• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.666-677
• /
• 2015

The importance of application traffic analysis for efficient network management has been emphasized continuously. Snort is a popular traffic analysis system which detects traffic matched to pre-defined signatures and perform various actions based on the rules. However, it is very difficult to get highly accurate signatures to meet various analysis purpose because it is very tedious and time-consuming work to search the entire traffic data manually or semi-automatically. In this paper, we propose a novel method to generate signatures in a fully automatic manner in the form of sort rule from raw packet data captured from network link or end-host. We use a sequence pattern algorithm to generate common substring satisfying the minimum support from traffic flow data. Also, we extract the location and header information of the signature which are the components of snort content rule. When we analyzed the proposed method to several application traffic data, the generated rule could detect more than 97 percentage of the traffic data.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4B
• /
• pp.162-169
• /
• 2005

Network traffic measurements show that the data traffic on packet switched networks has the self-similar features which is different from the traditional traffic models such as Poisson distribution or Markovian process model. Most of the call admission control researches have been done on the performance analysis of a single network switch. It is necessary to consider the performance analysis of the proposed admission control scheme under interconnected switch environment because the data traffic transmits through switches in networks. From the simulation results, it is shown that the call admission control scheme may not operate properly on the interconnected switch even though the scheme works well on a single switch. In this parer, we analyze the cell loss probability, utilization and self-similarity of output ports of the interconnected networks switch by using shared buffer memory management schemes and propose the new call admission control scheme considering the interconnected network switches under self-similar traffic environments.

• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.2
• /
• pp.94-99
• /
• 2016

Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.20 no.1
• /
• pp.86-99
• /
• 2021

One of the methods to alleviate traffic congestion is to increase the efficiency of the roads by providing traffic condition information on road user and distributing the traffic. For this, reliability must be guaranteed, and quantitative real-time traffic speed prediction is essential. In this study, and based on analysis of traffic speed related to traffic conditions, historical data correlated with traffic flow were used as input. We developed an LSTM model that predicts speed in response to normal traffic conditions, along with a CNN-LSTM model that predicts speed in response to incidents. Through these models, we try to predict traffic speeds during the hour in five-minute intervals. As a result, predictions had an average error rate of 7.43km/h for normal traffic flows, and an error rate of 7.66km/h for traffic incident flows when there was an incident.

• KNOM Review
• /
• v.23 no.1
• /
• pp.1-9
• /
• 2020

With the rapid development of science and technology in recent years, the network environment are growing, and a huge amount of traffic is generated. In particular, the development of 5G networks and edge computing will accelerate this phenomenon. However, according to these trends, network malicious behaviors and traffic overloads are also frequently occurring. To solve these problems, network administrators need to build a network management system to implement a high-speed network and should know exactly about the connection topology of network devices through the network management system. However, the existing network topology discovery method is inefficient because it is passively managed by an administrator and it is a time consuming task. Therefore, we proposes a method of network topology discovery according to the amount of in and out network traffic. The proposed method is applied to a real network to verify the validity of this paper.

• Journal of KIISE:Information Networking
• /
• v.37 no.1
• /
• pp.27-34
• /
• 2010

In this paper, we examine a long-range dependence in an active measurement of a network traffic which has been a well known characteristic from analyses of a passive network traffic measurement. To this end, we utilize RTT(Round Trip Time), which is a typical active measurement measured by PingER project, and perform a relevant analysis to a time series of both RTT and its volatilities. The RTT time series exhibits a long-range dependence or a 1/f noise. The volatilities, defined as a higher-order variation, follow a log-normal distribution. Furthermore, volatilities show a long-range dependence in relatively short time intervals, and a long-range dependence and/or 1/f noise in long time intervals. From this study, we find that the long-range dependence is a characteristic of not only a passive traffic measurement but also an active measurement of network traffic such as RTT. From these findings, we can infer that the long-range dependence is a characteristic of network traffic independent of a type of measurements. In particular, an active measurement exhibits a 1/f noise which cannot be usually found in a passive measurement.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3108-3115
• /
• 1999

Frame relay needs UPC function for the multiplexed logical connections to prevent malicious user traffic from incoming to network, to guarantee the QoS of conformed user traffic, and to protect the normal operation of network system. On the FR/ATM interworking in ATM networks, the UPC may be conducted either by cell-based ATM UPC or frame-based FR UPC. Frames come into and traverse ATm networks by segmentation to ATM cells. Of course, FR QoS should be guaranteed in spite of segmentation and reassembly in ATM networks. In this paper, we compared the QoS of cell-based ATM UPC and frame-based FR UPC in terms of analysis and simulation in case of ingress of excess traffic over negotiated traffic parameters at user-to-network interface. Also we studied frame-based UPC schemes including window-based FR UPC and frame-based VSA which is an ATM UPC algorithm recommended by ITU-T. We described introductions to frame relay including frame structure and FR/ATM interworking, FR traffic parameters and their relationship, comparison of FR QoS between frame-based FR UPC and cell-based ATM UPC, comparison of FR UPC schemes, necessities of egress traffic control, and conclusions.

• Korean Journal of Air-Conditioning and Refrigeration Engineering
• /
• v.27 no.7
• /
• pp.337-343
• /
• 2015

This paper investigates the ventilation characteristics in a two-dimensional underground network junction composed of four main lines interconnected by eight ramps. Simple one-dimensional models cannot be applied to network junctions since there are interferences of traffic piston effects in the main lines and at the ramps. A numerical algorithm was developed to analyze the pressure and airflow distributions iteratively. The Darcy-Weisbach equation was used to calculate the piston effects by traffic flows, and a Hardy Cross iteration was conducted for network analysis at the interconnected junction. The results show interesting ventilation characteristics and CO concentration distributions depending on system parameters such as vehicle speed, tunnel diameter, and other junction configurations.

• The KIPS Transactions:PartD
• /
• v.12D no.7 s.103
• /
• pp.1031-1038
• /
• 2005

In this paper, the maximum traffic quantity and actual traffic quantify of the data which are needed to grasp the statement of a system will be measured more accurately. A concrete quality measurement will be conducted by analysing a change of traffic quantity according to a protocol change and traffic under an overload condition when there is an accident. As a result can make an opportunity to maximize safety of power SCADA. Furthermore, future traffic quantity can be prospected by knowing current traffic quantity and grasping the rate of increase by the analysis and the information can be used as data to secure the band width in advance. It can make stable operation of power SCADA by arranging the limited network resources efficiently by information analysis of a network and expects more confidence.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.711-718
• /
• 2004

Packet sampling is the techniques to collect a part of the packets through network and analyze the characteristicsof the traffic for managing the network and keeping security. This paper presents a study on the sampling techniques applied to DDoS traffic and on the characteristics of the sampled traffic to detect DDoS attack efficiently and improve traffic analysis capacity. Three famous sampling techniques are evaluated with different sampling rates on various DDoS traffics. To analyze traffic characteristics, one of the DDoS attack detection method. Traffic Rate Analysis (TRA) is used. Simulation results verify that using sampling techniques preserve the traffic characteristics of DDoS and do not significantly reduce the detection accuracy.