• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권10호
• /
• pp.3771-3792
• /
• 2021

With the rapid development of science and technology, several high-performance networks have emerged with various new applications. Consequently, financially or socially motivated attacks on specific networks have also steadily become more complicated and sophisticated. To reduce the damage caused by such attacks, administration of network traffic flow in real-time and precise analysis of past attack traffic have become imperative. Although various traffic analysis methods have been studied recently, they continue to suffer from performance limitations and are generally too complicated to apply in existing systems. To address this problem, we propose a method to calculate the correlation between the malicious and normal flows and classify attack traffics based on the corresponding correlation values. In order to evaluate the performance of the proposed method, we conducted several experiments using examples of real malicious traffic and normal traffic. The evaluation was performed with respect to three metrics: recall, precision, and f-measure. The experimental results verified high performance of the proposed method with respect to first two metrics.

• International Journal of Computer Science & Network Security
• /
• 제23권11호
• /
• pp.99-109
• /
• 2023

The darknet is frequently referred to as the hub of illicit online activity. In order to keep track of real-time applications and activities taking place on Darknet, traffic on that network must be analysed. It is without a doubt important to recognise network traffic tied to an unused Internet address in order to spot and investigate malicious online activity. Any observed network traffic is the result of mis-configuration from faked source addresses and another methods that monitor the unused space address because there are no genuine devices or hosts in an unused address block. Digital systems can now detect and identify darknet activity on their own thanks to recent advances in artificial intelligence. In this paper, offer a generalised method for deep learning-based detection and classification of darknet traffic. Furthermore, analyse a cutting-edge complicated dataset that contains a lot of information about darknet traffic. Next, examine various feature selection strategies to choose a best attribute for detecting and classifying darknet traffic. For the purpose of identifying threats using network properties acquired from darknet traffic, devised a hybrid deep learning (DL) approach that combines Recurrent Neural Network (RNN) and Bidirectional LSTM (BiLSTM). This probing technique can tell malicious traffic from legitimate traffic. The results show that the suggested strategy works better than the existing ways by producing the highest level of accuracy for categorising darknet traffic using the Black widow optimization algorithm as a feature selection approach and RNN-BiLSTM as a recognition model.

• 디지털산업정보학회논문지
• /
• 제9권4호
• /
• pp.95-101
• /
• 2013

MANET has an advantage that can build a network quickly and easily in difficult environment to build network. In particular, routing protocol that uses in existing mobile environment cannot be applied literally because it consists of only mobile node. Thus, routing protocol considering this characteristic is necessary. Malicious nodes do extensive damage to the whole network because each mobile node has to act as a router. In this paper, we propose technique that can detect accurately the suspected node which causes severely damage to the performance of the network. The proposed technique divides the whole network to zone of constant size and is performed simultaneously detection technique based zone and detection technique by collaboration between nodes. Detection based zone translates the information when member node finishes packet reception or transmission to master node managing zone and detects using this. The collaborative detection technique uses the information of zone table managing in master node which manages each zone. The proposed technique can reduce errors by performing detection which is a reflection of whole traffic of network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권11호
• /
• pp.5354-5369
• /
• 2019

Sensor networks are deployed in unheeded environment to monitor the situation. In view of the unheeded environment and by the nature of their communication channel sensor nodes are vulnerable to various attacks most commonly malicious packet dropping attacks namely blackhole, grayhole attack and sinkhole attack. In each of these attacks, the attackers capture the sensor nodes to inject fake details, to deceive other sensor nodes and to interrupt the network traffic by packet dropping. In all such attacks, the compromised node advertises itself with fake routing facts to draw its neighbor traffic and to plunge the data packets. False routing advertisement play vital role in deceiving genuine node in network. In this paper, behavior based routing misbehavior detection (BRMD) is designed in wireless sensor networks to detect false advertiser node in the network. Herein the sensor nodes are monitored by its neighbor. The node which attracts more neighbor traffic by fake routing advertisement and involves the malicious activities such as packet dropping, selective packet dropping and tampering data are detected by its various behaviors and isolated from the network. To estimate the effectiveness of the proposed technique, Network Simulator 2.34 is used. In addition packet delivery ratio, throughput and end-to-end delay of BRMD are compared with other existing routing protocols and as a consequence it is shown that BRMD performs better. The outcome also demonstrates that BRMD yields lesser false positive (less than 6%) and false negative (less than 4%) encountered in various attack detection.

