• ETRI Journal
• /
• v.27 no.1
• /
• pp.22-42
• /
• 2005

Traditional traffic identification methods based on wellknown port numbers are not appropriate for the identification of new types of Internet applications. This paper proposes a new method to identify current Internet traffic, which is a preliminary but essential step toward traffic characterization. We categorized most current network-based applications into several classes according to their traffic patterns. Then, using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet, and characterized all the traffic according to their application types.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2261-2280
• /
• 2014

Recently, network traffic has become more complex and diverse due to the emergence of new applications and services. Therefore, the importance of application-level traffic classification is increasing rapidly, and it has become a very popular research area. Although a lot of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in real-time application-level traffic classification. In this paper, we propose a novel application-level traffic classification method using payload size sequence (PSS) signature. The proposed method generates unique PSS signatures for each application using packet order, direction and payload size of the first N packets in a flow, and uses them to classify application traffic. The evaluation shows that this method can classify application traffic easily and quickly with high accuracy rates, over 99.97%. Furthermore, the method can also classify application traffic that uses the same application protocol or is encrypted.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.921-928
• /
• 2011

The increase of Internet users and services has caused the upsurge of data traffic over the network. Nowadays, variety of Internet applications has emerged which generates complicated and diverse data traffic. For the efficient management of Internet traffic, many traffic classification methods have been proposed. But most of the methods focused on the application-level classification, not the function-level classification or state changes of applications. The functional classification of application traffic makes possible the in-detail understanding of application behavior as well as the fine-grained control of applications traffic. In this paper we proposed automata based functional classification method of IM application traffic. We verified the feasibility of the proposed method with function-level control experiment of IM application traffic.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.5
• /
• pp.859-876
• /
• 2010

In this paper, we propose a hierarchical application traffic classification system as an alternative means to overcome the limitations of the port number and payload based methodologies, which are traditionally considered traffic classification methods. The proposed system is a new classification model that hierarchically combines a binary classifier SVM and Support Vector Data Descriptions (SVDDs). The proposed system selects an optimal attribute subset from the bi-directional traffic flows generated by our traffic analysis system (KU-MON) that enables real-time collection and analysis of campus traffic. The system is composed of three layers: The first layer is a binary classifier SVM that performs rapid classification between P2P and non-P2P traffic. The second layer classifies P2P traffic into file-sharing, messenger and TV, based on three SVDDs. The third layer performs specialized classification of all individual application traffic types. Since the proposed system enables both coarse- and fine-grained classification, it can guarantee efficient resource management, such as a stable network environment, seamless bandwidth guarantee and appropriate QoS. Moreover, even when a new application emerges, it can be easily adapted for incremental updating and scaling. Only additional training for the new part of the application traffic is needed instead of retraining the entire system. The performance of the proposed system is validated via experiments which confirm that its recall and precision measures are satisfactory.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1234-1244
• /
• 2009

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services and applications on Internet, which makes the need of application-level traffic classification important for the efficient management and control of network resources. Although lots of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in terms of accuracy and completeness. In this paper we propose an application traffic classification method using statistic signatures, defined as a directional sequence of packet size in a flow, which is unique for each application. The statistic signatures of each application are collected by our automatic grouping and extracting mechanism which is mainly described in this paper. By matching to the statistic signatures we can easily and quickly identify the application name of traffic flows with high accuracy, which is also shown by comprehensive excrement with our campus traffic data.

• Journal of the Korean Institute of Navigation
• /
• v.17 no.1
• /
• pp.49-60
• /
• 1993

As the marine traffic thickens all over the world, the rate of marine casualities is on the increase, Also in Korea the number of the killed and the injured resulting from marine casualities such as ship's collision, increase continuously and the rate of marine casualities in 1992 came to the highest level in the world. The reason of rapid increasing the rte of marine casualities is the mistake of ship's steering in most case. By the way, because the administration of marine traffic is regarded as the belongs of land traffic, the scope of application in laws related to the safety of marine traffic is duplicated or unreasonable. In the view, in case of ship's collision, it is important to know the scope of application in Korean marine traffic laws and to point out the problems companies with them. Therefore, I suggest the improvement of marine traffic laws related to the safety of traffic administration.

• ETRI Journal
• /
• v.32 no.1
• /
• pp.22-32
• /
• 2010

The pervasive game environments have activated explosive growth of the Internet over recent decades. Thus, understanding Internet traffic characteristics and precise classification have become important issues in network management, resource provisioning, and game application development. Naturally, much attention has been given to analyzing and modeling game traffic. Little research, however, has been undertaken on the classification of game traffic. In this paper, we perform an interpretive traffic analysis of popular game applications at the transport layer and propose a new classification method based on a simple decision tree, called an alternative decision tree (ADT), which utilizes the statistical traffic characteristics of game applications. Experimental results show that ADT precisely classifies game traffic from other application traffic types with limited traffic features and a small number of packets, while maintaining low complexity by utilizing a simple decision tree.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.2B
• /
• pp.131-140
• /
• 2011

As the number of Internet users and applications is increasing, the importance of application traffic classification is growing more and more for efficient network management. While a number of methods for traffic classification have been introduced, such as signature-based and machine learning-based methods, Skype application, which uses encrypted communication on its own P2P network, is known as one of the most difficult traffic to identify. In this paper we propose a novel method to identify Skype application traffic on the fly. The main idea is to setup a list of Skype host information {IP, port} by examining the packets generated in the Skype login process and utilizes the list to identify other Skype traffic. By implementing the identification system and deploying it on our campus network, we proved the performance and feasibility of the proposed method.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.53-60
• /
• 2006

As it has been continuously increased the volume of traffic over Internet, it is hard for a network traffic monitoring system to analysis every packet in a real-time manner. While it is increased usage of applications which are dynamically allocated port number such as peer-to-peer(P2P), steaming media, messengers, users want to analyze traffic data generated from them. This high level analysis of each packet needs more processing time. This paper proposes to introduce load shedder for limiting the number of packets. After it determines what application generates a selected packet, the packet is analyzed with a defined application protocol.

• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.86-88
• /
• 2004

As the rapid incensement of the number of internet users has occurred recently, many multimedia application services have been emerging. To improve quality of service, traffic can be suggested to be classified with priority in EPON(Ethernet Passive Optical Network), which is supporting the multimedia application services. In this paper, multimedia application services treat bandwidth classifying device in serving both delay sensitive traffic for real-time audio, video and voice data such as VoIP(Voice over Internet Protocol), and nonreal-time traffic such as BE(Best Effort). With looking through existing mechanisms, new mechanism to improve the quality will be suggested. The delay performances and packet losses of traffic achieved by supporting bandwidth allocation of upstream traffic in suggested mechanism will be analyzed with simulation.