• Journal of Information Technology and Architecture
• /
• v.10 no.1
• /
• pp.101-111
• /
• 2013

Internet traffic volume has been increasing rapidly due to popularization of various smart devices and Internet development. In particular, HTTP-based traffic volume of smart devices is increasing rapidly in addition to desktop traffic volume. The increased mobile traffic can cause serious problems such as network overload, web security, and QoS. In order to solve these problems of the Internet overload and security, it is necessary to accurately detect applications. Traditionally, well-known port based method is utilized in traffic classification. However, this method shows low accuracy since P2P applications exploit a TCP/80 port, which is used for the HTTP protocol; to avoid firewall or IDS. Signature-based method is proposed to solve the lower accuracy problem. This method shows higher analysis rate but it has overhead of signature generation. Also, previous signature-based study only analyzes applications in HTTP protocol-level not application-level. That is, it is difficult to identify application name. Therefore, previous study only performs protocol-level analysis. In this paper, we propose a signature generation method to classify HTTP-based traffics in application-level using the characteristics of typical semi HTTP header. By applying our proposed method to campus network traffic, we validate feasibility of our method.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.59-71
• /
• 2014

System trading is becoming more popular among Korean traders recently. System traders use automatic order systems based on the system generated buy and sell signals. These signals are generated from the predetermined entry and exit rules that were coded by system traders. Most researches on system trading have focused on designing profitable entry and exit rules using technical indicators. However, market conditions, strategy characteristics, and money management also have influences on the profitability of the system trading. Unexpected price deviations from the predetermined trading rules can incur large losses to system traders. Therefore, most professional traders use strategy portfolios rather than only one strategy. Building a good strategy portfolio is important because trading performance depends on strategy portfolios. Despite of the importance of designing strategy portfolio, rule of thumb methods have been used to select trading strategies. In this study, we propose a SVM-based strategy portfolio management system. SVM were introduced by Vapnik and is known to be effective for data mining area. It can build good portfolios within a very short period of time. Since SVM minimizes structural risks, it is best suitable for the futures trading market in which prices do not move exactly the same as the past. Our system trading strategies include moving-average cross system, MACD cross system, trend-following system, buy dips and sell rallies system, DMI system, Keltner channel system, Bollinger Bands system, and Fibonacci system. These strategies are well known and frequently being used by many professional traders. We program these strategies for generating automated system signals for entry and exit. We propose SVM-based strategies selection system and portfolio construction and order routing system. Strategies selection system is a portfolio training system. It generates training data and makes SVM model using optimal portfolio. We make $m{\times}n$ data matrix by dividing KOSPI 200 index futures data with a same period. Optimal strategy portfolio is derived from analyzing each strategy performance. SVM model is generated based on this data and optimal strategy portfolio. We use 80% of the data for training and the remaining 20% is used for testing the strategy. For training, we select two strategies which show the highest profit in the next day. Selection method 1 selects two strategies and method 2 selects maximum two strategies which show profit more than 0.1 point. We use one-against-all method which has fast processing time. We analyse the daily data of KOSPI 200 index futures contracts from January 1990 to November 2011. Price change rates for 50 days are used as SVM input data. The training period is from January 1990 to March 2007 and the test period is from March 2007 to November 2011. We suggest three benchmark strategies portfolio. BM1 holds two contracts of KOSPI 200 index futures for testing period. BM2 is constructed as two strategies which show the largest cumulative profit during 30 days before testing starts. BM3 has two strategies which show best profits during testing period. Trading cost include brokerage commission cost and slippage cost. The proposed strategy portfolio management system shows profit more than double of the benchmark portfolios. BM1 shows 103.44 point profit, BM2 shows 488.61 point profit, and BM3 shows 502.41 point profit after deducting trading cost. The best benchmark is the portfolio of the two best profit strategies during the test period. The proposed system 1 shows 706.22 point profit and proposed system 2 shows 768.95 point profit after deducting trading cost. The equity curves for the entire period show stable pattern. With higher profit, this suggests a good trading direction for system traders. We can make more stable and more profitable portfolios if we add money management module to the system.

