• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.5
• /
• pp.37-45
• /
• 2004

As Internet technologies are mature, many new applications that are different characteristics are emerging. Recently we see wide use of P2P(Peer to Peer) applications of which traffic shows different statistical characteristics compared with traditional application such as web(HTTP) and FTP(File Transfer Protocol). In this paper, we measured subscriber network of KT(Korea Telecom) to analyze P2P traffic characteristics. We show flow characteristics of measured traffic. We also estimate Hurst parameter of P2P traffic and compare self-similarity with web traffic. Analysis results indicate that P2P traffic is much bustier than web traffic and makes both upstream traffic and downstream traffic be symmetric. To predict parameters related QoS such as packet loss and delays we model P2P traffic using two self-similar traffic models and predict both loss probability and mm delay then compare their accuracies. With simulation we show that the self-similar traffic models we derive predict the performance of P2P traffic accurately and thus when we design a network or evaluate its performance, we can use the P2P traffic model as reference input traffic.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.172-181
• /
• 2005

The latest attack type against network traffic appeared by worm and bot that are advanced in DDoS. It is difficult to detect them because they are diversified, intelligent, concealed and automated. The exisiting traffic analysis method using SNMP has a vulnerable problem; it considers normal P2P and other application program to be harmful traffic. It also has limitation that does not analyze advanced programs such as worm and bot to harmful traffic. Therefore, we analyzed harmful traffic out Protocol and Port analysis. We also classified traffic by protocol, well-known port, P2P port, existing attack port, and specification port, apply singularity weight to detect, and analyze attack availability. As a result of simulation, it is proved that it can effectively detect P2P application, worm, bot, and DDoS attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2B
• /
• pp.279-288
• /
• 2004

Rapidly emerging P2P(Peer to Peer) applications generate very bursty traffic, which gives a lot of burden to network, and the amount of such traffic is increasing rapidly. Thus it is becoming more important to understand the characteristics of such traffic and reflect it when we design and analyze the network. To do that we measured the traffic in a campus network and present flow statistics and traffic models of the measured traffic, and compare them with those of the web traffic. The results indicate that P2P traffic is much burstier than web traffic and as a result it negatively affects network performance. We modeled P2P traffic using self-similar traffic model to predict packet delay and loss occurred in network which are very important to evaluate network performance. We also predict queue length distribution and loss probability in SSQ(Single Sewer Queue). To assess accuracy of traffic model, we compare the SSQ statistics of traffic models with that of the traffic trace. The results show that self-similar traffic models we use can predict P2P traffic behavior in network precisely. It is expected that the traffic models we derived can be used when we design network capacity and predict network performance and QoS of the P2P applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.5
• /
• pp.859-876
• /
• 2010

In this paper, we propose a hierarchical application traffic classification system as an alternative means to overcome the limitations of the port number and payload based methodologies, which are traditionally considered traffic classification methods. The proposed system is a new classification model that hierarchically combines a binary classifier SVM and Support Vector Data Descriptions (SVDDs). The proposed system selects an optimal attribute subset from the bi-directional traffic flows generated by our traffic analysis system (KU-MON) that enables real-time collection and analysis of campus traffic. The system is composed of three layers: The first layer is a binary classifier SVM that performs rapid classification between P2P and non-P2P traffic. The second layer classifies P2P traffic into file-sharing, messenger and TV, based on three SVDDs. The third layer performs specialized classification of all individual application traffic types. Since the proposed system enables both coarse- and fine-grained classification, it can guarantee efficient resource management, such as a stable network environment, seamless bandwidth guarantee and appropriate QoS. Moreover, even when a new application emerges, it can be easily adapted for incremental updating and scaling. Only additional training for the new part of the application traffic is needed instead of retraining the entire system. The performance of the proposed system is validated via experiments which confirm that its recall and precision measures are satisfactory.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.11B
• /
• pp.750-757
• /
• 2005

