• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.838-856
• /
• 2014

Enhanced network speed and the appearance of various applications have recently resulted in the rapid increase of Internet users and the explosive growth of network traffic. Under this circumstance, Internet users are eager to receive reliable and Quality of Service (QoS)-guaranteed services. To provide reliable network services, network managers need to perform control measures involving dropping or blocking each traffic type. To manage a traffic type, it is necessary to rapidly measure and correctly analyze Internet traffic as well as classify network traffic according to applications. Such traffic classification result provides basic information for ensuring service-specific QoS. Several traffic classification methodologies have been introduced; however, there has been no favorable method in achieving optimal performance in terms of accuracy, completeness, and applicability in a real network environment. In this paper, we propose a method to classify Internet traffic as the first step to provide stable network services. We integrate the existing methodologies to compensate their weaknesses and to improve the overall accuracy and completeness of the classification. We prioritize the existing methodologies, which complement each other, in our integrated classification system.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11S
• /
• pp.3410-3419
• /
• 1999

Autonomous Intrusion Analysis Agent(AIAA) is Incident Response Team staff's tool that scans, analyses, reports and alerts the traces of intrusion based on system logs and intruder's backdoors inside compromised system by IR staff after security incident is reported to the IR team. AIAA is intelligent to recognize to check out who is intruder from all the user accounts and to report the suspected candidates to the master control system in IR team. IR staff who controls AIAA with master system can pick up an intruder from the candidates reported by AIAA agent and review all related summary reports and details including source host's mane, finger information, all illegal behavior and so on. AIAA is moved to compromised system by the staff to investigate the signature of intrusion along the trace of victim hosts and it is also operated in secret mode to detect the further intrusion. AIAA is alive in all victim systems until the incident is closed and IR staff can control AIAA operation and dialogue with AIAA agent in Web interface.

• Journal of KIISE
• /
• v.43 no.3
• /
• pp.289-295
• /
• 2016

Malware authors spread malware variants in order to evade detection. It's hard to detect malware variants using static analysis. Therefore dynamic analysis based on API call information is necessary. In this paper, we proposed a malware family recommendation method to assist malware analysts in classifying malware variants. Our proposed method extract API call information of malware families by dynamic analysis. Then the multiple sequence alignment technique was applied to the extracted API call information. A signature of each family was extracted from the alignment results. By the similarity of the extracted signatures, our proposed method recommends three family candidates for unknown malware. We also measured the accuracy of our proposed method in an experiment using real malware samples.

• The Journal of Society for e-Business Studies
• /
• v.12 no.3
• /
• pp.151-175
• /
• 2007

Until now, most semantic web service discovery research has been carried out using either Web Service Modeling Ontology (WSMO) or a profile of OWL-based Web Service ontology (OWL-S). However, such efforts have focused primarily on service name and input/output ontology. Thus, the internal information of a service has not been utilized, and queries regarding internal information such as 'Find book-selling services allowing payment after delivery' are not addressed. This study outlines the development of TM-S (Topic Maps for Service) ontology and TMS-QL (TM-S Query Language), two novel technologies that address the aforementioned issues in semantic web service discovery research. TM-S ontology describes the behavior of services using process information and consists of three sub-ontologies: process signature ontology, process structure ontology and process concept ontology. TMS-QL allows users to describe service discovery requests.

• Proceedings of the KSRS Conference
• /
• 2003.11a
• /
• pp.37-37
• /
• 2003

Rice is one of the most important crop in the world and is a major export of Thailand. Optical sensors are not useful for rice monitoring, because most cultivated areas are often obscured by cloud during the growing period, especially in South East Asia. Spaceborne Synthetic Aperture Radar (SAR) such as RADARSAT, can see through regardless of weather condition which make it possible to monitor rice growth and to retrieve rice acreage, using the unique temporal signature of rice fields. This paper presents the result of a study of examining the backscatter behavior of rice using multi-temporal RADARSAT dataset. Ground measurements of paddy parameters and water and soil condition were collected. The ground truth information was also used to identify mature rice crops, orchard, road, residence, and aquaculture ponds. Land use class distributions from the RADARSAT image were analyzed. Comparison of the mean DB of each land use class indicated significant differences. Schematic representation of temporal backscatter of rice crop were plotted. Based on the study carried out in Pathum Thani Province test site, the results showed variation of sigma naught from first tillering vegatative phase until ripenning phase. It is suggested that at least, three radar data acquisitions taken at 3 stages of rice growth circle namely; those are at the beginning of rice growth when the field is still covered with water, in the ear differentiation period, and at the beginning of the harvest season, are required for rice monitoring. This pilot project was an experimental one aiming at future operational rice monitoring and potential yield predicttion.