• Journal of Intelligence and Information Systems
• /
• v.27 no.1
• /
• pp.65-82
• /
• 2021

Stock market investors are generally split into foreign investors, institutional investors, and individual investors. Compared to individual investor groups, professional investor groups such as foreign investors have an advantage in information and financial power and, as a result, foreign investors are known to show good investment performance among market participants. The purpose of this study is to propose an investment strategy that combines investor-specific transaction information and machine learning, and to analyze the portfolio investment performance of the proposed model using actual stock price and investor-specific transaction data. The Korea Exchange offers daily information on the volume of purchase and sale of each investor to securities firms. We developed a data collection program in C# programming language using an API provided by Daishin Securities Cybosplus, and collected 151 out of 200 KOSPI stocks with daily opening price, closing price and investor-specific net purchase data from January 2, 2007 to July 31, 2017. The self-organizing map model is an artificial neural network that performs clustering by unsupervised learning and has been introduced by Teuvo Kohonen since 1984. We implement competition among intra-surface artificial neurons, and all connections are non-recursive artificial neural networks that go from bottom to top. It can also be expanded to multiple layers, although many fault layers are commonly used. Linear functions are used by active functions of artificial nerve cells, and learning rules use Instar rules as well as general competitive learning. The core of the backpropagation model is the model that performs classification by supervised learning as an artificial neural network. We grouped and transformed investor-specific transaction volume data to learn backpropagation models through the self-organizing map model of artificial neural networks. As a result of the estimation of verification data through training, the portfolios were rebalanced monthly. For performance analysis, a passive portfolio was designated and the KOSPI 200 and KOSPI index returns for proxies on market returns were also obtained. Performance analysis was conducted using the equally-weighted portfolio return, compound interest rate, annual return, Maximum Draw Down, standard deviation, and Sharpe Ratio. Buy and hold returns of the top 10 market capitalization stocks are designated as a benchmark. Buy and hold strategy is the best strategy under the efficient market hypothesis. The prediction rate of learning data using backpropagation model was significantly high at 96.61%, while the prediction rate of verification data was also relatively high in the results of the 57.1% verification data. The performance evaluation of self-organizing map grouping can be determined as a result of a backpropagation model. This is because if the grouping results of the self-organizing map model had been poor, the learning results of the backpropagation model would have been poor. In this way, the performance assessment of machine learning is judged to be better learned than previous studies. Our portfolio doubled the return on the benchmark and performed better than the market returns on the KOSPI and KOSPI 200 indexes. In contrast to the benchmark, the MDD and standard deviation for portfolio risk indicators also showed better results. The Sharpe Ratio performed higher than benchmarks and stock market indexes. Through this, we presented the direction of portfolio composition program using machine learning and investor-specific transaction information and showed that it can be used to develop programs for real stock investment. The return is the result of monthly portfolio composition and asset rebalancing to the same proportion. Better outcomes are predicted when forming a monthly portfolio if the system is enforced by rebalancing the suggested stocks continuously without selling and re-buying it. Therefore, real transactions appear to be relevant.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1210-1213
• /
• 2009

네트워크 트래픽의 응용 별 분류는 최근 학계의 중요한 이슈 중 하나이다. 기존의 전통적인 트래픽 분류 방법으로 대표되는 well-known 포트 기반 분류 방법 및 페이로드 시그니쳐 기반 분류 방법의 구조적 한계점을 극복하기 위한 새로운 대안으로써, 트래픽의 상관관계를 통한 분류 방법이 제안되었다. 본 논문에서는 트래픽 상관관계에 대한 정형화된 식이나 룰을 찾는데 유용한 정보를 제공하기 위해 인터넷 응용 별 트래픽을 동작형태의 관점에서 분석하였다. 학내 망에서 자주 사용되는 인터넷 응용을 선정하고, 이들이 실행 초기에 발생시키는 트래픽을 플로우와 패킷 단위로 분석한 내용을 기술하였다. 특히, 인터넷 응용이 발생시키는 플로우 중 페이로드가 존재하는 첫 플로우를 first talk 라 정의하였으며, 이에 대한 상세한 분석 내용을 기술하였다.

• Korean Management Science Review
• /
• v.32 no.1
• /
• pp.15-33
• /
• 2015

Under complete information, introducing additional constraints to a portfolio will have a negative impact on performance. However, real-life investments inevitably involve use of error-prone estimations, such as expected stock returns. In addition to the reality of incomplete data, investments of most Korean domestic equity funds are regulated externally by the government, as well as internally, resulting in limited maximum investment allocation to single stocks and risk free assets. This paper presents an investment framework, which takes such real-life situations into account, based on a newly developed portfolio selection model considering realistic constraints under incomplete information. Additionally, we examined the effects of additional constraints on portfolio's performance under incomplete information, taking the well-known Samsung and SK group stocks as performance benchmarks during the period beginning from the launch of each commercial fund, 2005 and 2007 respectively, up to 2013. The empirical study shows that an investment model, built under incomplete information with additional constraints, outperformed a model built without any constraints, and benchmarks, in terms of rate of return, standard deviation of returns, and Sharpe ratio.

