• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.25-30
• /
• 2011

MANET has a weak construction in security more because it is consisted of only moving nodes and doesn't have central management system. The DDoS attack is a serious attack among these attacks which threaten wireless network. The DDoS attack has various object and trick and become intelligent. In this paper, we propose the technique to raise DDoS detection rate by classifying abnormal traffic pattern. Cluster head performs sentinel agent after nodes which compose MANET are made into cluster. The decision tree is applied to detect abnormal traffic pattern after the sentinel agent collects all traffics and it judges traffic pattern and detects attack also. We confirm high attack detection rate of proposed detection technique in this study through experimentation.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.3 s.357
• /
• pp.33-40
• /
• 2007

In this paper, low-rate TCP attack as one of shrew attacks is considered and the scaling based dynamic time warping (S-DTW) algorithm is introduced. The low-rate TCP attack can not be detected by the detection method for the previous flooding DoS/DDoS (Denial of Service/Distirbuted Denial of Service) attacks due to its low average traffic rate. It, however, is a periodic short burst that exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and then some pattern matching mechanisms have been proposed to detect it among legitimate input flows. A DTW mechanism as one of detection approaches has proposed to detect attack input stream consisting of many legitimate or attack flows, and shown a depending method as well. This approach, however, has a problem that legitimate input stream may be caught as an attack one. In addition, it is difficult to decide a threshold for separation between the legitimate and the malicious. Thus, the causes of this problem are analyzed through simulation and the scaling by maximum auto-correlation value is executed before computing the DTW. We also discuss the results on applying various scaling approaches and using standard deviation of input streams monitored.

• Journal of Internet Computing and Services
• /
• v.5 no.4
• /
• pp.23-33
• /
• 2004

In this paper, we propose a novel traffic measurement based detection of network attack symptoms on high speed Internet backbone links. In order to do so, we characterize the traffic patterns from the normal and the network attacks appeared on Internet backbone links, and we derive two efficient measures for representing the network attack symptoms at aggregate traffic level. The two measures are the power spectrum and the ratio of packet counts to traffic volume of the aggregate traffic. And, we propose a new methodology to detect networks attack symptoms by measuring those traffic measures. Experimental results show that the proposed scheme can detect the network attack symptoms very exactly and quickly. Unlike existing methods based on Individual packets or flows, since the proposed method is operated on the aggregate traffic level. the computational complexity can be significantly reduced and applicable to high speed Internet backbone links.

• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.1-10
• /
• 2018

Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.

• Proceedings of the Korea Society for Simulation Conference
• /
• 1998.10a
• /
• pp.147-150
• /
• 1998

ATM 환경의 다양한 QOS를 갖는 트래픽의 우선순위제어를 위해, ATM 스위치의 출력 버퍼에 저장되는 셀의 큐메카니즘을 제안하였다. 제안한 큐 방식은 가변큐공유(VQS4 : Variable Queue Sharing with 4 queue)방식으로서 기존의 고정 큐 방식의 문제점인 버스트 트래픽으로 인한 큐 오버플로우의 문제점을 개선하기 위해 CBR 큐, VBR-rt큐, VBR_nrt 큐, ABR 큐의 영역을 가변적으로 공유하여 큐 자원의 이용율을 최대화시킴으로써 순간 버스트 트래픽 유입으로 인한 셀손실율을 최소화시킬 수 있는 특성을 제공한다. VQS4 방식의 성능을 평가하기 위해 버스트 특성이 강한 트래픽 패턴을 이용하여 고정 큐를 이용한 HOL과 제안 방식인 VQS4의 셀손실률 및 평균 지연률을 비교하였으며 시뮬레이터는 Visual Slam 2.0(AweSim)을 이용하여 작성했다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.549-551
• /
• 2023

차량용 인포테인먼트 시스템은 차량 내부에서 정보와 엔터테인먼트 기능을 제공하는 시스템으로, 현재 급격한 성장세를 보이고 있다. 이에 따라 많은 기업이 차량용 인포테인먼트 관련 기술을 연구하고 개발하고 있다. 이는 결국 차량에서 발생하는 트래픽이 이전보다 증가하는 것을 의미한다. 차량 발생 트래픽은 모바일 트래픽과 달리 시간에 따라 뚜렷한 발생 패턴을 보인다. 이러한 특성을 고려하여 RNN, LSTM, GRU 세 가지 종류의 순환 신경망 모델을 활용하여 차량 트래픽 예측 모델을 구현하였고 시간대별 모델 성능을 비교한 결과, LSTM이 가장 우수한 성능을 보였다.

