• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.5
• /
• pp.995-1003
• /
• 2004

A number of Internet application services are used with the development of Internet backbone nowadays. Well-known services such as WWW, ]n, email are provided at first time. Tremendous unwell-known services are presented according to the demands of various contents. After analyzing PDU information of the packet using unwell-known port travelling on the internet, searching internet service type and its statistical data is provided with internet traffic analyst as very useful information. This paper presents the mechanism to extract the internet application services operated on (un)well-known port of UDP or TCP used occasionally through netflow and tcpdump method introduced by ethereal and the operation scheme of the service. Afterwards to get the detailed statistics of the analyzed application service, the agent and the server environment, the agent gathering raw data traffics and the server adapting the traffic received from the agent BNF(Backus-Naur Form) method, is also introduced. Adapting the presented mechanism eve. LAN of Andong national university, the internet traffic service type and the detailed statistics of the analyzed application services which provides with internet traffic analyst are presented as very useful information.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10c
• /
• pp.79-81
• /
• 2003

오늘날 인터넷의 백본 발달과 더불어 수많은 응용 서비스들이 사용되고 있다. 이러한 응용 서비스는 인터넷 초기 출현 시에는 웹, 파일전달, 이메일 등의 well­known 서비스가 주축을 형성하였다. 그러나 최근 인터넷의 폭발적인 사용과 다양한 컨텐츠의 요구로 unwell­known 서비스가 매우 많이 등장하였다. 또한 인터넷에서 작동하는 트랙픽을 모니터링하여 (un)well­known 포트를 사용하는 패킷의 PDU 정보를 보고서 응용 서비스의 유형을 찾는 기법은 트래픽 분석자에게 매우 유용한 정보이다. 본 논문에서는 TCP와 UDP 위에서 동작하는 (un)well­known 포트를 사용하는 패킷의 PDU 정보에 의한 응용 서비스의 유형을 찾는 트래픽 분석 기법을 수행하였다. 이러한 분석을 위하여 수많은 트래픽 중 활용도가 많은 응용 서비스를 추출하기 위하여, 안동대학교 네트워크에서는 ethereal에서 제시된 netflow 및 tcpdump 기법을 활용하였다. 추출된 트래픽의 분석을 위하여 그 서비스를 PC에서 구동시켜 ethereal 트래픽 분석장치로 모니터링하여 분석하였다.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.172-181
• /
• 2005

The latest attack type against network traffic appeared by worm and bot that are advanced in DDoS. It is difficult to detect them because they are diversified, intelligent, concealed and automated. The exisiting traffic analysis method using SNMP has a vulnerable problem; it considers normal P2P and other application program to be harmful traffic. It also has limitation that does not analyze advanced programs such as worm and bot to harmful traffic. Therefore, we analyzed harmful traffic out Protocol and Port analysis. We also classified traffic by protocol, well-known port, P2P port, existing attack port, and specification port, apply singularity weight to detect, and analyze attack availability. As a result of simulation, it is proved that it can effectively detect P2P application, worm, bot, and DDoS attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.15-24
• /
• 2006

Many computer security systems use the signatures of well-known attacks to respond to hackers. For these systems, it is very important to get the accurate signatures of new attacks as soon as possible. For this reason, honeypots and honeypot farms have been actively researched. However, they can only collect a small amount of information because hackers have a strong tendency to directly attack servers of which IP addresses are allocated. In this paper, we propose an unused ports-based decoy system to redirect hackers toward honeypots. This system opens unused ports to lure hackers. All interactions with the unused ports are considered as suspect, because the ports aren't those for real service. Accordingly, every request sent to the unused ports is redirected to a honeypot. Consequently, this system enables honeypots to collect information about hackers attacking real servers other than themselves.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.946-949
• /
• 2008

네트워크를 사용하는 응용프로그램의 종류가 다양해지면서 네트워크 트래픽의 응용별 분류는 효율적인 네트워크 관리에 있어 그 중요성이 커지고 있지만, 오늘날 응용프로그램의 특징인 유동적인 포트번호 사용 및 패킷의 암호화 등은 트래픽의 응용별 분류를 더욱 어렵게 하고 있다. Well-known 포트기반의 응용별 분류방법의 단점을 극복하기 위하여 머신러닝 알고리즘과 Signature 기반 분석 방법들이 연구되고는 있지만 주장하는 높은 분석률에 비하여 실제 네트워크 트래픽에 적용하기에는 신뢰성이 부족하다. 본 논문에서는 일부 종단 호스트에 설치된 TMA(Traffic Measurement Agent)로 부터 수집한 응용프로그램의 트래픽 사용 정보를 기초로 하여 전체 네트워크 트래픽의 응용프로그램을 판별하는 응용 트래픽 분류 방법론을 제안한다. 제안된 방법론은 트래픽 플로우들의 상관관계를 이용하여 TMA 호스트 트래픽으로부터 TMA가 설치되지 않은 호스트에서 발생한 트래픽들의 응용을 판단하며, 분류 된 결과에 대하여 높은 신뢰성을 보장한다. 제안된 방법론은 학내 네트워크에 적용하여 그 타당성을 검증하였다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.1
• /
• pp.17-28
• /
• 2019