• Journal of rehabilitation welfare engineering & assistive technology
• /
• v.5 no.1
• /
• pp.111-115
• /
• 2011

In this paper, we present a novel time-synchronization method for distributed systems to measure the body motion. The distributed system scheme is considered because human data acquisition systems tend to have a centralized controller with sensors connected with a long range of electric wires running through the subject's body, which results in inconvenience. Utilizing simple key switches and digital input ports for reading the key, the proposed method requires a very simple hardware structure, which means less power consumption compared with the well-known ubiquitous sensor network. After measuring the motion data as well as the synchronization pulses, the proposed method compensates, in offline, the difference of the sampling instance between the two systems by scaling the time difference. The paper presents experimental results to show the validity of the proposed method.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.12 no.6
• /
• pp.38-45
• /
• 2004

This paper studies the effects of intake port configuration on the swirl that is key parameter in the flow field of direct injection diesel engines. In-cylinder flow characteristics is known to have significant effects on fuel air mixing, combustion and emissions. To investigate the swirl flow generated by various intake ports, steady state flow tests were conducted to evaluate the swirl. Helical port geometry, SCV shape and bypass were selected as the design parameters to increase the swirl flow and parametric study was performed to choose the optimal port shape that would generate a high swirl ratio efficiently. The results revealed that a key factor in generating a high swirl ratio was to suitably control the direction of the intake air flow passing through the valve seat. For these purposes, we changed the distance of helical and tangential port as well as installed bypass near the valve seat and the effects of intake port geometry on in-cylinder flow field were visualized by a laser sheet visualization method. From the experimental results, we found that the swirl ratio and mass flow rate had a trade off relation. In addition, the result indicates that the bypass is a effective method to increase the swirl ratio without sacrificing mass flow rate.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2B
• /
• pp.91-97
• /
• 2006

As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.12
• /
• pp.1670-1675
• /
• 2020

In this study, to provide the basis for establishing effective network based countermeasures against DRDoS(Distributed Reflection Denial of Service) attacks, we propose a new 'DRDoS attack multi-level detection method' that identifies the network based characteristics of DRDoS and applies probability and statistical techniques. The proposed method removes the limit to which normal traffic can be indiscriminately blocked by unlimited competition in network bandwidth by amplification of reflectors, which is characteristic of DRDoS. This means that by comparing 'Server to Server' and 'Outbound Session Incremental' for it, accurate DRDoS identification and detection is possible and only statistical and probabilistic thresholds are applied to traffic. Thus, network-based information security systems can take advantage of this to completely eliminate DRDoS attack frames. Therefore, it is expected that this study will contribute greatly to identifying and responding to DRDoS attacks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.477-482
• /
• 2007

최근 다양한 P2P 프로그램을 많이 사용함에 따라 네트워크에서 생겨나는 트래픽의 상당 부분이 P2P가 발생시키는 트래픽으로 이미 HTTP, FTP의 양을 훨씬 뛰어넘고 있다. 현재 인터넷 환경에서 방화벽을 통과하기 위해 포트번호를 변경하여 통신을 하는 새로운 P2P응용들의 행동들은 전통적인 well-known port 기반의 응용프로그램을 구분하는 단순한 분석 방법만으로 신뢰하기가 어렵다. 새로운 P2P 응용들과 같은 트래픽 모니터링의 정확도를 높이기 위해서는 TCP/IP 헤더만이 아니라 패킷이 담고 있는 페이로드 내용에 대한 조사 차원의 모니터링 방법이 필요하다. 본 논문에서는 TCP/IP 헤더 정보와 더불어 패킷의 페이로드 내용을 조사하여 P2P 트래픽을 탐지하는 모니터링 기법을 제안한다. 이어 탐지되는 P2P 트래픽에 대하여 Linux Netfilter Framework의 Queuing Discipline에서 제공하는 계층적인 우선순위 큐를 사용하여 일정한 양의 대역폭을 할당하는 정책을 적용함으로써 안정적이면서 효율적인 네트워크 운용 방안을 제시한다.