• Journal of KIISE
• /
• v.44 no.1
• /
• pp.1-12
• /
• 2017

The continuously growing internet service requirements has resulted in a multitier system structure consisting of web server and database (DB) server. In this multitier structure, the existing intrusion detection system (IDS) detects known attacks by matching misused traffic patterns or signatures. However, malicious change to the contents at DB server through hypertext transfer protocol (HTTP) requests at the DB server cannot be detected by the IDS at the DB server's end, since the DB server processes structured query language (SQL) without knowing the associated HTTP, while the web server cannot identify the response associated with the attacker's SQL query. To detect these types of attacks, the malicious user is tracked using knowledge on interaction between HTTP request and SQL query. However, this is a practical challenge because system's source code analysis and its application logic needs to be understood completely. In this study, we proposed a scheme to find the HTTP request associated with a given SQL query using only system log files. We first generated an HTTP request-SQL query map from system log files alone. Subsequently, the HTTP request associated with a given SQL query was identified among a set of HTTP requests using this map. Computer simulations indicated that the proposed scheme finds the HTTP request associated with a given SQL query with 94% accuracy.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.1
• /
• pp.125-132
• /
• 2011

A hierarchical Web Security System, which is a solution to various web-based attacks, seemingly is not able to keep up with the improvement of detoured or compound attacks. In this paper, we suggest an efficient detecting scheme for web-based attacks like Malware, XSS, Creating Webshell, URL Spoofing, and Exposing Private Information through monitoring HTTP outbound traffics in real time. Our proposed scheme detects web-based attacks by comparing the outbound traffics with the signatures of HTML tag or Javascript created by the attacks. Through the verification analysis under the real-attacked environment, we show that our scheme installed in a hierarchical web security system has superior detection capability for detoured web-based attacks.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.6
• /
• pp.103-112
• /
• 2010

A study on network traffic analysis and modeling has been exclusively done due to its importance. However, conventional studies on network traffic analysis and modeling only focus on transmitting simple packet stream or traffic features of specific application, such as HTTP. In this paper, we propose a network traffic generator, which reflects the characteristics of multimedia data. To analyze the traffics of online game, which is one of the most popular multimedia contents, we modeled the distribution according to the time between packets and packet size random variable and designed the traffic generator which has the model for input. We generated the traffics of L4D(Left4Dead), WoW(World of Warcraft) with proposed network traffic generator and we found that the generated traffics have similar distributions with real data.

• Journal of Advanced Navigation Technology
• /
• v.13 no.5
• /
• pp.669-676
• /
• 2009

HTTP or audio/video streaming services are good candidates for future centralized navigation system and in order to provide stability for such services, service providers use a cluster of web servers. In this paper, we provide the criteria for web server cluster design of vehicular users with consideration of differentiated access per different user classes. Several feasible scenarios are examined and their performance analysis using queueing theory is presented to provide the foundation for web server cluster design using traffic load balancer. Through the thorough analysis, efficient criteria for traffic load balancer design is derived. In order to satisfy users' service requirements, priority services controlled by traffic load balancer are considered and analyzed. We also provide the evaluation of the accuracy of the analytical model through simulation.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.139-146
• /
• 2008

Despite of information security installation, leakage of personal information in web services has not decreased. This is because traffics to web applications are still vulnerable by permitting external sources to access services in port HTTF 80 and HTTPS 443, even with firewall systems in place. This thesis analyzes various attack patterns resulted from web service environment and vulnerable traffic and categorizes the traffics into normal and abnormal traffics. Also this proposes ways to analyze web application attack patterns from those abnormal traffics based on weak points warned in OWASF(Open Web Application Security Project), design a system capable of detect and isolate attacks in real time, and increase efficiency of preventing attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05b
• /
• pp.1105-1108
• /
• 2003

