• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.493-495
• /
• 2000

인터넷의 급속한 증가는 네트워크상의 트래픽 형성에 중요한 변화를 가져오게 되었다. 통신 성능 향상을 지원하는 과정에서 여러 가지 통신상의 이상 현상들이 발생하게 되었으며, 그로 인한 통신상의 성능 문제에 부딪히게 되었다. 본 논문에서는 이러한 네트워크상의 비정상적인 트래픽의 예 중에서 비순서적 도착(Out-of-Order)에 대해서 실험을 하였으며, 트래픽 컨디셔너라는 개념과 이 개념을 도입한 독립형 구현 모델을 이용해서 네트워크상의 통신 성능을 개선하는 방법에 대해서 설명한다.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.22 no.1
• /
• pp.75-80
• /
• 2012

Abnormal navigating ships affact the ships navigating normal routes seriously. So VTS centers and Korean Coast Guard co-work(cooperate) closely to trace the ships which break the regulations and make accidents. But it is evident that there is limitations to indetify the risk factors caused by men. Unfortunately there is very few of the researches on the identificaton of risk elements by men. This paper is to implement the intelligent system for identifying abnormal navigating ships by using fuzzy inference.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.44 no.4
• /
• pp.169-176
• /
• 2021

Maritime monitoring requirements have been beyond human operators capabilities due to the broadness of the coverage area and the variety of monitoring activities, e.g. illegal migration, or security threats by foreign warships. Abnormal vessel movement can be defined as an unreasonable movement deviation from the usual trajectory, speed, or other traffic parameters. Detection of the abnormal vessel movement requires the operators not only to pay short-term attention but also to have long-term trajectory trace ability. Recent advances in deep learning have shown the potential of deep learning techniques to discover hidden and more complex relations that often lie in low dimensional latent spaces. In this paper, we propose a deep autoencoder-based clustering model for automatic detection of vessel movement anomaly to assist monitoring operators to take actions on the vessel for more investigation. We first generate gridded trajectory images by mapping the raw vessel trajectories into two dimensional matrix. Based on the gridded image input, we test the proposed model along with the other deep autoencoder-based models for the abnormal trajectory data generated through rotation and speed variation from normal trajectories. We show that the proposed model improves detection accuracy for the generated abnormal trajectories compared to the other models.

• Journal of Korea Society of Industrial Information Systems
• /
• v.11 no.3
• /
• pp.34-39
• /
• 2006

This paper introduces a network security situation awareness tool using a traffic pattern map which facilitates recognizing a current network status by extracting and analyzing predetermined traffic features and displaying an abnormal or harmful traffic which deteriorates network performance. The traffic pattern-map consists of $26{\times}26$ intersections, on which the occupancy rate of the port having maximum occupancy is displayed as a bar graph. In general, in case of the Internet worm, the source address section on the traffic pattern map is activated. In case of DDoS the destination address section is activated.

• The Journal of the Korea Contents Association
• /
• v.4 no.4
• /
• pp.33-43
• /
• 2004

In this paper, a traffic trend analysis based SNMP algorithm is proposed for improving the problem of existing traffic analysis using SNMP. The existing traffic analysis method has a vulnerability that is taken much time In analyzing by using a threshold and not detected a harmful traffic at the point of transition. The method that is proposed in this paper can solve the problems that the existing method had, simultaneously using traffic trend analysis of the day, traffic trend analysis happening in each protocol and MIB object analysis responding to attacks instead of using the threshold. The algorithm proposed in this paper will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks. When traffic happens, it can detect the abnormality through the three analysis methods previously mentioned. After that, if abnormal traffic overlaps in at least two of the three methods, we can consider it as harmful traffic. The proposed algorithm will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks.

