2012
  • Traffic classification for application services in military communication networks is one of the core requirements to provide efficient resource management for NCW operations. Though several standards and organizations provided their own traffic classification methods, the methods have been mainly focused on commercial services, but not reflected military specifics. In addition, though various military application services have been emerged, some of those services have been classified into different traffic classes due to implicit criteria for the classification among organizations. In this paper, we propose a methodology to classify traffic classes and to determine delivery requirements for military application services based on various standards by DoD as well as several commercial standards based on Y.1541. The validation of the proposed methodology was carried out by comparing the results by proposed one with the traffic classification suggestions by existing commercial standards, DoD and FCS. We expect that the proposed methodology can contribute to achieve efficient operations of limited military network resources, since the proposed method can provide systematic and consistent way to assign traffic classes for new and existing military applications services.