• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3B
• /
• pp.339-348
• /
• 2004

Packet classification is an important factor to support various services such as QoS guarantee and VPN for users in Internet. Packet classification is a searching process for best matching rule on rule tables by employing multi-field such as source address, protocol, and port number as well as destination address in If header. In this paper, we propose hardware based packet classification algorithm by employing tree bitmap of multi-bit trio. We divided prefixes of searching fields and rule into multi-bit stride, and perform a rule searching with multi-bit of fixed size. The proposed scheme can reduce the access times taking for rule search by employing indexing key in a fixed size of upper bits of rule prefixes. We also employ a marker prefixes in order to remove backtracking during searching a rule. In this paper, we generate two dimensional random rule set of source address and destination address using routing tables provided by IPMA Project, and compare its memory usages and performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.2
• /
• pp.134-146
• /
• 2009

Traffic classification seeks to assign packet flows to an appropriate quality of service(QoS) class based on flow statistics without the need to examine packet payloads. Classification proceeds in two steps. Classification rules are first built by analyzing traffic traces, and then the classification rules are evaluated using test data. In this paper, we use self-organizing map and K-means clustering as unsupervised machine learning methods to identify the inherent classes in traffic traces. Three clusters were discovered, corresponding to transactional, bulk data transfer, and interactive applications. The K-nearest neighbor classifier was found to be highly accurate for the traffic data and significantly better compared to a minimum mean distance classifier.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4B
• /
• pp.245-257
• /
• 2012

As one of the most challenging tasks in designing the Internet routers, packet classification is required to achieve the wire-speed processing for every incoming packet. Packet classification algorithm which applies binary search on trie levels to the area-based quad-trie is an efficient algorithm. However, it has a problem of unnecessary access to a hash table, even when there is no node in the corresponding level of the trie. In order to avoid the unnecessary off-chip memory access, we proposed an algorithm using Bloom filters along with the binary search on levels to multiple disjoint tries. For ACL, FW, IPC sets with about 1000, 5000, and 10000 rules, performance evaluation result shows that the search performance is improved by 21 to 33 percent by adding Bloom filters.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.2
• /
• pp.473-494
• /
• 2020

To provide a guaranteed Quality of Service (QoS) to real-time traffic in High-Speed Downlink Packet Access (HSDPA) core network, we proposed an enhanced mechanism. For an enhanced QoS, a Class-Based Low Latency Fair Queueing (CBLLFQ) packet scheduling algorithm is introduced in this work. Packet classification, metering, queuing, and scheduling using differentiated services (DiffServ) environment was the points in focus. To classify different types of real-time voice and multimedia traffic, the QoS provisioning mechanisms use different DiffServ code points (DSCP).The proposed algorithm is based on traffic classes which efficiently require the guarantee of services and specified level of fairness. In CBLLFQ, a mapping criterion and an efficient queuing mechanism for voice, video and other traffic in separate queues are used. It is proved, that the algorithm enhances the throughput and fairness along with a reduction in the delay and packet loss factors for smooth and worst traffic conditions. The results calculated through simulation show that the proposed calculations meet the QoS prerequisites efficiently.

• Structural Engineering and Mechanics
• /
• v.46 no.4
• /
• pp.459-486
• /
• 2013

A novel damage classification method based on wavelet packet transform and statistical analysis is developed in this study for structural health monitoring. The response signal of a structure under an impact load is normalized and then decomposed into wavelet packet components. Energies of these wavelet packet components are then calculated to obtain the energy distribution. Statistical similarity comparison based on an F-test is used to classify the structure from changes in the wavelet packet energy distribution. A statistical indicator is developed to describe the damage extent of the structure. This approach is applied to the test results from simply supported reinforced concrete beams in the laboratory. Cases with single and two damages are created from static loading, and accelerations of the structure from under impact loads are analyzed. Results show that the method can be used with no reference baseline measurement and model for the damage monitoring and assessment of the structure with alarms at a specified significance level.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.9
• /
• pp.2191-2201
• /
• 2012

Traffic classification seeks to assign packet flows to an appropriate quality of service (QoS) class based on flow statistics without the need to examine packet payloads. Classification proceeds in two steps. Classification rules are first built by analyzing traffic traces, and then the classification rules are evaluated using test data. In this paper, we use self-organizing map and K-means clustering as unsupervised machine learning methods to identify the inherent classes in traffic traces. Three clusters were discovered, corresponding to transactional, bulk data transfer, and interactive applications. The K-nearest neighbor classifier was found to be highly accurate for the traffic data and significantly better compared to a minimum mean distance classifier.