• Geomechanics and Engineering
• /
• v.18 no.5
• /
• pp.545-554
• /
• 2019

The customary approach used in the blast vibration analysis is to derive empirical relations between the peak particle velocities of blast-induced waves and the scaled distance, and to develop patterns limiting the amounts of explosives. During the periods when excavations involving blasting were performed at sites far from residential areas and infrastructure works, this method based on empirical correlations could be effective in reducing vibrations. However, blasting procedures applied by the fast-moving mining and construction industries today can be very close to, in particular cities, residential areas, pipelines, geothermal sites, etc., and this reveals the need to minimize blast vibrations not only by limiting the use of explosives, but also employing new scientific and technological methods. The conventional methodology in minimizing blast vibrations involves the steps of i) measuring by seismograph peak particle velocity induced by blasting, ii) defining ground transmission constants between the blasting area and the target station, iii) finding out the empirical relation involving the propagation of seismic waves, and iv) employing this relation to identify highest amount of explosive that may safely be fired at a time for blasting. This paper addresses practical difficulties during the implementation of this conventional method, particularly the defects and errors in data evaluation and analysis; illustrates the disadvantages of the method; emphasizes essential considerations in case the method is implemented; and finally discusses methods that would fit better to the conditions and demands of the present time compared to the conventional method that intrinsically hosts the abovementioned disadvantages.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.7
• /
• pp.613-621
• /
• 2019

Recently, with the development of the Internet of Things (IoT) and cloud computing technologies, security threats have increased as malicious codes infect IoT devices, and new malware spreads ransomware to cloud servers. In this study, we propose a threat-detection technique that checks obfuscated script patterns to compensate for the shortcomings of conventional signature-based and behavior-based detection methods. Proposed is a malicious code-detection technique that is based on malicious script-pattern analysis that can detect zero-day attacks while maintaining the existing detection rate by registering and checking derived distribution patterns after analyzing the types of malicious scripts distributed through websites. To verify the performance of the proposed technique, a prototype system was developed to collect a total of 390 malicious websites and experiment with 10 major malicious script-distribution patterns derived from analysis. The technique showed an average detection rate of about 86% of all items, while maintaining the existing detection speed based on the detection rule and also detecting zero-day attacks.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.335-342
• /
• 2013

Nowadays, the traffic type and behavior are extremely diverse due to the growth of network speed and the appearance of various services on Internet. For efficient network operation and management, the importance of application-level traffic identification is more and more increasing in the area of traffic analysis. In recent years traffic identification methodology using statistical features of traffic flow has been broadly studied. However, there are several problems to be considered in the identification methodology base on statistical features of flow to improve the analysis accuracy. In this paper, we recognize these problems by analyzing the ground-truth traffic and propose the solution of these problems. The four problems considered in this paper are the distance measurement of features, the selection of the representative value of features, the abnormal behavior of TCP sessions, and the weight assignment to the feature. The proposed solutions were verified by showing the performance improvement through experiments in campus network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.10
• /
• pp.1994-2005
• /
• 2015

Voice over IP (VoIP) is a technology for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks. Instead of being transmitted over a circuit-switched network, however, the digital information is packetized, and transmission occurs in the form of IP packets over a packet-switched network which consist of several layers of computers. VoIP Service that used the various techniques has many advantages such as a voice Service, multimedia and additional service with cheap cost and so on. But the various frauds arises using VoIP because VoIP has the existing vulnerabilities at the Internet and based on complex technologies, which in turn, involve different components, protocols, and interfaces. According to research results, during in 2012, 46 % of fraud calls being made in VoIP. The revenue loss is considerable by fraud call. Among we will analyze for Toll Bypass Fraud by the SIM Box that occurs mainly on the international call, and propose the measures that can detect. Typically, proposed solutions to detect Toll Bypass fraud used DPI(Deep Packet Inspection) based on a variety of detection methods that using the Signature or statistical information, but Fraudster has used a number of countermeasures to avoid it as well. Particularly a Fraudster used countermeasure that encrypt VoIP Call Setup/Termination of SIP Signal or voice and both. This paper proposes the solution that is identifying equipment of Toll Bypass fraud using those countermeasures. Through feature of Voice traffic analysis, to detect involved equipment, and those behavior analysis to identifying SIM Box or Service Sever of VoIP Service Providers.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.