• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.240-259
• /
• 2020

Analyzing network traffic is the basis of dealing with network security issues. Most of the network security systems depend on the feature selection of network traffic data and the detection ability of malicious traffic in network can be improved by the correct method of feature selection. An FAFS method, which is short for Fuzzy Association Feature Selection method, is proposed in this paper for network malicious traffic detection. Association rules, which can reflect the relationship among different characteristic attributes of network traffic data, are mined by association analysis. The membership value of association rules are obtained by the calculation of fuzzy reasoning. The data features with the highest correlation intensity in network data sets are calculated by comparing the membership values in association rules. The dimension of data features are reduced and the detection ability of malicious traffic detection algorithm in network is improved by FAFS method. To verify the effect of malicious traffic feature selection by FAFS method, FAFS method is used to select data features of different dataset in this paper. Then, K-Nearest Neighbor algorithm, C4.5 Decision Tree algorithm and Naïve Bayes algorithm are used to test on the dataset above. Moreover, FAFS method is also compared with classical feature selection methods. The analysis of experimental results show that the precision and recall rate of malicious traffic detection in the network can be significantly improved by FAFS method, which provides a valuable reference for the establishment of network security system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.21 no.8
• /
• pp.1970-1975
• /
• 1996

The characteristics of data traffic on the Ethernet LAN are investigated on the basis of measurements. The analysis on the arrival pattern of packets on the network is found not to be a Poission process but to be Weibull distributions. An analysis of network traffic, packet arrivals are found to exhibit a 'source locality'. It is observed that file transfers are reponsible for about 92% of the traffic on the network. Our results will be useful for modelling purposes.

• Journal of the Korea Society for Simulation
• /
• v.18 no.1
• /
• pp.27-34
• /
• 2009

Currently network users, especially the number of internet users, increase rapidly. Also, high quality of service is required and this requirement results a sudden network traffic increment. As a result, an efficient management system for huge network traffic becomes an important issue. Ontology/data engineering based context awareness using the System Entity Structure (SES) concepts enables network administrators to access traffic data easily and efficiently. The network traffic analysis system, which is studied in this paper, is designed and implemented based on a model and simulation using data engineering methodology to be avaiable in evaluating large network traffic data. Extensible Markup Language (XML) is used for metadata language in this system. The information which is extracted from the network traffic analysis system could be modeled and simulated in Discrete Event Simulation (DEVS) methodology for further works such as post simulation evaluation, web services, and etc.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.49-51
• /
• 2003

Developers of network games have used several prediction techniques for hiding transmission delay to support the real­time requirement of network games. Nowadays many researches that are related with network game are in progress to solve delay problems more radically, such as to propose new routers architecture and transport protocols suitable to characteristics of network game traffic. So for these advanced researches the tasks to grasp the traffic characteristics of a network game are needed. In this paper we aimed to capture the traffic of MMORPG and present the statistical analysis of measured data. The measurement and the analysis were accomplished with the server of 'Lineage' that regarded as the most successful MMORPG. Next, we have implemented a traffic generator that reflects the characteristics of MMORPG and shown that the trace generated by MMORPG traffic generator had identical characteristics with actual traffic using statistical testing method. We expect that this traffic generator can be used in many researches related with a network game.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.613-624
• /
• 2002

Within the past decade, TCP/IP network environment has been explosively widespread all over the world. As the internet and the WWW expand their boundaries, the network traffic caused by data transfers over the internet has also increased. In this paper, we present the design and implementation of a WebTraMAS (Web-based Traffic Monitoring and Analysis System) which can resolve the shortcomings of current management approaches, particularly on the network traffic monitoring and analysis. The WebTraMAS presented in this paper performs the network management activities based on the parameters related to the MIB-II of SNMP and the parameters related to the QoS such as network performance and fault. The proposed WebTraMAS, implemented using the WWW technology, is able for the network manager to manage the network easily and platform independently with the performance analysis of internet traffic.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.3
• /
• pp.541-550
• /
• 2015

The importance of efficient enterprise network management has been emphasized continuously because of the rapid utilization of Internet in a limited resource environment. For the efficient network management, the management policy that reflects the characteristics of a specific network extracted from long-term traffic analysis is essential. However, the long-term traffic data could not be handled in the past and there was only simple analysis with the shot-term traffic data. However, as the big data analytics platforms are developed, the long-term traffic data can be analyzed easily. Recently, enterprise network resource efficiency through the long-term traffic analysis is required. In this paper, we propose the methods of collecting, storing and managing the long-term enterprise traffic data. We define several classification categories, and propose a novel network resource efficiency through the multidirectional statistical analysis of classified long-term traffic. The proposed method adopted to the campus network for the evaluation. The analysis results shows that, for the efficient enterprise network management, the QoS policy must be adopted in different rules that is tuned by time, space, and the purpose.

• ETRI Journal
• /
• v.27 no.1
• /
• pp.22-42
• /
• 2005

Traditional traffic identification methods based on wellknown port numbers are not appropriate for the identification of new types of Internet applications. This paper proposes a new method to identify current Internet traffic, which is a preliminary but essential step toward traffic characterization. We categorized most current network-based applications into several classes according to their traffic patterns. Then, using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet, and characterized all the traffic according to their application types.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.4
• /
• pp.131-137
• /
• 2001

This paper discussed to the ATM traffic measurement and analysis tool for analyzing the ATM traffic properties. This tool was applied at the ATM commercial network. The analysis result is verified effectivity to improve network resource from 20％ to 50％. Thus, this tool usefully can be used to network plan for the network expansion and new network building. Also, it can be used to the demand estimation of the ATM network traffic.

• Journal of The Institute of Information and Telecommunication Facilities Engineering
• /
• v.1 no.1
• /
• pp.51-64
• /
• 2002

This paper analyzes performance measures of a Bluetooth_based mobile home network system. The home network system consists of terminals with Bluetooth interfaces, access points (AP), a home PC, and a gateway A mobile host in wireless terminals uses Mobile IP for supporting the mobility This paper considers four types of data traffic, which are new connection traffic, handoff traffic, Internet data traffic, and control data traffic and suggests a queueing system model of the home network system, where the AP and the home PC are modeled as M/G/1 with four priority queues and the gateway is modeled as M/G/1 with a single queue The generation rate and service time of individual traffic influence their performance measures. Based ell the suggested model, we propose the elapsed time of data traffic in terms of the number of cells, the number of Home PCs, arrival rates of four types of traffic and the service rates of AP/Home PCs/Gateway To analyze influences on the elapsed time with respect to arrival rate of four types of traffic, some examples are given.