• ETRI Journal
• /
• v.27 no.1
• /
• pp.22-42
• /
• 2005

Traditional traffic identification methods based on wellknown port numbers are not appropriate for the identification of new types of Internet applications. This paper proposes a new method to identify current Internet traffic, which is a preliminary but essential step toward traffic characterization. We categorized most current network-based applications into several classes according to their traffic patterns. Then, using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet, and characterized all the traffic according to their application types.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2261-2280
• /
• 2014

Recently, network traffic has become more complex and diverse due to the emergence of new applications and services. Therefore, the importance of application-level traffic classification is increasing rapidly, and it has become a very popular research area. Although a lot of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in real-time application-level traffic classification. In this paper, we propose a novel application-level traffic classification method using payload size sequence (PSS) signature. The proposed method generates unique PSS signatures for each application using packet order, direction and payload size of the first N packets in a flow, and uses them to classify application traffic. The evaluation shows that this method can classify application traffic easily and quickly with high accuracy rates, over 99.97%. Furthermore, the method can also classify application traffic that uses the same application protocol or is encrypted.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.335-342
• /
• 2013

Nowadays, the traffic type and behavior are extremely diverse due to the growth of network speed and the appearance of various services on Internet. For efficient network operation and management, the importance of application-level traffic identification is more and more increasing in the area of traffic analysis. In recent years traffic identification methodology using statistical features of traffic flow has been broadly studied. However, there are several problems to be considered in the identification methodology base on statistical features of flow to improve the analysis accuracy. In this paper, we recognize these problems by analyzing the ground-truth traffic and propose the solution of these problems. The four problems considered in this paper are the distance measurement of features, the selection of the representative value of features, the abnormal behavior of TCP sessions, and the weight assignment to the feature. The proposed solutions were verified by showing the performance improvement through experiments in campus network.

• Smart Structures and Systems
• /
• v.24 no.5
• /
• pp.617-630
• /
• 2019

Currently most of the vision-based structural identification research focus either on structural input (vehicle location) estimation or on structural output (structural displacement and strain responses) estimation. The structural condition assessment at global level just with the vision-based structural output cannot give a normalized response irrespective of the type and/or load configurations of the vehicles. Combining the vision-based structural input and the structural output from non-contact sensors overcomes the disadvantage given above, while reducing cost, time, labor force including cable wiring work. In conventional traffic monitoring, sometimes traffic closure is essential for bridge structures, which may cause other severe problems such as traffic jams and accidents. In this study, a completely non-contact structural identification system is proposed, and the system mainly targets the identification of bridge unit influence line (UIL) under operational traffic. Both the structural input (vehicle location information) and output (displacement responses) are obtained by only using cameras and computer vision techniques. Multiple cameras are synchronized by audio signal pattern recognition. The proposed system is verified with a laboratory experiment on a scaled bridge model under a small moving truck load and a field application on a footbridge on campus under a moving golf cart load. The UILs are successfully identified in both bridge cases. The pedestrian loads are also estimated with the extracted UIL and the predicted weights of pedestrians are observed to be in acceptable ranges.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.53-60
• /
• 2006

As it has been continuously increased the volume of traffic over Internet, it is hard for a network traffic monitoring system to analysis every packet in a real-time manner. While it is increased usage of applications which are dynamically allocated port number such as peer-to-peer(P2P), steaming media, messengers, users want to analyze traffic data generated from them. This high level analysis of each packet needs more processing time. This paper proposes to introduce load shedder for limiting the number of packets. After it determines what application generates a selected packet, the packet is analyzed with a defined application protocol.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.20 no.1
• /
• pp.19-25
• /
• 2012

The air traffic situation variables were emphasized in this research to review the awareness level of job performance of military air traffic controllers in application of air traffic situation variables such as detection of aircraft identification, type of aircraft, position ,speed, altitude, determination of separation between departing and arriving in-trail aircraft, physical airport conditions, adverse weather conditions, NAVAID outage and ATC facilities' operational status. In this respect, This study was conducted under the auspice of ATC facility operating agencies and devoting air force air traffic controller's participation by answering the questionnaires from nine radar approach control facilities and other air traffic control towers.