• The KIPS Transactions:PartB
• /
• v.9B no.2
• /
• pp.173-180
• /
• 2002

The virtual cell loss rate was introduced for the training pattern of the neural network in the VOB(Virtual Output Buffer) model. The VOB model shows that the neural network can find the connection admission boundary without the real cell loss rate. But the VOB model tends to overestimate the cell loss rate, so the utilization of network is low. In this paper, we uses the reference curve of the cell loss rate, which contains the information about the cell loss rate at the connection admission boundary. We process the patterns of the virtual cell loss rate using the reference curve, We performed the simulation with two major ATM traffic classes. One is On-Off traffic class that has the traffic characteristic of LAN data and other is Auto-Regressive traffic class that has the traffic characteristic of a video image communication.

• KNOM Review
• /
• v.24 no.1
• /
• pp.20-28
• /
• 2021

Extensive use of social media applications and mobile devices continues to increase data traffic. Social media applications generate an endless and massive amount of multimedia traffic, specifically video traffic. Many social media platforms such as YouTube, Daily Motion, and Netflix generate endless video traffic. On these platforms, only a few popular videos are requested many times as compared to other videos. These popular videos should be cached in the user vicinity to meet continuous user demands. MEC has emerged as an essential paradigm for handling consistent user demand and caching videos in user proximity. The problem is to understand how user demand pattern varies with time. This paper analyzes three publicly available datasets, MovieLens 20M, MovieLens 100K, and The Movies Dataset, to find the user request pattern over time. We find hourly, daily, monthly, and yearly trends of all the datasets. Our resulted pattern could be used in other research while generating and analyzing the user request pattern in MEC-based video caching scenarios.

• Journal of Korean Society of Transportation
• /
• v.33 no.1
• /
• pp.14-28
• /
• 2015

Numerous research has been conducted using internet search data since the mid-2000s. For example, Google Inc. developed a service predicting influenza patterns using the internet search data. The main objective of this study is to prove the hypothesis that highway traffic indices are similar to the internet search patterns. In order to achieve this objective, a model to predict the number of vehicles entering the expressway and space-mean speed was developed and the goodness-of-fit of the model was assessed. The results revealed several findings. First, it was shown that the Google search traffic was a good predictor for the TCS entering traffic volume model at sites with frequent commute trips, and it had a negative correlation with the TCS entering traffic volume. Second, the Naver search traffic was utilized for the TCS entering traffic volume model at sites with numerous recreational trips, and it was positively correlated with the TCS entering traffic volume. Third, it was uncovered that the VDS speed had a negative relationship with the search traffic on the time series diagram. Lastly, it was concluded that the transfer function noise time series model showed the better goodness-of-fit compared to the other time series model. It is expected that "Big Data" from the internet search data can be extensively applied in the transportation field if the sources of search traffic, time difference and aggregation units are explored in the follow-up studies.

• Journal of IKEEE
• /
• v.13 no.2
• /
• pp.140-149
• /
• 2009

Traffic anomaly detection is one of important technology that should be considered in network security and administration. In this paper, we propose an abnormal traffic detection mechanism that includes traffic monitoring and traffic analysis. We develop analytical passive monitoring system called WISE-Mon which can inspect traffic behavior. We establish a criterion by analyzing the characteristics of a traffic training set. To detect abnormal traffic, we derive a hyperplane by using Fisher linear discriminant and chi-square distribution as well as the analyzed characteristics of traffic. Our mechanism can support reliable results for traffic anomaly detection and is compatible to real-time detection. In addition, since the trend of traffic can be changed as time passes, the hyperplane has to be updated periodically to reflect the changes. Accordingly, we consider the self-learning algorithm which reflects the trend of the traffic and so enables to increase the pliability of detection probability. Numerical results are presented to validate the accuracy of proposed mechanism. It shows that the proposed mechanism is reliable and relevant for traffic anomaly detection.