• Journal of Korea Spatial Information System Society
• /
• v.10 no.3
• /
• pp.55-65
• /
• 2008

For obtaining telematics traffic information(travel time or speed in an individual link), there are many kinds of devices to collect traffic data. Since the GPS satellite signals have been released to civil society, thank to the development of GPS technology, the GPS has become a very useful instrument for collecting traffic data. GPS can reduce the cost of installation and maintenance in contrast with existing traffic detectors which must be stationed on the ground. But. there are Problems when GPS data is applied to the existing filtering techniques used for analyzing the data collected by other detectors. This paper proposes a method to provide users with correct traffic information through filtering abnormal data caused by the unusual driving in collected data based on GPS. We have developed an algorithm that can be applied to real-time GPS data and create more reliable traffic information, by building patterns of past data and filtering abnormal data through selection of filtering areas using Quartile values. in order to verify the proposed algorithm, we experimented with actual traffic data that include probe cars equipped with a built-in GPS receiver which ran through Gangnam Street in Seoul. As a result of these experiments, it is shown that link travel speed data obtained from this algorithm is more accurate than those obtained by existing systems.

• Communications for Statistical Applications and Methods
• /
• v.18 no.4
• /
• pp.517-525
• /
• 2011

This paper shows the performance evaluation of a robust estimator based on the GARCH model. We first introduce the method of a robust estimate in the GARCH model and the method of an outlier detection in the GARCH model. The results of the real internet traffic data show the out-performance of the robust estimator over the outlier detection method in the GARCH model. In addition, the method of the robust estimate is less complex than the method of the outlier detection method in the GARCH model.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.33 no.2
• /
• pp.691-702
• /
• 2013

In this study the quantitative outlier-filtering algorithm has been developed using the smoothing method based on the day-of-the-week traffic volume variation pattern and then, in order to test the effectiveness of the algorithm, it has been used to identify outliers from the traffic volume data collected at 14 continuous traffic counts sites on the national highways in the year 2010. The test results are satisfactory since the filtering rate is 98.2% for normal days and the mis-filtering rate is 8.0% for abnormal days. Therefore, the algorithm will be able to be used for roughly-but-quickly filtering outliers from the collected traffic volume data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.4
• /
• pp.1307-1323
• /
• 2014

With the exhaustion of global IPv4 addresses, IPv6 technologies have attracted increasing attentions, and have been deployed widely. Meanwhile, new applications running over IPv6 networks will change the traditional traffic characteristics obtained from IPv4 networks. Traditional models obtained from IPv4 cannot be used for IPv6 network monitoring directly and there is a need to investigate those changes. In this paper, we explore the flow features of IPv6 traffic and compare its difference with that of IPv4 traffic from flow level. Firstly, we analyze the differences of the general flow statistical characteristics and users' behavior between IPv4 and IPv6 networks. We find that there are more elephant flows in IPv6, which is critical for traffic engineering. Secondly, we find that there exist many one-way flows both in the IPv4 and IPv6 traffic, which are important information sources for abnormal behavior detection. Finally, in light of the challenges of analyzing massive data of large-scale network monitoring, we propose a group flow model which can greatly reduce the number of flows while capturing the primary traffic features, and perform a comparative measurement analysis of group users' behavior dynamic characteristics. We find there are less sharp changes caused by abnormity compared with IPv4, which shows there are less large-scale malicious activities in IPv6 currently. All the evaluation experiments are carried out based on the traffic traces collected from the Northwest Regional Center of CERNET (China Education and Research Network), and the results reveal the detailed flow characteristics of IPv6, which are useful for traffic management and anomaly detection in IPv6.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.335-342
• /
• 2013

Nowadays, the traffic type and behavior are extremely diverse due to the growth of network speed and the appearance of various services on Internet. For efficient network operation and management, the importance of application-level traffic identification is more and more increasing in the area of traffic analysis. In recent years traffic identification methodology using statistical features of traffic flow has been broadly studied. However, there are several problems to be considered in the identification methodology base on statistical features of flow to improve the analysis accuracy. In this paper, we recognize these problems by analyzing the ground-truth traffic and propose the solution of these problems. The four problems considered in this paper are the distance measurement of features, the selection of the representative value of features, the abnormal behavior of TCP sessions, and the weight assignment to the feature. The proposed solutions were verified by showing the performance improvement through experiments in campus network.