통신망을 효율적으로 설계하고 운영하기 위하여 통신망에 대한 구체적인 시뮬레이션이 필요하며 이에 관한 연구가 현재 활발히 이루어지고 있다. 본 논문에서는 통신망 성능 분석을 위한 시뮬레이션 시 필요한 트래픽 생성기의 설계를 위해 실제 트래픽 자료를 수집, 분석하여 HTTP 요구 수준에서 통계적 방법을 통해 확률 분포로 모델링하였다. 기존 연구에서는 응답 크기에 대하여 파레토 분포만을 사용하여 그 특성을 모델링하였지만, 본 연구에서는 지수 분포와 파레토 분포의 혼합으로 모델링할 수 있음을 확인하였다. 또한 응답 크기의 특성은 서버 내 파일 크기의 특성을 그대로 반영하는 것이 아니라 사용자의 웹 문서 요청의 편중화 현상에 영향을 받아 그 특성이 달라질 수 있다는 것을 분석을 통해 확인하였다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.5
• /
• pp.37-45
• /
• 2004

As Internet technologies are mature, many new applications that are different characteristics are emerging. Recently we see wide use of P2P(Peer to Peer) applications of which traffic shows different statistical characteristics compared with traditional application such as web(HTTP) and FTP(File Transfer Protocol). In this paper, we measured subscriber network of KT(Korea Telecom) to analyze P2P traffic characteristics. We show flow characteristics of measured traffic. We also estimate Hurst parameter of P2P traffic and compare self-similarity with web traffic. Analysis results indicate that P2P traffic is much bustier than web traffic and makes both upstream traffic and downstream traffic be symmetric. To predict parameters related QoS such as packet loss and delays we model P2P traffic using two self-similar traffic models and predict both loss probability and mm delay then compare their accuracies. With simulation we show that the self-similar traffic models we derive predict the performance of P2P traffic accurately and thus when we design a network or evaluate its performance, we can use the P2P traffic model as reference input traffic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.819-825
• /
• 2012

Nowadays many phishing sites contain HTTP links to victim web-site's contents such as images, bulletin board etc. to make the phishing sites look more real and similar to the victim web-site. We introduce a real-time phishing site detection system which makes use of the characteristic that the phishing sites' URLs flow into the victim web-site via the HTTP referer header field when the phishing site is visited. The detection system is designed to adopt an out-of-path network configuration to minimize effect on the running system, and a phishing site source code analysis technique to alert administrators in real-time when phishing site is detected. The detection system was installed on a company's web-site which had been targeted for phishing. As result, the detection system detected 40 phishing sites in 6 days of test period.

• Proceedings of the KAIS Fall Conference
• /
• 2007.11a
• /
• pp.174-177
• /
• 2007

이동통신망의 규모나 서비스 등이 기하급수적으로 증가하기 때문에 데이터 트래픽에 대한 정확한 특성분석은 매우 어렵지만, 트래픽 특성분석이 망 설계나 운용에 상당한 영향을 미친다는 점을 고려하면, 데이터 트래픽 모델링에 대한 연구는 가장 기본적으로 이루어져야 할 사항이라 할 수 있다. 따라서 본 논문에서는 데이터 트래픽에 대한 특성을 분석하기 위해 cdma2000 시스템의 국제적인 표준화 단체인 3GPP2에서 언급한 HTTP, FTP, WAP, Near Real Time Video 트래픽에 대한 트래픽 특성을 분석하여 자기 유사성(Self-similarity)을 가짐을 입증하였다.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.1
• /
• pp.161-171
• /
• 1998

In this paper, we shows the implementation of Web based performance manager which analyze the traffic of a Web server to support the diagnostics of it. The manager monitors the HTIP traffic by polling and measures and presents is performance on demand. To enhance the adaptability of management interface Web based interfaces with JAVA is used. Recently, the need of traffic management on s Web has grown, because of increasing Web traffic. Therefore, the traffic management of Web service and the effective management of a Web server's performance are needed. We have designed interfaces with which is comprised of Collection-Request, Analysis-Request, Realtime-Monitoring, Comparison-Analysis on a client with Web Browser on a network, and implemented the server system that can analyze these requests. Also we have introduced some perfonnance indicator by referring a Web related MIB. Also, we have designed and developed a message format for communication between the Web client and the server system.