• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.7
• /
• pp.1339-1346
• /
• 2015

The traffic identification is a preliminary and essential step for stable network service provision and efficient network resource management. While a number of identification methods have been introduced in literature, the payload signature-based identification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method's processing speed is much slower than other identification method such as header-based and statistical methods. In this paper, we first classifies signatures by matching type based on range, order, and direction of packet in a flow which was automatically extracted. By using this classification, we suggest a novel method to improve processing speed of payload signature-based identification by reducing searching space.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.189-196
• /
• 2020

In general, fragmented files without signatures and file meta-information are difficult to recover. Multimedia files, in particular, are highly fragmented and have high entropy, making it almost impossible to recover with signature-based carving at present. To solve this problem, research on fragmented files is underway, but research on multimedia files is lacking. This paper is a study that classifies the types of fragmented multimedia files without signature and file meta-information. Extracts the characteristic values of each file type through the frequency differences of specific byte values according to the file type, and presents a method of designing the corresponding Gray-Scale table and classifying the file types of a total of four multimedia types, JPG, PNG, H.264 and WAV, using the CNN (Convolutional Natural Networks) model. It is expected that this paper will promote the study of classification of fragmented file types without signature and file meta-information, thereby increasing the possibility of recovery of various files.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.838-856
• /
• 2014

Enhanced network speed and the appearance of various applications have recently resulted in the rapid increase of Internet users and the explosive growth of network traffic. Under this circumstance, Internet users are eager to receive reliable and Quality of Service (QoS)-guaranteed services. To provide reliable network services, network managers need to perform control measures involving dropping or blocking each traffic type. To manage a traffic type, it is necessary to rapidly measure and correctly analyze Internet traffic as well as classify network traffic according to applications. Such traffic classification result provides basic information for ensuring service-specific QoS. Several traffic classification methodologies have been introduced; however, there has been no favorable method in achieving optimal performance in terms of accuracy, completeness, and applicability in a real network environment. In this paper, we propose a method to classify Internet traffic as the first step to provide stable network services. We integrate the existing methodologies to compensate their weaknesses and to improve the overall accuracy and completeness of the classification. We prioritize the existing methodologies, which complement each other, in our integrated classification system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1234-1244
• /
• 2009

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services and applications on Internet, which makes the need of application-level traffic classification important for the efficient management and control of network resources. Although lots of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in terms of accuracy and completeness. In this paper we propose an application traffic classification method using statistic signatures, defined as a directional sequence of packet size in a flow, which is unique for each application. The statistic signatures of each application are collected by our automatic grouping and extracting mechanism which is mainly described in this paper. By matching to the statistic signatures we can easily and quickly identify the application name of traffic flows with high accuracy, which is also shown by comprehensive excrement with our campus traffic data.

• The Bulletin of The Korean Astronomical Society
• /
• v.44 no.1
• /
• pp.33.3-33.3
• /
• 2019

Automatic, yet reliable methods to find and classify barred galaxies are going to be more important in the era of large galaxy surveys. Here, we introduce a new approach to classify barred galaxies by analyzing the butterfly pattern that Buta & Block (2001) reported as a bar signature on the potential map. We make it easy to find the pattern by moving the ratio map from a Cartesian coordinate to a polar coordinate. Our volume-limited sample consists of 1698 spiral galaxies brighter than Mr = -15.2 with z < 0.01 from the Sloan Digital Sky Survey/DR7 visually classified by Ann et al. (2015). We compared the results of the classification obtained by four different methods: visual inspection, ellipse fitting, Fourier analysis, and our new method. We obtain, for the same sample, different bar fractions of 63%, 48%, 36%, and 56% by visual inspection, ellipse fitting, Fourier analysis, and our new approach, respectively. Although automatic classifications detect visually determined, strongly barred galaxies with the concordance of 74% to 86%, automatically selected barred galaxies contain different amount of weak bars. We find a different dependence of bar fraction on the Hubble type for strong and weak bars: SBs are preponderant in early-type spirals, whereas SABs are in late-type spirals. Moreover, the ellipse fitting method often misses strongly barred galaxies in the bulge-dominated galaxies. These explain why previous works showed the contradictory dependence of the bar fraction on the host galaxy properties. Our new method has the highest agreement with visual inspection in terms of the individual classification and the overall bar fraction. In addition, we find another signature on the ratio map to classify barred galaxies into new two classes that are probably related to the age of the bar.