In the financial investment management strategy, the distributed investment selecting and combining various financial assets is called portfolio management theory. In recent years, the blockchain based financial assets, such as cryptocurrencies, have been traded on several well-known exchanges, and an efficient portfolio management approach is required in order for investors to steadily raise their return on investment in cryptocurrencies. On the other hand, deep learning has shown remarkable results in various fields, and research on application of deep reinforcement learning algorithm to portfolio management has begun. In this paper, we propose an efficient financial portfolio investment management method based on Asynchronous Advantage Actor-Critic (A3C), which is a representative asynchronous reinforcement learning algorithm. In addition, since the conventional cross-entropy function can not be applied to portfolio management, we propose a proper method where the existing cross-entropy is modified to fit the portfolio investment method. Finally, we compare the proposed A3C model with the existing reinforcement learning based cryptography portfolio investment algorithm, and prove that the performance of the proposed A3C model is better than the existing one.

• Transactions of the Korean Society of Mechanical Engineers
• /
• v.18 no.4
• /
• pp.912-919
• /
• 1994

The engine combustion is one of the most important processes affecting performance and emissions. One effective way to improve the engine combustion is to control the motion of the charge inside a cylinder by means of optimum induction system design, because the flame speed is mainly determined by the turbulence at compression(TDC) process in S.I. engine. It is believed that the tumble and swirl motion generated during intake stroke breaks down into small-scale turbulence in the compression stroke of the cycle. However, the exact nature of this relationship is not well known. This paper describes the tumble flow measurements inside the cylinder of a 4-valve S.I. engine using laser Doppler velocimetry(LDV) under motoring(non-firing) conditions. This is conducted on an optically assesed single cylinder research engine under motored conditions at an engine speed of 1000rpm. Three different cylinder head intake port configurations are studied to develop a better understanding the tumble flow generation, development, and breakdown mechanisms.

• Journal of Advanced Marine Engineering and Technology
• /
• v.32 no.4
• /
• pp.498-505
• /
• 2008

Many researches have been studied on in-cylinder flow as one of dominant effects for an engine combustion. The combustion phenomena of reciprocating engine is one of the most important processes affecting performance and emissions. One effective way to improve the engine combustion is to control the motion of the charge inside a cylinder by means of optimum induction system design. It is believed that the tumble and swirl motion generated during intake breaks down into small-scale turbulence in the compression stroke of the cycle. However, the exact nature of their relationship is not well known. To know this relationship definitely, this paper describes analytical results of the tumble motion, swirl motion, turbulence intensity, turbulence inside the cylinder of marine engine. 3-D computation has been performed by using STAR-CD solver and es-ice.

• IE interfaces
• /
• v.25 no.2
• /
• pp.163-169
• /
• 2012

This paper proposes an efficient portfolio management methodology named sSPPM with consideration of risk and required return. sSPPM employs Markowitz's portfolio model to select securities and adopts ($s$, $S$) policy that is a well-known technique in the inventory control area to revise the current portfolio. Computational experiments using virtual stock prices generated by monte carlo simulation method as well as real stock ones of KOSPI for recent 4 years are conducted to show the excellence of the portfolio management under ($s$, $S$) policy framework. The result shows that sSPPM is remarkably superior to both 6 or 12 months based periodic portfolio revision method and market (KOSPI index).

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.317-326
• /
• 2010

Nowadays, transmission bandwidth for network traffic is increasing and the type is varied such as peer-to-peer (PZP), real-time video, and so on, because distributed computing environment is spread and various network-based applications are developed. However, as PZP traffic occupies much volume among Internet backbone traffics, transmission bandwidth and quality of service(QoS) of other network applications such as web, ftp, and real-time video cannot be guaranteed. In previous research, the port-based technique which checks well-known port number and the Deep Packet Inspection(DPI) technique which checks the payload of packets were suggested for solving the problem of the P2P traffics, however there were difficulties to apply those methods to detection of P2P traffics because P2P applications are not used well-known port number and payload of packets may be encrypted. A proposed algorithm for identifying P2P heavy traffics based on flow transport parameters and behavioral characteristics can solve the problem of the port-based technique and the DPI technique. The focus of this paper is to identify P2P heavy traffic flows rather than all P2P traffics. P2P traffics are consist of two steps i)searching the opposite peer which have some contents ii) downloading the contents from one or more peers. We define P2P flow patterns on these P2P applications' features and then implement the system to classify P2P heavy traffics.