• Transportation Technology and Policy
• /
• v.10 no.3
• /
• pp.69-76
• /
• 2013

• ETRI Journal
• /
• v.42 no.3
• /
• pp.366-375
• /
• 2020

The network traffic prediction of a smart substation is key in strengthening its system security protection. To improve the performance of its traffic prediction, in this paper, we propose an improved gravitational search algorithm (IGSA), then introduce the IGSA into a wavelet neural network (WNN), iteratively optimize the initial connection weighting, scalability factor, and shift factor, and establish a smart substation network traffic prediction model based on the IGSA-WNN. A comparative analysis of the experimental results shows that the performance of the IGSA-WNN-based prediction model further improves the convergence velocity and prediction accuracy, and that the proposed model solves the deficiency issues of the original WNN, such as slow convergence velocity and ease of falling into a locally optimal solution; thus, it is a better smart substation network traffic prediction model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.25-38
• /
• 2017

Many security threats are occurring around the world due to the characteristics of industrial control systems that can cause serious damage in the event of a security incident including major national infrastructure. Therefore, the industrial control system network traffic should be analyzed so that it can identify the attack in advance or perform incident response after the accident. In this paper, we research the visualization technique as network forensics to enable reasonable suspicion of all possible attacks on DNP3 control system protocol, and define normal action based rules and derive visualization requirements. As a result, we developed a visualization tool that can detect sudden network traffic changes such as DDoS and attacks that contain anormal behavior from captured packet files on industrial control system network. The suspicious behavior in the industrial control system network can be found using visualization tool with Digital Bond packet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1315-1324
• /
• 2012

Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of Korea Spatial Information System Society
• /
• v.11 no.2
• /
• pp.45-53
• /
• 2009

The fast progress on multimedia data acquisition technologies has enabled collecting vast amount of videos in real time. Although the amount of information gathered from these videos could be high in terms of quantity and quality, the use of the collected data is very limited typically by human-centric monitoring systems. In this paper, we propose a framework for analyzing long traffic video using series of content-based analyses tools. Our framework suggests a method to integrate theses analyses tools to extract highly informative features specific to a traffic video analysis. Our analytical framework provides (1) re-sampling tools for efficient and precise analysis, (2) foreground extraction methods for unbiased traffic flow analysis, (3) frame property analyses tools using variety of frame characteristics including brightness, entropy, Harris corners, and variance of traffic flow, and (4) a visualization tool that summarizes the entire video sequence and automatically highlight a collection of frames based on some metrics defined by semi-automated or fully automated techniques. Based on the proposed framework, we developed an automated traffic flow analysis system, and in our experiments, we show results from two example traffic videos taken from different monitoring angles.

• Journal of Industrial Convergence
• /
• v.17 no.4
• /
• pp.53-58
• /
• 2019

It is important to collect and analyze the data from the traffic accident analysis system and the National Statistical Office to reduce the traffic accident rate of the elderly, who are the weakest. In particular, it is more important to analyze the data in areas where the elderly population is large and where accidents occur frequently. This paper visualizes and analyzes the data of elderly traffic accidents that occurred in recent 5 years in the area where many elderly people live in Buyeo-gun. The elderly traffic accident type, accident area, and location data of the elderly can be useful for the improvement measures and related decision making to reduce the elderly traffic accidents.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.586-589
• /
• 2018

As the convergence of traffic system and Big-data technology, new convenient services which is helpful for drivers and pedestrian are appeared. Recently, the various researches about the traffic system, such as prediction of traffic jam and finding the shortest path, are studied. In this paper, we collect the data of taxi trips in Daegu City, and visualize them on the map of Daegu City. And then, we select specific sections of roads in the city, and by using the data of location and speed about taxis and the information of the road sections, calculate the traffic of that section and the average speed of cars on that section. As a result of this, we give help solving the problem of the specific road sections.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.47-60
• /
• 2015

In this paper, we propose a simple and useful method using a port role to visualize the network attacks. The port role defines the behavior of the port from the source and destination port number of network session. Based on the port role, the port provides the brief security features of each node as an attacker, a victim, a server, and a normal host. We have automatically classified and identified the type of node based on the port role and security features. We detected and visualized the network attacks using these features of the node by the port role. In addition, we are intended to solve the problems with existing visualization technologies which are the reflection problem caused an undirected network session and the problem caused decreasing of distinct appearance when occurs a large amount of the sessions. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacker, victim, server, and hosts. In addition, by providing a categorized analysis of network attacks, this method can more precisely detect and distinguish them from normal sessions.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.3
• /
• pp.612-622
• /
• 2017

Long-lived flowed termed as elephant flows in data center networks have a tendency to consume a lot of bandwidth, leaving delay-sensitive short-lived flows referred to as mice flows choked behind them. This results in non-trivial delays for mice flows, eventually degrading application performance running on the network. Therefore, a datacenter network should be able to classify, detect, and visualize elephant flows as well as provide QoS guarantees in real-time. In this paper we aim to focus on: 1) a proposed framework for real-time detection and visualization of elephant flows in SDN using sFlow. This allows to examine elephant flows traversing a switch by double-clicking the switch node in the topology visualization UI; 2) an approach to guarantee QoS that is defined and administered by a SDN controller and specifications offered by OpenFlow. In the scope of this paper, we will focus on the use of rate-limiting (traffic-shaping) classification technique within an SDN network.