• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06a
• /
• pp.174-178
• /
• 2008

P2P를 포함하는 인터넷 애플리케이션 트래픽의 보다 빠르고 정확한 분류는 최근 학계의 중요한 이슈 중 하나이다. 본 논문에서는 기존의 전통적인 분류방법으로 대표되는 port 번호 및 payload 정보를 이용하는 방법론의 구조적 한계점을 극복하는 새로운 대안으로써, 이진 분류기인 SVM과 단일클래스 SVM을 계층적으로 결합한 다중 클래스 SVM을 구축하여 인터넷 애플리케이션 트래픽 분류를 수행하였다. 제안된 시스템은 이진 분류기인 SVM으로 P2P 트래픽과 non-P2P 트래픽을 빠르게 분류하는 첫 번째 계층, 3개의 단일클래스 SVM을 기반으로 P2P 트래픽들을 파일공유, 메신저, TV로 분류하는 두 번째 계층, 그리고 전체 16가지의 애플리케이션 트래픽별로 세분화 분류하는 세 번째 계층으로 구성된다. 제안된 시스템은 flow 기반의 트래픽 정보를 수집하여 인터넷 애플리케이션 트래픽을 coarse 혹은 fine하게 분류함으로써 효율적인 시스템의 자원 관리, 안정적인 네트워크 환경의 지원, 원활한 bandwidth의 사용, 그리고 적절한 QoS를 보장하였다. 또한, 새로운 애플리케이션 트래픽이 추가되더라도 전체 시스템을 재학습 시킬 필요 없이 새로운 애플리케이션 트래픽만을 추가 학습함으로써 시스템의 점증적 갱신 및 확장성에도 기여하였다. 평가항목인 recall과 precision에서 만족스러운 수치 등을 실험을 통하여 확인함으로써 제안된 시스템의 성능을 검증하였다.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.20 no.1
• /
• pp.7-14
• /
• 2010

In this paper, we introduce a hierarchical internet application traffic classification system based on SVM as an alternative overcoming the uppermost limit of the conventional methodology which is using the port number or payload information. After selecting an optimal attribute subset of the bidirectional traffic flow data collected from the campus, the proposed system classifies the internet application traffic hierarchically. The system is composed of three layers: the first layer quickly determines P2P traffic and non-P2P traffic using a SVM, the second layer classifies P2P traffics into file-sharing, messenger, and TV, based on three SVDDs. The third layer makes specific classification of the entire 16 application traffics. By classifying the internet application traffic finely or coarsely, the proposed system can guarantee an efficient system resource management, a stable network environment, a seamless bandwidth, and an appropriate QoS. Also, even a new application traffic is added, it is possible to have a system incremental updating and scalability by training only a new SVDD without retraining the whole system. We validate the performance of our approach with computer experiments.

• The Korean Journal of Applied Statistics
• /
• v.28 no.1
• /
• pp.1-8
• /
• 2015

Security has become an issue due to the rapid increases in internet traffic data network. Especially P2P traffic data poses a great challenge to network systems administrators. Preemptive measures are necessary for network quality of service(QoS) and efficient resource management like blocking suspicious traffic data. Deep packet inspection(DPI) is the most exact way to detect an intrusion but it may pose a private security problem that requires time. We used several machine learning methods to compare the performance in classifying network traffic data accurately over time. The Random Forest method shows an excellent performance in both accuracy and time.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.3
• /
• pp.45-54
• /
• 2014

In this paper, an improved two-step P2P traffic classification scheme is proposed to overcome the limitations of the existing methods. The first step is a signature-based classifier at the packet-level. The second step consists of pattern heuristic rules and a statistics-based classifier at the flow-level. With pattern heuristic rules, the accuracy can be improved and the amount of traffic to be classified by statistics-based classifier can be reduced. Based on the analysis of different decision tree algorithms, the statistics-based classifier is implemented with REPTree. In addition, the ensemble algorithm is used to improve the performance of statistics-based classifier Through the verification with the real datasets, it is shown that our hybrid scheme provides higher accuracy and lower overhead compared to other existing schemes.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.172-181
• /
• 2005

