• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.191-199
• /
• 2014

Currently, HTTP traffic has been developed rapidly due to appearance of various applications and services based web. Accordingly, HTTP Traffic classification is necessary to effective network management. Among the various signature-based method, Payload signature-based classification method is effective to analyze various aspects of HTTP traffic. However, the payload signature-based method has a significant drawback in high-speed network environment due to the slow processing speed than other classification methods such as header, statistic signature-based. Therefore, we proposed various classification method of HTTP Traffic based HTTP signatures of hierarchical structure and to improve pattern matching speed reflect the hierarchical structure features. The proposed method achieved more performance than aho-corasick to applying real campus network traffic.

• Journal of KIISE:Information Networking
• /
• v.34 no.4
• /
• pp.246-255
• /
• 2007

Due to the bandwidth-consuming characteristics of the heavy-hitter P2P applications, it has become critical to have the capability of pinpointing and mitigating P2P traffic. Traditional port-based classification scheme is no more adequate for this purpose because of newer P2P applications, which incorporating port-hopping techniques or disguising themselves as HTTP-based Internet disk services. Alternatively, packet filtering scheme based on payload signatures suggests more practical and accurate solution for this problem. Moreover, it can be easily deployed on existing IDSes. However, it is significantly difficult to maintain up-to-date signatures of P2P applications. Hence, the automatic signature generation method is essential and will be useful for successful signature-based traffic identification. In this paper, we suggest an automatic signature generation method for Internet disk P2P applications and provide an experimental results on CNU campus network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.669-677
• /
• 2020

As the number of Internet users exploded, attacks on the web increased. In addition, the attack patterns have been diversified to bypass existing defense techniques. Traditional web firewalls are difficult to detect attacks of unknown patterns.Therefore, the method of detecting abnormal behavior by artificial intelligence has been studied as an alternative. Specifically, attempts have been made to apply natural language processing techniques because the type of script or query being exploited consists of text. However, because there are many unknown words in scripts and queries, natural language processing requires a different approach. In this paper, we propose a new classification model which uses byte pair encoding (BPE) technology to learn the embedding vector, that is often used for web attack payloads, and uses an attention mechanism-based Bi-GRU neural network to extract a set of tokens that learn their order and importance. For major web attacks such as SQL injection, cross-site scripting, and command injection attacks, the accuracy of the proposed classification method is about 0.9990 and its accuracy outperforms the model suggested in the previous study.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1313-1319
• /
• 2017

In this paper, we evaluate the performance of multi-hop transmissions in IEEE 802.15.6 ultra wide band (UWB) wireless body area network (WBAN). The packet structure in the physical layer, and encoding and decoding are considered for multi-hop transmissions in IEEE 802.15.6 UWB WBAN. We analyze the data success rate and energy efficiency of multi-hop transmissions with considering the length of data payload, transmission power, and distances between the nodes in IEEE 802.15.6 UWB WBAN. Through simulations, we evaluate the data success rate and energy efficiency of multi-hop transmissions with varying the length of data payload, transmission power, and distances between the nodes in IEEE 802.15.6 UWB WBAN. Finally, we can select an energy-efficient multi-hop transmission in IEEE 802.15.6 UWB WBAN depending on the length of data payload, transmission power, and distances between the nodes.

• Journal of the Korean Society for Nondestructive Testing
• /
• v.29 no.4
• /
• pp.331-337
• /
• 2009

Space launch vehicles require highly reliable, lightweight structures. It is thus important to monitor the structural health of these components with nondestructive inspections. In this paper, we studied an example of a nondestructive inspection that was partially applied to the manufacture and inspection of a launch vehicle. Ultrasonic tests, X-rays, tapping, and acoustic emissions comprised the inspection method. A payload fairing, high pressure tank, fastener part, and bonding part were used as hardware to be inspected. We proposed a quantitative standard for debonding inspection of the payload fairing and acoustic emission data for the proof test of the high pressure tank. We analyzed the fracture mode of the sandwich fastener part according to frequency changes. We also proposed a standard specimen for ultrasonic inspection of bonds of different materials. The present analyses and results provide data for evaluation of the launch operation sequence to ensure launch vehicles afford high reliability.