• The KIPS Transactions:PartC
• /
• v.17C no.2
• /
• pp.205-214
• /
• 2010

As network traffic is dramatically increasing due to the popularization of Internet, the need for application traffic classification becomes important for the effective use of network resources. In this paper, we present an application traffic classification method based on fixed IP-port information. A fixed IP-port is a {IP address, port number, transport protocol}triple dedicated to only one application, which is automatically collected from the behavior analysis of individual applications. We can classify the Internet traffic more accurately and quickly by simple packet header matching to the collected fixed IP-port information. Therefore, we can construct a lightweight, fast, and accurate real-time traffic classification system than other classification method. In this paper we propose a novel algorithm to extract the fixed IP-port information and the system architecture. Also we prove the feasibility and applicability of our proposed method by an acceptable experimental result.

• Journal of Information Technology and Architecture
• /
• v.10 no.1
• /
• pp.101-111
• /
• 2013

Internet traffic volume has been increasing rapidly due to popularization of various smart devices and Internet development. In particular, HTTP-based traffic volume of smart devices is increasing rapidly in addition to desktop traffic volume. The increased mobile traffic can cause serious problems such as network overload, web security, and QoS. In order to solve these problems of the Internet overload and security, it is necessary to accurately detect applications. Traditionally, well-known port based method is utilized in traffic classification. However, this method shows low accuracy since P2P applications exploit a TCP/80 port, which is used for the HTTP protocol; to avoid firewall or IDS. Signature-based method is proposed to solve the lower accuracy problem. This method shows higher analysis rate but it has overhead of signature generation. Also, previous signature-based study only analyzes applications in HTTP protocol-level not application-level. That is, it is difficult to identify application name. Therefore, previous study only performs protocol-level analysis. In this paper, we propose a signature generation method to classify HTTP-based traffics in application-level using the characteristics of typical semi HTTP header. By applying our proposed method to campus network traffic, we validate feasibility of our method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5B
• /
• pp.348-356
• /
• 2012

The application traffic analysis is getting more and more challenging due to the huge amount of traffic from high-speed network link and variety of applications running on wired and wireless Internet devices. Multi-level combination of various analysis methods is desired to achieve high completeness and accuracy of analysis results for a real-time analysis system, while requires much of processing burden on the contrary. This paper proposes a novel architecture for a real-time traffic analysis system which improves the processing performance on multi-core CPU environment. The main contribution of the proposed architecture is an efficient parallel processing mechanism with multiple threads of various analysis methods. The feasibility of the proposed architecture was proved by implementing and deploying it on our campus network.

• Smart Structures and Systems
• /
• v.31 no.1
• /
• pp.57-68
• /
• 2023

Bridge hangers, such as those in suspension and cable-stayed bridges, suffer from cumulative fatigue damage caused by dynamic loads (e.g., cyclic traffic and wind loads) in their service condition. Thus, the identification of damage to hangers is important in preserving the service life of the bridge structure. This study develops a new method for condition assessment of bridge hangers. The tension force of the bridge and the damages in the element level can be identified using the Bayesian optimization method. To improve the number of observed data, the additional mass method is combined the Bayesian optimization method. Numerical studies are presented to verify the accuracy and efficiency of the proposed method. The influence of different acquisition functions, which include expected improvement (EI), probability-of-improvement (PI), lower confidence bound (LCB), and expected improvement per second (EIPC), on the identification of damage to the bridge hanger is studied. Results show that the errors identified by the EI acquisition function are smaller than those identified by the other acquisition functions. The identification of the damage to the bridge hanger with various types of boundary conditions and different levels of measurement noise are also studied. Results show that both the severity of the damage and the tension force can be identified via the proposed method, thereby verifying the robustness of the proposed method. Compared to the genetic algorithm (GA), particle swarm optimization (PSO), and nonlinear least-square method (NLS), the Bayesian optimization (BO) performs best in identifying the structural damage and tension force.