• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.221-229
• /
• 2007

Security of the port TCP/80 has been demanded by reason that the others besides web services have been rapidly increasing use of the port. Existing traffic analysis approaches can't distinguish web services traffic from application services when traffic passes though the port. monitoring method based on protocol and port analysis were weak in analyzing harmful traffic using the web port on account of being unable to distinguish payload. In this paper, we propose a method of detecting harmful traffic by web traffic analysis. To begin, traffic Capture by real time and classify by web traffic. Classed web traffic sorts each application service details and apply weight and detect harmful traffic. Finally, method propose and implement through coding. Therefore have a purpose of these paper to classify existing traffic analysis approaches was difficult web traffic classified normal traffic and harmful traffic and improved performance.

• The Journal of the Korea Contents Association
• /
• v.4 no.4
• /
• pp.33-43
• /
• 2004

In this paper, a traffic trend analysis based SNMP algorithm is proposed for improving the problem of existing traffic analysis using SNMP. The existing traffic analysis method has a vulnerability that is taken much time In analyzing by using a threshold and not detected a harmful traffic at the point of transition. The method that is proposed in this paper can solve the problems that the existing method had, simultaneously using traffic trend analysis of the day, traffic trend analysis happening in each protocol and MIB object analysis responding to attacks instead of using the threshold. The algorithm proposed in this paper will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks. When traffic happens, it can detect the abnormality through the three analysis methods previously mentioned. After that, if abnormal traffic overlaps in at least two of the three methods, we can consider it as harmful traffic. The proposed algorithm will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.172-181
• /
• 2005

The latest attack type against network traffic appeared by worm and bot that are advanced in DDoS. It is difficult to detect them because they are diversified, intelligent, concealed and automated. The exisiting traffic analysis method using SNMP has a vulnerable problem; it considers normal P2P and other application program to be harmful traffic. It also has limitation that does not analyze advanced programs such as worm and bot to harmful traffic. Therefore, we analyzed harmful traffic out Protocol and Port analysis. We also classified traffic by protocol, well-known port, P2P port, existing attack port, and specification port, apply singularity weight to detect, and analyze attack availability. As a result of simulation, it is proved that it can effectively detect P2P application, worm, bot, and DDoS attack.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.185-192
• /
• 2006

By mistaking normal packets for harmful traffic, it may not offer service according to the intention of attacker with harmful traffic, because it is not easy to classify network traffic for normal service and it for DUoS(Distributed DoS) attack like the Internet worm. And in the IPv6 environment these researches on harmful traffic are weak. In this dissertation, hosts in the IPv6 environment are attacked by NETWIB and their attack traffic is monitored, then the statistical information of the traffic is obtained from MIB(Management Information Base) objects used in the IPv6. By adapting the ESM(Exponential Smoothing Method) to this information, a normal traffic boundary, i.e., a threshold is determined. Input traffic over the threshold is thought of as attack traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.4 s.36
• /
• pp.173-179
• /
• 2005

The continuous development of computing technique and network technology bring the explosive growth of the Internet, it accomplished the role which is import changes the base facility in the social whole and public infra, industrial infrastructure, culture on society-wide to Internet based environment. Recently the rapid development of information and technology environment is quick repeated the growth and a development which is really unexampled in the history but it has a be latent vulnerability, Therefore the damage from this vulnerability like worm, hacking increases continually. In this paper, in order to resolve this problem, implement the analysis system for harmful traffic for defending new types of attack and analyzing the traffic takes a real-time action against intrusion and harmful information packet.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.05a
• /
• pp.87-90
• /
• 2005

The rapid development of computing and network environment has brought about the potential vulnerability. Therefore the damage from this vulnerability like Worm, hacking increases continually. In order to resolve this problem, implement the analysis system for mischievous traffic for defending new types of attack and analyzing the traffic takes a real-time action against intrusion and harmful information packet.

