• Korean Journal of Artificial Intelligence
• /
• v.11 no.2
• /
• pp.19-27
• /
• 2023

In recent times, an exponential increase in Internet traffic has been observed as a result of advancing development of the Internet of Things, mobile networks with sensors, and communication functions within various devices. Further, the COVID-19 pandemic has inevitably led to an explosion of social network traffic. Within this context, considerable attention has been drawn to research on network traffic analysis based on machine learning. In this paper, we design and develop a new machine learning framework for network traffic analysis whereby normal and abnormal traffic is distinguished from one another. To achieve this, we combine together well-known machine learning algorithms and network traffic analysis techniques. Using one of the most widely used datasets KDD CUP'99 in the Weka and Apache Spark environments, we compare and investigate results obtained from time series type analysis of various aspects including malicious codes, feature extraction, data formalization, network traffic measurement tool implementation. Experimental analysis showed that while both the logistic regression and the support vector machine algorithm were excellent for performance evaluation, among these, the logistic regression algorithm performs better. The quantitative analysis results of our proposed machine learning framework show that this approach is reliable and practical, and the performance of the proposed system and another paper is compared and analyzed. In addition, we determined that the framework developed in the Apache Spark environment exhibits a much faster processing speed in the Spark environment than in Weka as there are more datasets used to create and classify machine learning models.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.637-638
• /
• 2017

The MQTT broker has problems such as packet loss and delay due to degraded network performance according to traffic. However, the MQTT broker does not support a separate interface for traffic measurement, so it can not cope with network degradation. In this paper, we propose a system for traffic measurement of MQTT broker. The proposed system uses the jnetpcap library to measure all traffic to and from the MQTT broker.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.2
• /
• pp.313-329
• /
• 2011

To provide a seamless network to customers, Internet service providers must promptly detect and control abnormal traffic. One approach is to shorten the traffic information measurement cycle. However, performance degradation is inevitable if traffic measurement servers merely shorten the cycle and measure all traffic. This paper presents a software architecture that can measure traffic more frequently without degrading performance by estimating the level of abnormal traffic. The algorithm in the architecture estimates the values of the interface group objects in MIB by using the IP group objects thereby reducing the number of measurements and the size of measured data. We evaluated this architecture on part of Internet service provider's IP network. When the traffic was measured 5 times more than before, the CPU usage and TPS of the proposed scheme was 7% and 41% less than that of the original scheme while the false positive rate and false negative rate were 3.2% and 2.7% respectively.

• Journal of KIISE:Information Networking
• /
• v.37 no.1
• /
• pp.27-34
• /
• 2010

In this paper, we examine a long-range dependence in an active measurement of a network traffic which has been a well known characteristic from analyses of a passive network traffic measurement. To this end, we utilize RTT(Round Trip Time), which is a typical active measurement measured by PingER project, and perform a relevant analysis to a time series of both RTT and its volatilities. The RTT time series exhibits a long-range dependence or a 1/f noise. The volatilities, defined as a higher-order variation, follow a log-normal distribution. Furthermore, volatilities show a long-range dependence in relatively short time intervals, and a long-range dependence and/or 1/f noise in long time intervals. From this study, we find that the long-range dependence is a characteristic of not only a passive traffic measurement but also an active measurement of network traffic such as RTT. From these findings, we can infer that the long-range dependence is a characteristic of network traffic independent of a type of measurements. In particular, an active measurement exhibits a 1/f noise which cannot be usually found in a passive measurement.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.49-51
• /
• 2003

Developers of network games have used several prediction techniques for hiding transmission delay to support the real­time requirement of network games. Nowadays many researches that are related with network game are in progress to solve delay problems more radically, such as to propose new routers architecture and transport protocols suitable to characteristics of network game traffic. So for these advanced researches the tasks to grasp the traffic characteristics of a network game are needed. In this paper we aimed to capture the traffic of MMORPG and present the statistical analysis of measured data. The measurement and the analysis were accomplished with the server of 'Lineage' that regarded as the most successful MMORPG. Next, we have implemented a traffic generator that reflects the characteristics of MMORPG and shown that the trace generated by MMORPG traffic generator had identical characteristics with actual traffic using statistical testing method. We expect that this traffic generator can be used in many researches related with a network game.