This paper reports on the study of P2P traffic behaviors in a high-speed campus network under a simple firewall which drops packets with default port numbers for the well-blown P2P applications. Among several ways of detecting P2P traffic, the easiest method is to filter out packets with the default port number of each P2P application. After deploying the port-based firewall against P2P-traffic, it is expected that the amount of P2P traffic will be decreased. However, during the eight-month measurement period, three new commercial P2P applications have been identified and their traffic usages have reached up to $30/5.6\%$ of the total outbound/inbound traffic volumes at the end of the measurement period. In addition, the most famous P2P application, eDonkey, has adapted and has escaped detection through port hopping. The measurement result shows that the amount of eDonkey traffic is around $6.7/4.0\%$ of the total outbound/inbound traffic volume. From the measurement results, it is observed that the port-based firewall is not effective to limit the usage of P2P applications and that the P2P traffic is steadily growing due to not only the evolution of existing P2P applications such as port hopping but also appearances of new P2P applications.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.3
• /
• pp.45-54
• /
• 2014

In this paper, an improved two-step P2P traffic classification scheme is proposed to overcome the limitations of the existing methods. The first step is a signature-based classifier at the packet-level. The second step consists of pattern heuristic rules and a statistics-based classifier at the flow-level. With pattern heuristic rules, the accuracy can be improved and the amount of traffic to be classified by statistics-based classifier can be reduced. Based on the analysis of different decision tree algorithms, the statistics-based classifier is implemented with REPTree. In addition, the ensemble algorithm is used to improve the performance of statistics-based classifier Through the verification with the real datasets, it is shown that our hybrid scheme provides higher accuracy and lower overhead compared to other existing schemes.

• Journal of Digital Contents Society
• /
• v.14 no.1
• /
• pp.25-33
• /
• 2013

P2P(Peer-to-Peer) architecture can reduce the network bandwidth and resource on the server since peers exchange data chunks with each other, while server-client architecture causes a lot of traffic on the server. Peers receive a data more reliably when the number of participating peer increases. Currently, P2P traffic has accounted for about 65% of the world's Internet traffic and diverse P2P streaming services have launched combining to video streaming technology. However, the requirements and data chunk delivery algorithms for mobile P2P streaming service should be investigated, since the existing P2P technologies have been developed and designed for the wired network. In particular, the bandwidth fluctuation caused by user mobility, wireless packet collisions, and packet losses brings about different problems on the mobile P2P streaming service compared to existing P2P streaming service. In this paper, we analyzed the problem of mobile P2P streaming services in the 802.11n wireless LAN environment through experiments.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.53-60
• /
• 2006

As it has been continuously increased the volume of traffic over Internet, it is hard for a network traffic monitoring system to analysis every packet in a real-time manner. While it is increased usage of applications which are dynamically allocated port number such as peer-to-peer(P2P), steaming media, messengers, users want to analyze traffic data generated from them. This high level analysis of each packet needs more processing time. This paper proposes to introduce load shedder for limiting the number of packets. After it determines what application generates a selected packet, the packet is analyzed with a defined application protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2A
• /
• pp.187-194
• /
• 2004

We propose priority-based reservation code multiple access (P-RCMA) which can enhance voice traffic quality of the previous RCMA. The proposed protocol maintains two power levels and consider traffic characteristics in contending shared available codes to transmit packets. P-RCMA gives priority to the voice request packets rather than data packets by capture effect at the receiver part of base station. We show numerical results from EPA (equilibrium point analysis) analysis and simulation study in terms of voice packet dropping probability and average data packet transmission delay.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.2B
• /
• pp.131-140
• /
• 2011

As the number of Internet users and applications is increasing, the importance of application traffic classification is growing more and more for efficient network management. While a number of methods for traffic classification have been introduced, such as signature-based and machine learning-based methods, Skype application, which uses encrypted communication on its own P2P network, is known as one of the most difficult traffic to identify. In this paper we propose a novel method to identify Skype application traffic on the fly. The main idea is to setup a list of Skype host information {IP, port} by examining the packets generated in the Skype login process and utilizes the list to identify other Skype traffic. By implementing the identification system and deploying it on our campus network, we proved the performance and feasibility of the proposed method.