• Journal of the Korean Institute of Telematics and Electronics S
• /
• v.36S no.8
• /
• pp.1-7
• /
• 1999

The Internet is emerging as a powerful tool in the area of information and communication technology. The WWW has been especially contributed to increase the internet demand because of its browser which has "Graphic User Interface". Nowadays number of hosts that supply harmful information such as pornographic materials, and the infringement of human rights is rapidly increased. Access to such materials is very easy. Therefore security system which will protect young users from access to harmful host is needed. This paper presents implementation of user system has database about harmful hosts at the Internet and monitors that the user traffic over LAM get touch with the hosts. The system can not make the user access the harmful host because it can over LAN. The performance analysis on the developed system monitoring the traffic over LAN of Andong university is carried out. The performance analysis of monitoring results satisfies with preventing users from the connection to the internet harmful sites.

• Journal of Korea Society of Industrial Information Systems
• /
• v.11 no.3
• /
• pp.34-39
• /
• 2006

This paper introduces a network security situation awareness tool using a traffic pattern map which facilitates recognizing a current network status by extracting and analyzing predetermined traffic features and displaying an abnormal or harmful traffic which deteriorates network performance. The traffic pattern-map consists of $26{\times}26$ intersections, on which the occupancy rate of the port having maximum occupancy is displayed as a bar graph. In general, in case of the Internet worm, the source address section on the traffic pattern map is activated. In case of DDoS the destination address section is activated.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.11a
• /
• pp.195-199
• /
• 2005

The IPv6 environment combined the home network and the Internet with has arrived, the damages cased by the attacks from the worm attacks and the various virus has been increased. In this paper we analyze the traffics of TCP, UDP and ICMP, and propose for a method to detect harmful traffics in the IPv6 environment.

• The Korean Journal of Emergency Medical Services
• /
• v.1 no.1
• /
• pp.100-111
• /
• 1997

This is the first Korea study to evaluate the effects od the safety of ambulance driving and the occurrence of ambulance traffic accidents and to provide basic informaion for the description of various factors to reduce the ambulance traffic accidents. The major insturment of this study were Krean Self-Analysis Driver Opinionnaire. Questionnaire contains 8 items which measure driver's opinions or attitudes : driving courtesy, emotion, traffic law, speed, vehicle conditions, the use of drugs, high-risk behaviors, and human factors. To take the analysis of data, the total of 350 divers were investigated ambulance divers and others in Taejon City and others (6 City) from 1996. 1. July to 1996. 31. July. The data were analyzed by the descriptive statistics and the logistic regression - path analysis - with SPSS and SAS package program. The result are as follows : 1. There was desirable attitude group(16.2%) and undesirable attitude group(17.6%) on safety ambulance driving. 2. It have suggested that risk factors of ambulance traffic accidents much affected with emotion and speed control on safety ambulance driving < Y(Accdient) = -2.64 + 0.57 $X_1$ (Emotion Control) + 0.30 $X_2$(Seed control) + E > and motor traffic acident much affected with emotion control and high-risk behavior on safety driving < Y(Accident) = -1.11 + 0.33 $X_1$(Emotion Control) + 0.29 $X_2$(High-risk Behvior) + E > 4. The primary emphassis of ambulance drivers was make us realized that improthatnt factors on safety ambulance driving were 1)making way for emergent ambulance, 2)driver's career, 3)The ability of emergency medical technics, and the knowledge or under standing of ambulance way difficut(or easy) of accdess. 5. Almost 96.6% of respondents have agreed to necessity of emergency medical technics for ambulance drivers. 6. Almost 94.6% of respondents have consented to necessity of emergtency medical technicians for ambulance driving. 7. It have suggested that the proportion of traffic accident proportion by desitable attitude group(16.7%) was much less than that of undesirable attitude group(30.8%) on safety ambulance driving(P < 0.05)/Ps) Accidents are unplanned, unforesen incidents which can lead to harmful or unfortunate outcomes, Collisons are not accidents, since the basic cause of the majority of collisons invovles high-risk human behavior. Although there are many factors which contribute to accident causation, four basic factors seem to predominate in most traffic related situations. These four factors include: the human factor, the vehicle factor, the environmental factors and destination factor(Peto G. et al. 1995).