The latest attack type against network traffic appeared by worm and bot that are advanced in DDoS. It is difficult to detect them because they are diversified, intelligent, concealed and automated. The exisiting traffic analysis method using SNMP has a vulnerable problem; it considers normal P2P and other application program to be harmful traffic. It also has limitation that does not analyze advanced programs such as worm and bot to harmful traffic. Therefore, we analyzed harmful traffic out Protocol and Port analysis. We also classified traffic by protocol, well-known port, P2P port, existing attack port, and specification port, apply singularity weight to detect, and analyze attack availability. As a result of simulation, it is proved that it can effectively detect P2P application, worm, bot, and DDoS attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.2B
• /
• pp.131-140
• /
• 2011

As the number of Internet users and applications is increasing, the importance of application traffic classification is growing more and more for efficient network management. While a number of methods for traffic classification have been introduced, such as signature-based and machine learning-based methods, Skype application, which uses encrypted communication on its own P2P network, is known as one of the most difficult traffic to identify. In this paper we propose a novel method to identify Skype application traffic on the fly. The main idea is to setup a list of Skype host information {IP, port} by examining the packets generated in the Skype login process and utilizes the list to identify other Skype traffic. By implementing the identification system and deploying it on our campus network, we proved the performance and feasibility of the proposed method.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1112-1115
• /
• 2009

네트워크 관리자 입장에서 효율적인 네트워크 관리를 위해 응용 프로그램 별 트래픽 분류의 중요성이 커지고 있다. 응용 프로그램 별 트래픽 분류를 위해 signature 기반, machine learning 방법들이 제안되고 있지만 p2p 방식의 Skype 응용프로그램에 대한 적용결과는 그 신뢰성이 떨어지고 있는 것은 사실이다. 본 논문에서는 Skype의 트래픽을 분류하기 위해 각 Client 마다 Skype application install 시 동적으로 변화하는 Port 를 알아내는 방법, UDP 패킷의 특정위치의 특정 signature, TCP signal flow의 특정위치 패킷에 대한 payload 크기 등을 이용한 Skype traffic 분류 방법을 제안한다. 제안된 방법론은 학내 네트워크에 적용하여 그 타당성을 TMA를 통해 검증하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.3
• /
• pp.67-76
• /
• 2012

Traffic classification plays an important role in traffic management. To traditional methods, P2P and encryption traffic may become a problem. Support Vector Machine (SVM) is a useful classification tool which is able to overcome the traditional bottleneck. The main disadvantage of SVM algorithms is that it's time-consuming to train large data set because of the quadratic programming (QP) problem. However, the useful support vectors are only a small part of the whole data. If we can discard the useless vectors before training, we are able to save time and keep accuracy. In this article, we discussed the feasibility to remove the useless vectors through a sequential method to accelerate training speed when dealing with large scale data.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1277-1284
• /
• 2011

Today, many applications use 80 port, which is a basic port number of HTTP protocol, to avoid a blocking of firewall. HTTP protocol is used in not only Web browsing but also many applications such as the search of P2P programs, update of softwares and advertisement transfer of nateon messenger. As HTTP traffics are increasing and various applications transfer data through HTTP protocol, it is essential to identify which applications use HTTP and how they use the HTTP protocol. In order to prevent a specific application in the firewall, not the protocol-level, but the application-level traffic classification is necessary. This paper presents a method to classify HTTP traffics based on applications of the client-side and group the applications based on providing services. We developed an application-level HTTP traffic classification system and verified the method by applying the system to a small part of the campus network.

• Journal of Advanced Navigation Technology
• /
• v.15 no.2
• /
• pp.204-212
• /
• 2011

Mobile P2P(Peer-to-Peer) protocols in MANET(mobile ad-hoc networks) have gained much attention recently. Existing P2P protocols can be categorized into structured and unstructured ones. In MANET, structured P2P protocols show large control traffic because they does not consider the locality of P2P data and unstructured P2P protocols have a scalability problem with respect to the number of nodes. Hybrid P2P protocols combine advantages of the structured and unstructured P2P protocols. Cluster-based P2P protocol is one of the hybrid P2P protocols. Our study makes an analysis of the cluster-based P2P protocol and derives the optimal cluster formation in MANET. In the derived optimal cluster formation, the cluster-based P2P protocol shows better performance than Gnutella protocol with respect to control traffic.