• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.240-259
• /
• 2020

Analyzing network traffic is the basis of dealing with network security issues. Most of the network security systems depend on the feature selection of network traffic data and the detection ability of malicious traffic in network can be improved by the correct method of feature selection. An FAFS method, which is short for Fuzzy Association Feature Selection method, is proposed in this paper for network malicious traffic detection. Association rules, which can reflect the relationship among different characteristic attributes of network traffic data, are mined by association analysis. The membership value of association rules are obtained by the calculation of fuzzy reasoning. The data features with the highest correlation intensity in network data sets are calculated by comparing the membership values in association rules. The dimension of data features are reduced and the detection ability of malicious traffic detection algorithm in network is improved by FAFS method. To verify the effect of malicious traffic feature selection by FAFS method, FAFS method is used to select data features of different dataset in this paper. Then, K-Nearest Neighbor algorithm, C4.5 Decision Tree algorithm and Naïve Bayes algorithm are used to test on the dataset above. Moreover, FAFS method is also compared with classical feature selection methods. The analysis of experimental results show that the precision and recall rate of malicious traffic detection in the network can be significantly improved by FAFS method, which provides a valuable reference for the establishment of network security system.

• Journal of Digital Contents Society
• /
• v.8 no.1
• /
• pp.69-76
• /
• 2007

The blocking of malicious traffic in groupware network system is used to prevent the spread and distribution of malicious traffic. The method protecting from malicious traffic in groupware system is designed to handle the malicious traffic of various routes with the internal course of groupware, which leads to lighten the load of security and traffic. It was impossible to block this kind of traffic at the traditional structure. When the protection of the proposed groupware system is performed, there appears to be a great change for the rate of a load factor at the CPU of Backbone Switch which is connected to the internal gateway. The load factor of CPU, which was increased with the traffic, is now remarkably reduced after the internal gateway is set up. This is to show that a lot of malicious traffic pass through the internal network and that network environment is faced to the menace of many malicious traffics. This paper is to show the efficiency of protection of internal gateway proposed in this study, for the rate of CPU of Backbone Switch was about 17% a day, but was dropped up to the 4% after the malicious traffic was removed.

• KNOM Review
• /
• v.22 no.1
• /
• pp.20-29
• /
• 2019

Recently, various machine learning based traffic classification methods are focused on detecting malicious network traffic. In this paper, convolutional neural network based malicious network traffic classification method is introduced and its performance is evaluated. In order to utilize the convolutional neural network which is excellent in analyzing images, a image transform method from important information of network traffic to a standardized image is proposed, and the transformed images are used as learning input of a CNN network traffic classifier. By using the real network traffic dataset, the proposed image transform method and CNN based network traffic classification method are evaluated. Especially, under various configurations of CNN, the performance of the proposed method is evaluated.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.69-78
• /
• 2023

With the global rise of digital data, the uncontrolled quantity of data is susceptible to cyber warfare or cyber attacks. Therefore, it is necessary to improve cyber security systems. This research studies the behavior of malicious acts and uses Higuchi Fractal Dimension (HFD), which is a non-linear mathematical method to examine the intricacy of the behavior of these malicious acts and anomalies within the cyber physical system. The HFD algorithm was tested successfully using synthetic time series network data and validated on real-time network data, producing accurate results. It was found that the highest fractal dimension value was computed from the DoS attack time series data. Furthermore, the difference in the HFD values between the DoS attack data and the normal traffic data was the highest. The malicious network data and the non-malicious network data were successfully classified using the Receiver Operating Characteristics (ROC) method in conjunction with a scaling stationary index that helps to boost the ROC technique in classifying normal and malicious traffic. Hence, the suggested methodology may be utilized to rapidly detect the existence of abnormalities in traffic with the aim of further using other methods of cyber-attack detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.579-589
• /
• 2017

The cloud environment is hypervisor-based, and many virtual machines are interconnected, which makes propagation of malicious code easier than other environments. Accordingly, this paper proposes a malicious traffic dynamic analysis system for secure cloud environment. The proposed system continuously monitors and analyzes malicious activity in an isolated virtual network environment by distinguishing malicious traffic that occurs in a cloud environment. In addition, the analyzed results are reflected in the distinguishment and analysis of malicious traffic that occurs in the future. The goal of this research is secure and efficient malicious traffic dynamic analysis by constructing the malicious traffic analysis environment in the cloud environment for detecting and responding to the new and variant malicious traffic generated in the cloud environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.87-97
• /
• 2009

Internet network routing system is used to prevent spread and distribution of malicious data traffic. This study is based on analysis of diagnostic weakness structure in the network security domain. We propose an improved integrated multi-level protection domain for in the internal route of groupware. This paper's protection domain is designed to handle the malicious data traffic in the groupware and finally leads to lighten the load of data traffic and improve network security in the groupware. Infrastructure of protection domain is transformed into five-stage blocking domain from two or three-stage blocking. Filtering and protections are executed for the entire server at the gateway level and internet traffic route ensures differentiated protection by dividing into five-stage. Five-stage multi-level network security domain's malicious data traffic protection performance is better than former one. In this paper, we use a trust evaluation metric for measuring the security domain's performance and suggested algorithm.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.211-219
• /
• 2006

As the wireless network is popular and expanded, it is necessary to development the IDS(Intrusion Detection System)/Filtering System from the malicious wireless traffic. We propose the W-Sensor SW which detects the malicious wireless traffic and the W-TMS system which filters the malicious traffic by W-Sensor log in this paper. It is efficient to detect the malicious traffic and adaptive to change the security rules rapidly by the proposed W-Sensor SW. The designed W-Sensor by installing on a notebook supports the mobility of IDS in compare with the existed AP based Sensor.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.37-44
• /
• 2011

Recently malicious activities that is a DDoS, spam, propagation of malware, steeling person information, phishing on the Internet are related malicious botnet. To detect malicious botnet, Many researchers study a detection system for malicious botnet, but these applies specific protocol, action or attack based botnet. In this reason, we study a selection of measurement to detec malicious botnet in this paper. we collect a traffic of malicious botnet and analyze it for feature of network traffic. And we select a feature based measurement. we expect to help a detection of malicious botnet through this study.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.49-57
• /
• 2006

Firewall to block a network access of unauthorized IP system and IDS (Intrusion Detection System) to detect malicious code pattern to be known consisted the main current of the information security system at the past. But, with rapid growth the diffusion speed and damage of malicious code like the worm, study of the unknown attack traffic is processed actively. One of such method is detection technique using traffic statistics information on the network viewpoint not to be an individual system. But, it is very difficult but to reserve traffic raw data or statistics information. Therefore, we present extraction technique of a network traffic Raw data and a statistics information like the time series. Also, We confirm the validity of a mixing traffic and show the evidence which is suitable to the experiment.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2016.07a
• /
• pp.305-306
• /
• 2016

최근에 게임 플레이어들을 노리는 악성코드가 발견돼 사용자들의 주의가 필요하다. 게임 플레이어를 노리는 악성코드는 이전부터 존재해왔지만 이번에 발견된 악성코드는 게임 콘텐츠로 위장한 사례로, 직.간접적으로 게임을 즐기는 불특정 다수를 대상으로 하고 있다. 본 논문에서는 게임 콘텐츠를 위장하여 악성코드를 이용한 사이버 공격에 대한 사전 차단을 위하여 악성코드 탐지엔진에서 수집된 트래픽 정보로부터 악성링크를 판단할 수 있는 실시간 악성링크 탐지 기능을 제안한다.