• Spatial Information Research
• /
• v.22 no.1
• /
• pp.27-33
• /
• 2014

Considering the wide coverage, the transparency from climate condition, Interferometric Synthetic Aperture Radar (InSAR) possesses a great potential for the landcover classification as shown in many precedent researches. In addition to the merits of InSAR products for the landcover classification, the time series analysis of InSAR pairs can provide a highly reliable basis to interpret landcover. We applied such idea with the test site in Mountain Baekdu located on the border between North Korea and China. Since it is recently noted as the potential volcanic activation site, the landcover especially the vegetation distribution information is highly essential to validate the reliability of Differential Interferometric Synthetic Aperture Radar (DInSAR) over Mt. Baekdu. The algorithms combining the auxiliary information from Moderate Resolution Imaging Spectroradiometer (MODIS) to analyze the phase coherence and backscatter coefficient of Observing Satellite (ALOS) Phased Array type L-band Synthetic Aperture Radar (PALSAR) was established. The results using InSAR signatures from two polarization modes of ALOS PALSAR showed high reliability for mining landcover and spatial distribution.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.79-85
• /
• 2022

Anomaly detection is a method to detect and block abnormal data flows in general users' data sets. The previously known method is a method of detecting and defending an attack based on a signature using the signature of an already known attack. This has the advantage of a low false positive rate, but the problem is that it is very vulnerable to a zero-day vulnerability attack or a modified attack. However, in the case of anomaly detection, there is a disadvantage that the false positive rate is high, but it has the advantage of being able to identify, detect, and block zero-day vulnerability attacks or modified attacks, so related studies are being actively conducted. In this study, we want to deal with these anomaly detection mechanisms, and we propose a new mechanism that performs both anomaly detection and classification while supplementing the high false positive rate mentioned above. In this study, the experiment was conducted with five configurations considering the characteristics of various algorithms. As a result, the model showing the best accuracy was proposed as the result of this study. After detecting an attack by applying the Extra Tree and Three-layer ANN at the same time, the attack type is classified using the Extra Tree for the classified attack data. In this study, verification was performed on the NSL-KDD data set, and the accuracy was 99.8%, 99.1%, 98.9%, 98.7%, and 97.9% for Normal, Dos, Probe, U2R, and R2L, respectively. This configuration showed superior performance compared to other models.

• International Area Studies Review
• /
• v.20 no.2
• /
• pp.25-46
• /
• 2016

In order to newly expand and define the concept of "strategic servitization" based on Industry 4.0, this study tried to evaluate the existing status of domestic and foreign servitized manufacturing and investigated the servitization cases of some leading overseas companies. In addition, we chose 250 samples of manufacturing firms listed on KOSDAQ and collected a vast amount of data regarding servitized manufacturing, such as the current status about new businesses, profit model, and financial fluctuations of each company. Based on these data, we classified the main types of manufacturing-service convergence into a $2{\times}2$ framework and derived a new strategic servitization model for each type of signature. Furthermore, we divided the sample corporations into three groups, which are pure manufacturer, servitized firm, and strategic servitized firm, and through the mutual comparison of the real sales amounts and the estimated sales amounts by time-series extrapolation analysis, we statistically proved that the service sales of strategic servitized firms give positive impacts on ROA when compared with those of the other two groups. Finally, we selected 12 leading domestic strategic-servitized firms, interviewed them in depth, and not only organized the issues during this process and their solutions by categories but also suggested the policy demands for strategic servitization.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.28 no.1A
• /
• pp.135-146
• /
• 2008

In this paper, a hybrid damage monitoring scheme for prestressed concrete (PSC) girder bridges by using sequential acceleration and impedance signatures is newly proposed. Damage types of interest include prestress-loss in tendon and flexural stiffness-loss in a concrete girder. The hybrid scheme mainly consists of three sequential phases: damage alarming, damage classification, and damage estimation. In the first phase, the global occurrence of damage is alarmed by monitoring changes in acceleration features. In the second phase, the type of damage is classified into either prestress-loss or flexural stiffness-loss by recognizing patterns of impedance features. In the third phase, the location and the extent of damage are estimated by using two different ways: a mode shape-based damage detection to detect flexural stiffness-loss and a natural frequency-based prestress prediction to identify prestress-loss. The feasibility of the proposed scheme is evaluated on a laboratory-scaled PSC girder model for which hybrid vibration-impedance signatures were measured for several damage scenarios of prestress-loss and flexural stiffness-loss.