• The KIPS Transactions:PartC
• /
• v.13C no.2 s.105
• /
• pp.203-210
• /
• 2006

Fair packet scheduling algorithms supporting quality-of-services of real-time multimedia applications can be classified into the following two design schemes in terms of the reference time used in calculating the timestamp of arriving packet: Finish-time Design (FD) and Start-time Design (SD) schemes. Since the former can adjust the latency of a flow with raising the flow's reserved rate, it has been applied to a router for the guaranteed service of the IETF (Internet Engineering Task Force) IntServ model. However, the FD scheme may incur severe bandwidth loss for traffic flows requiring low-rate but strong delay bound such as internet phone. In order to verify the usefulness of the SD scheme based router for the IETF guaranteed service, this paper analyzes and compares two design schemes in terms of bandwidth and payload utilizations. It is analytically proved that the SD scheme is better bandwidth utilization than the FD one, and the simulation result shows that the SD scheme gives better payload utilization by up to 20%.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.5
• /
• pp.125-130
• /
• 2017

Since field control equipment such as PLC has no function to log key event information in the log, it is difficult to analyze the accident. Therefore, it is necessary to secure information that can analyze when a cyber accident occurs by logging the main event information of the field control equipment such as PLC and IED. The protocol analyzer is required to analyze the field control device (the embedded device) communication protocol for event logging. However, the conventional analyzer, such as Wireshark is difficult to process the data identification and extraction of the large variety of protocols for event logging is difficult analysis of the payload data based and classification. In this paper, we developed a system for Big Data based on field control device communication protocol payload data extraction for event logging of large studies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1234-1244
• /
• 2009

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services and applications on Internet, which makes the need of application-level traffic classification important for the efficient management and control of network resources. Although lots of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in terms of accuracy and completeness. In this paper we propose an application traffic classification method using statistic signatures, defined as a directional sequence of packet size in a flow, which is unique for each application. The statistic signatures of each application are collected by our automatic grouping and extracting mechanism which is mainly described in this paper. By matching to the statistic signatures we can easily and quickly identify the application name of traffic flows with high accuracy, which is also shown by comprehensive excrement with our campus traffic data.

• The KIPS Transactions:PartA
• /
• v.9A no.1
• /
• pp.29-36
• /
• 2002

For the efficient collaboration awareness, the CSCW (Computer-Supported Cooperative Work) systems provide functions such as telepointing, snap-shot, and document/project tracking. Among these, telepointing allows an event occurrence on the shared window of a local computing system to be presented in remote computing systems. Although telepointing has been mentioned in the literature, few research papers deal with the functional requirements and protocols for telepointing. This parer describes the functional requirements and payload format for RTP (Real-Time Transport Protocol)-based telepointing. In order to evaluate the performance of the proposed RTP-barred telepointing, we have implemented a whiteboard and compared it with that of the Microsoft Netmeeting. The evaluation results show that the proposed telepointing performs better in terms of CPU usage and the amount of network traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.81-87
• /
• 2023

Intrusion detection systems that learn metadata of network packets have been proposed recently. However these approaches require time to analyze packets to generate metadata for model learning, and time to pre-process metadata before learning. In addition, models that have learned specific metadata cannot detect intrusion by using original packets flowing into the network as they are. To address the problem, this paper propose a natural language processing-based intrusion detection system that detects intrusions by learning the packet payload as a single sentence without an additional conversion process. To verify the performance of our approach, we utilized the UNSW-NB15 and Transformer models. First, the PCAP files of the dataset were labeled, and then two Transformer (BERT, DistilBERT) models were trained directly in the form of sentences to analyze the detection performance. The experimental results showed that the binary classification accuracy was 99.03% and 99.05%, respectively, which is similar or superior to the detection performance of the techniques proposed in previous studies. Multi-class classification showed better performance with 86.63% and 86.36%, respectively.