• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.125-139
• /
• 2017

In this paper, we developed a framework to detect and predict insider information leakage by collecting and restoring network traffic. For automated behavior analysis, many meta information and behavior information obtained using network traffic collection are used as machine learning features. By these features, we created and learned behavior model, network model and protocol-specific models. In addition, the ensemble model was developed by digitizing and summing the results of various models. We developed a function to present information leakage candidates and view meta information and behavior information from various perspectives using the visual analysis. This supports to rule-based threat detection and machine learning based threat detection. In the future, we plan to make an ensemble model that applies a regression model to the results of the models, and plan to develop a model with deep learning technology.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1284-1297
• /
• 2019

The network environment is presently becoming very increased. Accordingly, the study of traffic classification for network management is becoming difficult. Automatic signature extraction system is a hot topic in the field of traffic classification research. However, existing automatic payload signature generation systems suffer problems such as semi-automatic system, generating of disposable signatures, generating of false-positive signatures and signatures are not kept up to date. Therefore, we provide a fully automatic signature update system that automatically performs all the processes, such as traffic collection, signature generation, signature management and signature verification. The step of traffic collection automatically collects ground-truth traffic through the traffic measurement agent (TMA) and traffic management server (TMS). The step of signature management removes unnecessary signatures. The step of signature generation generates new signatures. Finally, the step of signature verification removes the false-positive signatures. The proposed system can solve the problems of existing systems. The result of this system to a campus network showed that, in the case of four applications, high recall values and low false-positive rates can be maintained.

• Journal of information and communication convergence engineering
• /
• v.20 no.4
• /
• pp.273-279
• /
• 2022

Owing to the need to establish a cooperative-intelligent transport system (C-ITS) environment in the transportation sector locally and abroad, various research and development efforts such as high-tech road infrastructure, connection technology between road components, and traffic information systems are currently underway. However, the current central control center-oriented information collection and provision service structure and the insufficient road infrastructure limit the realization of the C-ITS, which requires a diversity of traffic information, real-time data, advanced traffic safety management, and transportation convenience services. In this study, a network construction method based on the existing received signal strength indicator (RSSI) selected as a comparison target, and the experimental target and the proposed intelligent edge network compared and analyzed. The result of the analysis showed that the data transmission rate in the intelligent edge network was 97.48%, the data transmission time was 215 ms, and the recovery time of network failure was 49,983 ms.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.6
• /
• pp.827-833
• /
• 2022

This study aims to prevent secondary traffic accidents with high severity by overcoming the limitations of existing traffic information collection systems through analysis of traffic information collection detectors and various algorithms used to detect unexpected situations. In other words, this study is meaningful present that analyzing the 'unexpected situation that causes secondary traffic accidents' and 'Existing traffic information collection system' accordingly presenting a solution that can preemptively prevent secondary traffic accidents, intelligent traffic information collection system that enables accurate information collection on all sections of the road. As a result of the experiment, the reliability of data transmission reached 97% based on 95%, the data transmission speed averaged 209ms based on 1000ms, and the network failover time achieved targets of 50sec based on 120sec.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.3
• /
• pp.710-721
• /
• 1999

In this paper, we have designed and implemented a parameter extraction system for analyzing Internet using SNMP. The extraction system has two modules; one is collection request module, and the other is analysis request module. The collection request module generates a polling script, which is used to collect management information from the managed system periodically. With this collected data, analysis request module extracts analysis parameters. These parameters are traffic flow analysis, interface traffic analysis, packet traffic analysis, and management traffic analysis parameter. For management activity, we have introduced two-step-analysis-view. One is Summary-View, which is used find out malfunction of a system among the entire managed systems. The Other is Specific-View. With this view we can analyze the specific system with all our analysis parameters. To show available data as indicators for line capacity planning, network redesigning decision making of performance upgrade for a network device and things like that.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.98-107
• /
• 2017

In these days, the increase of applications that highly use network resources has revealed the limitations of the current research phase from the traffic classification for network management. Various researches have been conducted to solutions for such limitations. The representative study is automatic finding of the common pattern of traffic. However, since the study of automatic signature generation is a semi-automatic system, users should collect the traffic. Therefore, these limitations cause problems in the traffic collection step leading to untrusted accuracy of the signature verification process because it does not contain any of the generated signature. In this paper, we propose an automated traffic collection, signature management, signature generation and signature verification process to overcome the limitations of the automatic signature update system. By applying the proposed method in the campus network, actual traffic signatures maintained the completeness with no false-positive.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.3
• /
• pp.64-71
• /
• 2001

In this paper we propose the network traffic monitoring system that can supported network and system operation, management, expansion, and design using network analysis and diagnosis to a network administrator. The proposed system consists of two parts: analysis server for collection and analysis of the network information. and supports real-time monitoring of network traffic, and client system shows user a graphical data that analyzed a returned result from the server This system implements web-based technology using java and contributes to enhance the effectiveness of network administrator's management.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.350-359
• /
• 2014

With the rapid growth of Internet, the importance of application traffic analysis is increasing for efficient network management. The statistical information in traffic flows can be efficiently utilized for application traffic identification. However, the packet out-of-order and retransmission occurred at the traffic collection point reduces the performance of the statistics-based traffic analysis. In this paper, we propose a novel method to detect and resolve the packet out-of-order and retransmission problem in order to improve completeness and accuracy of the traffic identification. To prove the feasibility of the proposed method, we applied our method to a real traffic analysis system using statistical flow information, and compared the performance of the system with the selected 9 popular applications. The experiment showed maximum 4% of completeness growth in traffic bytes, which shows that the proposed method contributes to the analysis of heavy flow.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.06a
• /
• pp.69-75
• /
• 2002

In this paper, we propose the realtime network traffic monitoring system usin SNMP that can supported network and system operation, management, expansion, and design using network analysis and diagnosis to a network administrator. The proposed system consists of two parts: analysis server for collection and analysis of the network information, and supports real-time monitoring of network traffic, and client system shows user a graphical data that analyzed a returned result from the server. This system implements web-based technology using Java and contributes to enhance the effectiveness of network administrator's management.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.4 s.32
• /
• pp.127-131
• /
• 2004

In this paper, I propose the web-based network traffic monitoring system to monitor computers running MS Windows in the small-scale PC-room. The system can support network and system operation, management, expansion, and design using network analysis and diagnosis to a network administrator. The whole system consists of two parts: analysis server for collection and analysis of the network information. and supports real-time monitoring of network traffic, and the web-based interface system. a client system shows user a graphical data that analyzed a returned result from the server. This system implements web-based technology using java and contributes to enhance the effectiveness of network administrator's management activities in PC-room by controlling and monitoring.