• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.221-229
• /
• 2007

Security of the port TCP/80 has been demanded by reason that the others besides web services have been rapidly increasing use of the port. Existing traffic analysis approaches can't distinguish web services traffic from application services when traffic passes though the port. monitoring method based on protocol and port analysis were weak in analyzing harmful traffic using the web port on account of being unable to distinguish payload. In this paper, we propose a method of detecting harmful traffic by web traffic analysis. To begin, traffic Capture by real time and classify by web traffic. Classed web traffic sorts each application service details and apply weight and detect harmful traffic. Finally, method propose and implement through coding. Therefore have a purpose of these paper to classify existing traffic analysis approaches was difficult web traffic classified normal traffic and harmful traffic and improved performance.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.185-192
• /
• 2006

By mistaking normal packets for harmful traffic, it may not offer service according to the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DUoS(Distributed DoS) attack like the Internet worm. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWIB and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

• The Journal of the Korea Contents Association
• /
• v.4 no.4
• /
• pp.33-43
• /
• 2004

In this paper, a traffic trend analysis based SNMP algorithm is proposed for improving the problem of existing traffic analysis using SNMP. The existing traffic analysis method has a vulnerability that is taken much time In analyzing by using a threshold and not detected a harmful traffic at the point of transition. The method that is proposed in this paper can solve the problems that the existing method had, simultaneously using traffic trend analysis of the day, traffic trend analysis happening in each protocol and MIB object analysis responding to attacks instead of using the threshold. The algorithm proposed in this paper will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks. When traffic happens, it can detect the abnormality through the three analysis methods previously mentioned. After that, if abnormal traffic overlaps in at least two of the three methods, we can consider it as harmful traffic. The proposed algorithm will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.172-181
• /
• 2005

The latest attack type against network traffic appeared by worm and bot that are advanced in DDoS. It is difficult to detect them because they are diversified, intelligent, concealed and automated. The exisiting traffic analysis method using SNMP has a vulnerable problem; it considers normal P2P and other application program to be harmful traffic. It also has limitation that does not analyze advanced programs such as worm and bot to harmful traffic. Therefore, we analyzed harmful traffic out Protocol and Port analysis. We also classified traffic by protocol, well-known port, P2P port, existing attack port, and specification port, apply singularity weight to detect, and analyze attack availability. As a result of simulation, it is proved that it can effectively detect P2P application, worm, bot, and DDoS attack.

• The Journal of the Korea Contents Association
• /
• v.5 no.6
• /
• pp.378-385
• /
• 2005

Mistaking normal packets for harmful traffic may not offer service in conformity with the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DDoS(Distributed Denial of Service) attack. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWOX and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.4 s.36
• /
• pp.173-179
• /
• 2005

The continuous development of computing technique and network technology bring the explosive growth of the Internet, it accomplished the role which is import changes the base facility in the social whole and public infra, industrial infrastructure, culture on society-wide to Internet based environment. Recently the rapid development of information and technology environment is quick repeated the growth and a development which is really unexampled in the history but it has a be latent vulnerability, Therefore the damage from this vulnerability like worm, hacking increases continually. In this paper, in order to resolve this problem, implement the analysis system for harmful traffic for defending new types of attack and analyzing the traffic takes a real-time action against intrusion and harmful information packet.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.5 no.5
• /
• pp.447-453
• /
• 2004

In this paper, we propose a new system to block harmful Internet information based on IP spoofing. The proposed system is located on a organization's internal network and monitors all outgoing traffic and lets all this traffic go outside. Once the proposed system detects a host's access to a harmful site, it sends the host a pseudo RST packet that pretends to be the response from the harmful site, and prevents the connection between the host and the harmful site. The proposed software system is installed on only a server, and need not be installed on user hosts at all. Thus we can maintain and upgrade the blocking system easily. The performance evaluation of the proposed system shows that it effectively blocks the access to the harmful sites. Since the proposed system is based on IP spoofing, it can be used badly as a hacking tool. Finally we propose some methods to eliminate this possibility.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.05a
• /
• pp.83-86
• /
• 2005

Recently, demage of denial of service attack and worm attack has grown larger and larger every year. But Research of harmful traffic detection is not sufficient when the IPv4 environment is replaced with the IPv6 environment in near future. The purpose of this paper is attact detection which has been detected harmful traffic monitoring on the IPv6 using the Internet management protocol SNMP.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.05a
• /
• pp.87-90
• /
• 2005

The rapid development of computing and network environment has brought about the potential vulnerability. Therefore the damage from this vulnerability like Worm, hacking increases continually. In order to resolve this problem, implement the analysis system for mischievous traffic for defending new types of attack and analyzing the traffic takes a real-time action against intrusion and harmful information packet.

• Journal of the Korean Institute of Telematics and Electronics S
• /
• v.36S no.8
• /
• pp.1-7
• /
• 1999

The Internet is emerging as a powerful tool in the area of information and communication technology. The WWW has been especially contributed to increase the internet demand because of its browser which has "Graphic User Interface". Nowadays number of hosts that supply harmful information such as pornographic materials, and the infringement of human rights is rapidly increased. Access to such materials is very easy. Therefore security system which will protect young users from access to harmful host is needed. This paper presents implementation of user system has database about harmful hosts at the Internet and monitors that the user traffic over LAM get touch with the hosts. The system can not make the user access the harmful host because it can over LAN. The performance analysis on the developed system monitoring the traffic over LAN of Andong university is carried out. The performance analysis of monitoring results satisfies with preventing users from the connection to the internet harmful sites.