• ETRI Journal
• /
• v.27 no.1
• /
• pp.22-42
• /
• 2005

Traditional traffic identification methods based on wellknown port numbers are not appropriate for the identification of new types of Internet applications. This paper proposes a new method to identify current Internet traffic, which is a preliminary but essential step toward traffic characterization. We categorized most current network-based applications into several classes according to their traffic patterns. Then, using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet, and characterized all the traffic according to their application types.

• Journal of Environmental Impact Assessment
• /
• v.7 no.2
• /
• pp.83-88
• /
• 1998

Filter badge type sampler has not been widely used to evaluate air quality over large cities in Korea while it can be successfully used for multi-point sampling and analysis. We evaluated the passive sampler as a new tool to monitor air quality over large cities. We latticed Metropolitan Seoul into $2{\times}2Km$ to give 136 points. $NO_2$ concentrations were measured at all the points in the Spring and Summer of 1997. According to the passive sampler data, natural green zones generally recorded lower $NO_2$ concentrations than major streets and traffic congestion areas. Passive samplers with abundant 136 points gave more detailed picture of $NO_2$ distribution while auto-monitoring network did not clearly provide the characteristics of local land use. Also, passive samplers gave 15% higher values than auto-monitoring network. The correlation between the two values appears very high judging from the regression slope of 0.92 and correlation coefficient of 0.91. This study clearly demonstrates the effectiveness of the passive sampler as a tool to monitor air quality over large cities.

• Journal of IKEEE
• /
• v.13 no.2
• /
• pp.140-149
• /
• 2009

Traffic anomaly detection is one of important technology that should be considered in network security and administration. In this paper, we propose an abnormal traffic detection mechanism that includes traffic monitoring and traffic analysis. We develop analytical passive monitoring system called WISE-Mon which can inspect traffic behavior. We establish a criterion by analyzing the characteristics of a traffic training set. To detect abnormal traffic, we derive a hyperplane by using Fisher linear discriminant and chi-square distribution as well as the analyzed characteristics of traffic. Our mechanism can support reliable results for traffic anomaly detection and is compatible to real-time detection. In addition, since the trend of traffic can be changed as time passes, the hyperplane has to be updated periodically to reflect the changes. Accordingly, we consider the self-learning algorithm which reflects the trend of the traffic and so enables to increase the pliability of detection probability. Numerical results are presented to validate the accuracy of proposed mechanism. It shows that the proposed mechanism is reliable and relevant for traffic anomaly detection.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5B
• /
• pp.348-356
• /
• 2012

The application traffic analysis is getting more and more challenging due to the huge amount of traffic from high-speed network link and variety of applications running on wired and wireless Internet devices. Multi-level combination of various analysis methods is desired to achieve high completeness and accuracy of analysis results for a real-time analysis system, while requires much of processing burden on the contrary. This paper proposes a novel architecture for a real-time traffic analysis system which improves the processing performance on multi-core CPU environment. The main contribution of the proposed architecture is an efficient parallel processing mechanism with multiple threads of various analysis methods. The feasibility of the proposed architecture was proved by implementing and deploying it on our campus network.