• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.613-624
• /
• 2002

Within the past decade, TCP/IP network environment has been explosively widespread all over the world. As the internet and the WWW expand their boundaries, the network traffic caused by data transfers over the internet has also increased. In this paper, we present the design and implementation of a WebTraMAS (Web-based Traffic Monitoring and Analysis System) which can resolve the shortcomings of current management approaches, particularly on the network traffic monitoring and analysis. The WebTraMAS presented in this paper performs the network management activities based on the parameters related to the MIB-II of SNMP and the parameters related to the QoS such as network performance and fault. The proposed WebTraMAS, implemented using the WWW technology, is able for the network manager to manage the network easily and platform independently with the performance analysis of internet traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.4 s.32
• /
• pp.127-131
• /
• 2004

In this paper, I propose the web-based network traffic monitoring system to monitor computers running MS Windows in the small-scale PC-room. The system can support network and system operation, management, expansion, and design using network analysis and diagnosis to a network administrator. The whole system consists of two parts: analysis server for collection and analysis of the network information. and supports real-time monitoring of network traffic, and the web-based interface system. a client system shows user a graphical data that analyzed a returned result from the server. This system implements web-based technology using java and contributes to enhance the effectiveness of network administrator's management activities in PC-room by controlling and monitoring.

• Journal of the Korea Society of Computer and Information
• /
• v.6 no.3
• /
• pp.64-71
• /
• 2001

In this paper we propose the network traffic monitoring system that can supported network and system operation, management, expansion, and design using network analysis and diagnosis to a network administrator. The proposed system consists of two parts: analysis server for collection and analysis of the network information. and supports real-time monitoring of network traffic, and client system shows user a graphical data that analyzed a returned result from the server This system implements web-based technology using java and contributes to enhance the effectiveness of network administrator's management.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.06a
• /
• pp.69-75
• /
• 2002

In this paper, we propose the realtime network traffic monitoring system usin SNMP that can supported network and system operation, management, expansion, and design using network analysis and diagnosis to a network administrator. The proposed system consists of two parts: analysis server for collection and analysis of the network information, and supports real-time monitoring of network traffic, and client system shows user a graphical data that analyzed a returned result from the server. This system implements web-based technology using Java and contributes to enhance the effectiveness of network administrator's management.

• ETRI Journal
• /
• v.27 no.1
• /
• pp.22-42
• /
• 2005

Traditional traffic identification methods based on wellknown port numbers are not appropriate for the identification of new types of Internet applications. This paper proposes a new method to identify current Internet traffic, which is a preliminary but essential step toward traffic characterization. We categorized most current network-based applications into several classes according to their traffic patterns. Then, using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet, and characterized all the traffic according to their application types.

• ETRI Journal
• /
• v.26 no.3
• /
• pp.203-217
• /
• 2004

This paper presents a method and architecture to analyze streaming media and multimedia conferencing traffic. Our method is based on detecting the transport protocol and port numbers that are dynamically assigned during the setup between communicating parties. We then apply such information to analyze traffic generated by the most popular streaming media and multimedia conferencing applications, namely, Windows Media, Real Networks, QuickTime, SIP and H.323. We also describe a prototype implementation of a traffic monitoring and analysis system that uses our method and architecture.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.41-48
• /
• 2016

In this paper we propose a new method of security visualization, VisFlow, using traffic flows to solve the problems of existing traffic flows based visualization techniques that were a loss of end-to-end semantics of communication, reflection problem by symmetrical address coordinates space, and intuitive loss problem in mass of traffic. VisFlow, a simple and effective security visualization interface, can do a real-time analysis and monitoring the situation in the managed network with visualizing a variety of network behavior not seen in the individual traffic data that can be shaped into patterns. This is a way to increase the intuitiveness and usability by identifying the role of nodes and by visualizing the highlighted or simplified information based on their importance in 2D/3D space. In addition, it monitor the network security situation as a way to increase the informational effectively using the asymmetrical connecting line based on IP addresses between pairs of nodes. Administrator can do a real-time analysis and monitoring the situation in the managed network using VisFlow, it makes to effectively investigate the massive traffic data and is easy to intuitively understand the entire network situation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.4
• /
• pp.1307-1323
• /
• 2014

With the exhaustion of global IPv4 addresses, IPv6 technologies have attracted increasing attentions, and have been deployed widely. Meanwhile, new applications running over IPv6 networks will change the traditional traffic characteristics obtained from IPv4 networks. Traditional models obtained from IPv4 cannot be used for IPv6 network monitoring directly and there is a need to investigate those changes. In this paper, we explore the flow features of IPv6 traffic and compare its difference with that of IPv4 traffic from flow level. Firstly, we analyze the differences of the general flow statistical characteristics and users' behavior between IPv4 and IPv6 networks. We find that there are more elephant flows in IPv6, which is critical for traffic engineering. Secondly, we find that there exist many one-way flows both in the IPv4 and IPv6 traffic, which are important information sources for abnormal behavior detection. Finally, in light of the challenges of analyzing massive data of large-scale network monitoring, we propose a group flow model which can greatly reduce the number of flows while capturing the primary traffic features, and perform a comparative measurement analysis of group users' behavior dynamic characteristics. We find there are less sharp changes caused by abnormity compared with IPv4, which shows there are less large-scale malicious activities in IPv6 currently. All the evaluation experiments are carried out based on the traffic traces collected from the Northwest Regional Center of CERNET (China Education and Research Network), and the results reveal the detailed flow characteristics of IPv6, which are useful for traffic management and anomaly detection in IPv6.

• Proceedings of the KIEE Conference
• /
• 2006.07a
• /
• pp.179-180
• /
• 2006

The real time monitoring of the power systems covering wide area are essential for the stable operation and control of the power system. Synchronized phasor measurement is a key for the precise monitoring and control of the power systems. In this paper, to suggest an appropriate network topology of Power Infrastructure Defense System(PIDS) and to estimate the maximum network bandwidth with using the network analyzer, we simulate a PIDS and analyze the network traffic.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.53-60
• /
• 2006

As it has been continuously increased the volume of traffic over Internet, it is hard for a network traffic monitoring system to analysis every packet in a real-time manner. While it is increased usage of applications which are dynamically allocated port number such as peer-to-peer(P2P), steaming media, messengers, users want to analyze traffic data generated from them. This high level analysis of each packet needs more processing time. This paper proposes to introduce load shedder for limiting the number of packets. After it determines what application generates a selected packet, the packet is analyzed with a defined application protocol.