• ETRI Journal
• /
• v.27 no.1
• /
• pp.22-42
• /
• 2005

Traditional traffic identification methods based on wellknown port numbers are not appropriate for the identification of new types of Internet applications. This paper proposes a new method to identify current Internet traffic, which is a preliminary but essential step toward traffic characterization. We categorized most current network-based applications into several classes according to their traffic patterns. Then, using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet, and characterized all the traffic according to their application types.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.6B
• /
• pp.600-607
• /
• 2011

As network traffic is dramatically increasing due to the popularization of Internet, the need for application traffic identification becomes important for the effective use of network resources. In this paper, we present an Internet application traffic identification method based on flow correlation to overcome limitation of signature-based identification methods and to improve performance (completeness) of it. The proposed method can identify unidentified flows from signature-based method using flow correlation between identified and unidentified flows. We propose four separate correlation methods such as Server-Client, Time, Host-Host, and Statistic correlation and describe a flow correlation-based identification system architecture which incorporates the four separate methods. Also we prove the feasibility and applicability of our proposed method by an acceptable experimental result.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.2
• /
• pp.47-56
• /
• 2014

Internet traffic has rapidly increased due to the supplying wireless devices and the appearance of various applications and services. By increasing internet traffic rapidly, the need of Internet traffic classification becomes important for the effective use of network resource. However, the traffic classification scheme is not much studied comparing to the study for classification method. This paper proposes novel classification scheme for multilateral and hierarchical traffic identification. The proposed scheme can support multilateral identification with 4 classification criteria such as service, application, protocol, and function. In addition, the proposed scheme can support hierarchical analysis based on roll-up and drill-down operation. We prove the applicability and advantages of the proposed scheme by applying it to real campus network traffic.

• Journal of Internet Computing and Services
• /
• v.12 no.6
• /
• pp.19-33
• /
• 2011

The need for application traffic classification becomes important for the effective use of network resources. The header-based identification method uses the header signature {IP address, port number, transport layer protocol TCP/UDP)}extracted from Internet application server to overcome some limitations overhead, payload encryption, etc.) of previous methods. A lots signature is extracted because this method uses header information of server. So, we need a maintenance method to keep essential signatures. In this paper, we represent the signature maintenance method using properties of identified traffic and history of the signature. Also, we prove the feasibility and applicability of our proposed method by an acceptable experimental result.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.368-376
• /
• 2013

The importance of application traffic identification is emphasized for the efficient network management with recent rapid development of internet. In this paper, we present the application traffic identification method using the behavior based signature to improve the previous limitations. The behavior based signature is made by combining the existing various traffic features, and uses the Inter-Flow unit that is combination of the first request packet of each flow. All signatures have 100% precision when measured the accuracy of 5 applications using at home and abroad to prove the feasibility of the proposed signature.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.10
• /
• pp.1301-1308
• /
• 2016

Internet traffic identification is an essential preliminary step for stable service provision and efficient network management. The payload signature-based-classification is considered as a reliable method for Internet traffic identification. But its performance is highly dependent on the number and the structure of signatures. If the numbers and structural complexity of signatures are not proper, the performance of payload signature-based-classification easily deteriorates. Therefore, in order to improve the performance of the identification system, it is necessary to regulate the numbers of the signature. In this paper, we propose a novel signature quality evaluation method to decide which signature is highly efficient for Internet traffic identification. We newly define the signature quality evaluation criteria and find the highly efficient signature through the method. Quality evaluation is performed in three different perspectives and the weight of each signature is computed through those perspectives values. And we construct the signature map(S-MAP) to find the highly efficient signature. The proposed method achieved an approximately fourfold increased efficiency in application traffic identification.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1572-1593
• /
• 2018

The diversity and fast growth of Internet traffic volume are highly influenced by mobile and computer applications being developed. Moreover, the developed applications are too dynamic to be identified and monitored by network administrators. Several approaches have been proposed to identify network applications, however, are still not robust enough to identify modern applications. This paper proposes both, TSA (Traffic collection, Signature generation and Applications identification) system and a derived algorithm so called CSP (Contiguous Sequential Patterns) to identify applications for management and security in IP networks. The major focus of this paper is the CSP algorithm which is automated in two modules (Signature generation and Applications identification) of the proposed system. The proposed CSP algorithm generates DNA-like unique signatures capable of identifying applications and their individual services. In this paper, we show that the algorithm is suitable for generating efficient signatures to identify applications and application services in high accuracy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.6
• /
• pp.2483-2503
• /
• 2016

Traffic congestion is a severe problem in many modern cities around the world. Real-time and accurate traffic congestion identification can provide the advanced traffic management systems with a reliable basis to take measurements. The most used data sources for traffic congestion are loop detector, GPS data, and video surveillance. Video based traffic monitoring systems have gained much attention due to their enormous advantages, such as low cost, flexibility to redesign the system and providing a rich information source for human understanding. In general, most existing video based systems for monitoring road traffic rely on stationary cameras and multiple vehicle tracking method. However, most commonly used multiple vehicle tracking methods are lack of effective track initiation schemes. Based on the motion of the vehicle usually obeys constant velocity model, a novel vehicle recognition method is proposed. The state of recognized vehicle is sent to the GM-PHD filter as birth target. In this way, we relieve the insensitive of GM-PHD filter for new entering vehicle. Combining with the advanced vehicle detection and data association techniques, this multiple vehicle tracking method is used to identify traffic congestion. It can be implemented in real-time with high accuracy and robustness. The advantages of our proposed method are validated on four real traffic data.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.335-342
• /
• 2013

Nowadays, the traffic type and behavior are extremely diverse due to the growth of network speed and the appearance of various services on Internet. For efficient network operation and management, the importance of application-level traffic identification is more and more increasing in the area of traffic analysis. In recent years traffic identification methodology using statistical features of traffic flow has been broadly studied. However, there are several problems to be considered in the identification methodology base on statistical features of flow to improve the analysis accuracy. In this paper, we recognize these problems by analyzing the ground-truth traffic and propose the solution of these problems. The four problems considered in this paper are the distance measurement of features, the selection of the representative value of features, the abnormal behavior of TCP sessions, and the weight assignment to the feature. The proposed solutions were verified by showing the performance improvement through experiments in campus network.

• The KIPS Transactions:PartC
• /
• v.18C no.4
• /
• pp.243-250
• /
• 2011

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services on Internet, which makes the need of traffic identification important for efficient operation and management of network. In recent years traffic identification methodology using statistical features of flow has been broadly studied. We also proposed a traffic identification methodology using payload size distribution in our previous work, which has a problem of low completeness. In this paper, we improved the completeness by solving the PSD conflict using IP and port. And we improved the accuracy by changing the distance measurement between flow and statistic signature from vector distance to per-packet distance. The feasibility of our methodology was proved via experimental evaluation on our campus network.