• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1568-1570
• /
• 2005

The internet is already a part of life. It is very convenient and people can do almost everything with internet that should be done in real life. Along with the increase of the number of internet user, various network attacks through the internet have been increased as well. Also, Large-scale network attacks are a cause great concern for the computer security communication. These network attack becomes biggest threat could be down utility of network availability. Most of the techniques to detect and analyze abnormal traffic are statistic technique using mathematical modeling. It is difficult accurately to analyze abnormal traffic attack using mathematical modeling, but network simulation technique is possible to analyze and simulate under various network simulation environment with attack scenarios. This paper performs modeling and simulation under virtual network environment including $NGSS^{1}$ system to analyze abnormal traffic-flooding attack.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.20 no.41
• /
• pp.103-112
• /
• 1997

In this paper, a nonhierarchial integrated information network with circuit switched and packet switched traffic is considered. It is assumed that circuit switched traffic is allowed to attempt an alternate path if the direct path is blocked, whereas packet switched traffic is not. The network uses a movable boundary scheme to allocate bandwidth dynamically. To analyze the performance of this type of network, EEBP(End to End Blocking Probability) is selected as a measure for circuit switched traffic and average time delay for packet switched traffic, respectively. EEBP and average time delay are derived analytically. Using the two proposed measure, the performance of the network under various bandwidth allocations and arrival patterns are observed. Moreover, the arrival rate of one link for circuit switched traffic is obtained from an approximation formula. Simulation results reveal the validity of the proposed approximation method.

• Proceedings of the KSR Conference
• /
• 2011.10a
• /
• pp.1816-1824
• /
• 2011

Recently, with traffic SOC investment policy changing from road-centered to railway-centered according to environment-friendly and sustainable development, issues regarding overlapping and overinvestment of traffic facility have been raised. Regarding investment of various traffic facilities of which departure and destination are similar to each other, academia, civic organizations, government, etc. are recognizing problems including overlapping investment of budget, environmental destruction, etc., but not suggesting definite solutions. Objective transportation network analysis is required because various positive effects including solutions of delay/congestion may occur due to provision of alternative way and distribution of the amount of traffic when accidents occur, as well as negative effects suggested by some of civic organizations in various transportation facility investment of similar departure and destination. Hereupon, this study tries to suggest a tool that can objectively evaluate interrelations of transportation network by applying multi-criteria analysis including economic feasibility regarding analysis of interconnections between and within means of transportation.

• Journal of KIISE:Information Networking
• /
• v.35 no.6
• /
• pp.474-481
• /
• 2008

Scanning worm increases network traffic load and result in severe network congestion because it is a self-replicating worm and send copies of itself to a number of hosts through the Internet. So an early detection system which can automatically detect scanning worms is needed to protect network from those attacks. Although many studies are conducted to detect scanning worms, most of them are focusing on the method using packet header information. The method using packet header information has long detection delay since it must examine the header information of all packets entering or leaving the network. Therefore we propose an algorithm to detect scanning worms using network traffic characteristics such as variance of traffic volume, differentiated traffic volume, mean of differentiated traffic volume, and product of mean traffic volume and mean of differentiated traffic volume. We verified the proposed algorithm by analyzing the normal traffic captured in the real network and the worm traffic generated by simulator. The proposed algorithm can detect CodeRed and Slammer which are not detected by existing algorithm. In addition, all worms were detected in early stage: Slammer was detected in 4 seconds and CodeRed and Witty were detected in 11 seconds.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.6
• /
• pp.103-112
• /
• 2010

A study on network traffic analysis and modeling has been exclusively done due to its importance. However, conventional studies on network traffic analysis and modeling only focus on transmitting simple packet stream or traffic features of specific application, such as HTTP. In this paper, we propose a network traffic generator, which reflects the characteristics of multimedia data. To analyze the traffics of online game, which is one of the most popular multimedia contents, we modeled the distribution according to the time between packets and packet size random variable and designed the traffic generator which has the model for input. We generated the traffics of L4D(Left4Dead), WoW(World of Warcraft) with proposed network traffic generator and we found that the generated traffics have similar distributions with real data.

• The Journal of Bigdata
• /
• v.2 no.2
• /
• pp.1-7
• /
• 2017

Intelligent transportation system (ITS) has been introduced to maximize the efficiency of operation and utilization of the urban traffic facilities and promote the safety and convenience of the users. With the expansion of ITS, various traffic big data such as road traffic situation, traffic volume, public transportation operation status, management situation, and public traffic use status have been increased exponentially. In this paper, we derive structural characteristics of urban traffic according to the vehicle flow by using big data network analysis. DSRC (Dedicated Short Range Communications) data is used to construct the traffic network. The results can help to understand the complex urban traffic characteristics more easily and provide basic research data for urban transportation plan such as road congestion resolution plan, road expansion plan, and bus line/interval plan in a city.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.11a
• /
• pp.215-219
• /
• 2004

A rapid development of the network brought increasing of many damage cases by hacker's attack. In recently many network and system resources are damaged by traffic flooding attacks. For this reason, the protection of network resources by analyzing traffic on the network is on the rise. In this paper, algorithm that improves the executing time and detection rate than traffic analysis method using SNMP is proposed and implemented.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.4C
• /
• pp.282-294
• /
• 2002

The modern telecommunication networks are composed of various network-type and are managed by various management technologies, such as TMN, SNMP, TINA etc. Furthermore, the network user's needs of real-time multimedia services are rapidly increasing. In order to guarantee the user-requested quality-of-service(QoS) and keep the network utilization at maximum, it is required to manage the network performance continuously after the network is deployed. The performance management function should provide the useful information for the network expansion and the capacity reallocation in the future. In this paper, we propose a DPE-based performance management architecture for the integrated management of the heterogeneous network elements with TMN and SNMP. We propose an approach to provide the Intranet traffic monitoring and analysis function using layered network management concept and distributed processing technology. The proposed architecture has been designed and implemented based on multiprocess and multithread structure to support concurrent processing. To manage the traffic according to the Intranet service categories, we implemented an ITMA(Intelligent Traffic Monitoring Agent) with packet capture library. With the proposed architecture, we could measure and analyze the real Intranet traffic of Yeungnam University.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.125-139
• /
• 2017

In this paper, we developed a framework to detect and predict insider information leakage by collecting and restoring network traffic. For automated behavior analysis, many meta information and behavior information obtained using network traffic collection are used as machine learning features. By these features, we created and learned behavior model, network model and protocol-specific models. In addition, the ensemble model was developed by digitizing and summing the results of various models. We developed a function to present information leakage candidates and view meta information and behavior information from various perspectives using the visual analysis. This supports to rule-based threat detection and machine learning based threat detection. In the future, we plan to make an ensemble model that applies a regression model to the results of the models, and plan to develop a model with deep learning technology.

• ETRI Journal
• /
• v.26 no.3
• /
• pp.203-217
• /
• 2004

This paper presents a method and architecture to analyze streaming media and multimedia conferencing traffic. Our method is based on detecting the transport protocol and port numbers that are dynamically assigned during the setup between communicating parties. We then apply such information to analyze traffic generated by the most popular streaming media and multimedia conferencing applications, namely, Windows Media, Real Networks, QuickTime, SIP and H.323. We also describe a prototype implementation of a traffic monitoring and analysis system that uses our method and architecture.