• Journal of Internet Computing and Services
• /
• v.5 no.4
• /
• pp.23-33
• /
• 2004

In this paper, we propose a novel traffic measurement based detection of network attack symptoms on high speed Internet backbone links. In order to do so, we characterize the traffic patterns from the normal and the network attacks appeared on Internet backbone links, and we derive two efficient measures for representing the network attack symptoms at aggregate traffic level. The two measures are the power spectrum and the ratio of packet counts to traffic volume of the aggregate traffic. And, we propose a new methodology to detect networks attack symptoms by measuring those traffic measures. Experimental results show that the proposed scheme can detect the network attack symptoms very exactly and quickly. Unlike existing methods based on Individual packets or flows, since the proposed method is operated on the aggregate traffic level. the computational complexity can be significantly reduced and applicable to high speed Internet backbone links.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.4
• /
• pp.1307-1323
• /
• 2014

With the exhaustion of global IPv4 addresses, IPv6 technologies have attracted increasing attentions, and have been deployed widely. Meanwhile, new applications running over IPv6 networks will change the traditional traffic characteristics obtained from IPv4 networks. Traditional models obtained from IPv4 cannot be used for IPv6 network monitoring directly and there is a need to investigate those changes. In this paper, we explore the flow features of IPv6 traffic and compare its difference with that of IPv4 traffic from flow level. Firstly, we analyze the differences of the general flow statistical characteristics and users' behavior between IPv4 and IPv6 networks. We find that there are more elephant flows in IPv6, which is critical for traffic engineering. Secondly, we find that there exist many one-way flows both in the IPv4 and IPv6 traffic, which are important information sources for abnormal behavior detection. Finally, in light of the challenges of analyzing massive data of large-scale network monitoring, we propose a group flow model which can greatly reduce the number of flows while capturing the primary traffic features, and perform a comparative measurement analysis of group users' behavior dynamic characteristics. We find there are less sharp changes caused by abnormity compared with IPv4, which shows there are less large-scale malicious activities in IPv6 currently. All the evaluation experiments are carried out based on the traffic traces collected from the Northwest Regional Center of CERNET (China Education and Research Network), and the results reveal the detailed flow characteristics of IPv6, which are useful for traffic management and anomaly detection in IPv6.

• ETRI Journal
• /
• v.42 no.3
• /
• pp.366-375
• /
• 2020

The network traffic prediction of a smart substation is key in strengthening its system security protection. To improve the performance of its traffic prediction, in this paper, we propose an improved gravitational search algorithm (IGSA), then introduce the IGSA into a wavelet neural network (WNN), iteratively optimize the initial connection weighting, scalability factor, and shift factor, and establish a smart substation network traffic prediction model based on the IGSA-WNN. A comparative analysis of the experimental results shows that the performance of the IGSA-WNN-based prediction model further improves the convergence velocity and prediction accuracy, and that the proposed model solves the deficiency issues of the original WNN, such as slow convergence velocity and ease of falling into a locally optimal solution; thus, it is a better smart substation network traffic prediction model.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.35-46
• /
• 2013

As a rapid increase of mobile network usage, many studies on solution for network traffic's demand problem have been done. Especially network environment measurement area provides basis for solving network traffic's demand problem by finding causes of problems through accurate network analysis. However, as increase of demand for smartphone, we should consider effects of mobile platform's property measuring mobile network. In this paper, we design a network traffic measurement system considering mobile platform. Through the information from packets, this system calculates packet transmission delay and throughput. We minimize computation cost required for a mobile device that is a client in this system. When fully using network resources, we found that Wi-Fi has shorter transmission delay, higher maximum throughput and lower loss rate than 3G, Android has shorter transmission delay and higher maximum throughput than iOS, and UDP has longer transmission delay and higher maximum throughput through this system.

• Proceedings of the IEEK Conference
• /
• 1998.06a
• /
• pp.909-912
• /
• 1998

In this paper, a new connection admission controller using neural network is presented. The controller measures traffic flow, cell loss rate, and cell delay periodically. Using those measured information, it learns the distributions of traffics of each traffic. Also the proposed controller is able to measure and manage the delays that source traffics experience through the network by using DWRR multiplexer with buffers dedicated to each traffic source. Experimental result show that the heterogeneous traffic sources with various QoS requirement.