• The Journal of the Korea Contents Association
• /
• v.7 no.1
• /
• pp.103-115
• /
• 2007

The vulnerability issue on IEEE 802.1x wireless LAN has been permits the malicious attack such as Auth/Deauth flooding more serious rather than we expected. Attacker can generate huge volume of malicious traffic as the same methods on existing wired network. The objective of wireless IP Traceback is to determine the real attack sources, as well as the full path taken by the wireless attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. But, these existing schemes did not provide enhanced performance against DoS attack on wireless traffic. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for wireless IP Packet Traceback with wireless Classification function. Proposed mechanism can detect and control DoS traffic on AP and can generate marked packet for reconstructing on the real path from the non-spoofed wireless attack source, by which we can construct secure wireless network based on AP with enhance traceback performance.

• The Journal of the Korea Contents Association
• /
• v.8 no.6
• /
• pp.54-65
• /
• 2008

When DDoS attack is achieved, malicious host discovering is more difficult on wireless network than existing wired network environment. Specially, because wireless network is weak on wireless user authentication attack and packet spoofing attack, advanced technology should be studied in reply. Integrated Access Device (IAD) that support VoIP communication facility etc with wireless routing function recently is developed and is distributed widely. IAD is alternating facility that is offered in existent AP. Therefore, advanced traffic classification function and real time attack detection function should be offered in IAD on wireless network environment. System that is presented in this research collects client information of wireless network that connect to IAD using AirSensor. And proposed mechanism also offers function that collects the wireless client's attack packet to monitoring its legality. Also the proposed mechanism classifies and detect the attack packet with W-TMS system that was received to IAD. As a result, it was possible for us to use IAD on wireless network service stably.

• Journal of KIISE:Information Networking
• /
• v.35 no.6
• /
• pp.497-509
• /
• 2008

Various algorithms and architectures for efficient packet classification have been widely studied. Packet classification algorithms based on a decision tree structure such as HiCuts and HyperCuts are known to be the best by exploiting the geometrical representation of rules in a classifier. However, the algorithms are not practical since they involve complicated heuristics in selecting a dimension of cuts and determining the number of cuts at each node of the decision tree. Moreover, the cutting is not efficient enough since the cutting is based on regular interval which is not related to the actual range that each rule covers. In this paper, we proposed a new efficient packet classification algorithm using a range cutting. The proposed algorithm primarily finds out the ranges that each rule covers in 2-dimensional prefix plane and performs cutting according to the ranges. Hence, the proposed algorithm constructs a very efficient decision tree. The cutting applied to each node of the decision tree is optimal and deterministic not involving the complicated heuristics. Simulation results for rule sets generated using class-bench databases show that the proposed algorithm has better performance in average search speed and consumes up to 3-300 times less memory space compared with previous cutting algorithms.

• ETRI Journal
• /
• v.42 no.3
• /
• pp.311-323
• /
• 2020

Encrypted traffic classification plays a vital role in cybersecurity as network traffic encryption becomes prevalent. First, we briefly introduce three traffic encryption mechanisms: IPsec, SSL/TLS, and SRTP. After evaluating the performances of support vector machine, random forest, naïve Bayes, and logistic regression for traffic classification, we propose the combined approach of entropy estimation and artificial neural networks. First, network traffic is classified as encrypted or plaintext with entropy estimation. Encrypted traffic is then further classified using neural networks. We propose using traffic packet's sizes, packet's inter-arrival time, and direction as the neural network's input. Our combined approach was evaluated with the dataset obtained from the Canadian Institute for Cybersecurity. Results show an improved precision (from 1 to 7 percentage points), and some application classification metrics improved nearly by 30 percentage points.