• 정보보호학회논문지
• /
• 제23권4호
• /
• pp.721-728
• /
• 2013

빅데이터는 오늘날 가장 각광받고 있는 데이터 수집 및 분석기술의 경향으로, 대량의 비정형 데이터 분석을 요구하는 다양한 분야에 접목되어 효용성을 인정받고 있다. 네트워크 트래픽 분석 역시 대량의 비정형 데이터를 다루는 분야로, 빅데이터 접목시 그 효과가 극대화될 수 있다. 따라서 본 논문에서는 고도의 보안이 요구되는 군 C4I망과 같은 내부망 환경의 침해사고 및 이상행위를 실시간으로 탐지하기 위한 빅데이터 기반의 네트워크 트래픽 분석 플랫폼(RENTAP)을 소개한다. 빅데이터 분석 지원을 위해 최근 각광받고 있는 오픈소스 솔루션들을 대상으로 비교 분석을 수행하였으며, 선정된 솔루션을 기반으로 고안된 최종 설계에 대해서 설명한다.

• IEIE Transactions on Smart Processing and Computing
• /
• 제5권2호
• /
• pp.94-99
• /
• 2016

Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

• 한국산학기술학회논문지
• /
• 제15권8호
• /
• pp.5256-5262
• /
• 2014

최근 국가기관, 언론사, 금융권 등에 대하여 분산 서비스 거부(Distributed Denial of Service, DDoS) 공격, 악성코드 유포 등 무차별 사이버테러가 발생하고 있다. DDoS 공격은 네트워크 계층에서의 대역폭 소모를 주된 공격 방법으로 정상적인 사용자와 크게 다르지 않는 패킷을 이용하여 공격을 하기 때문에 탐지 및 대응이 어렵다. 이러한 인터넷 비정상적인 트래픽이 증가하여 네트워크의 안전성 및 신뢰성을 위협하고 있어 비정상 트래픽에 대한 발생 징후를 사전에 탐지하여 대응할 수 있는 방안의 필요성이 대두되고 있다. 본 연구에서는 비정상 트래픽 탐지 기법에 대한 현황 및 문제점을 분석하고, 예측방법인 추세 모형, 지수평활법, 웨이브렛 분석 방법 등을 비교 분석하여 인터넷 트래픽의 특성을 실시간으로 분석 및 예측이 가능한 가장 적합한 예측 모형을 이용한 탐지 방법을 제안하고자 한다.

• 한국인공지능학회지
• /
• 제11권2호
• /
• pp.19-27
• /
• 2023

In recent times, an exponential increase in Internet traffic has been observed as a result of advancing development of the Internet of Things, mobile networks with sensors, and communication functions within various devices. Further, the COVID-19 pandemic has inevitably led to an explosion of social network traffic. Within this context, considerable attention has been drawn to research on network traffic analysis based on machine learning. In this paper, we design and develop a new machine learning framework for network traffic analysis whereby normal and abnormal traffic is distinguished from one another. To achieve this, we combine together well-known machine learning algorithms and network traffic analysis techniques. Using one of the most widely used datasets KDD CUP'99 in the Weka and Apache Spark environments, we compare and investigate results obtained from time series type analysis of various aspects including malicious codes, feature extraction, data formalization, network traffic measurement tool implementation. Experimental analysis showed that while both the logistic regression and the support vector machine algorithm were excellent for performance evaluation, among these, the logistic regression algorithm performs better. The quantitative analysis results of our proposed machine learning framework show that this approach is reliable and practical, and the performance of the proposed system and another paper is compared and analyzed. In addition, we determined that the framework developed in the Apache Spark environment exhibits a much faster processing speed in the Spark environment than in Weka as there are more datasets used to create and classify machine learning models.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권9호
• /
• pp.4641-4657
• /
• 2017

Named Data Networking (NDN) has emerged and become one of the most promising architectures for future Internet. However, like traditional IP-based networking paradigm, NDN may not evade some typical network threats such as malicious data aggregates (MDA), which may lead to bandwidth exhaustion, traffic congestion and router overload. This paper firstly analyzes the damage effect of MDA using realistic simulations in large-scale network topology, showing that it is not just theoretical, and then designs a fine-grained MDA mitigation mechanism (MDAM) based on the cooperation between routers via alert messages. Simulations results show that MDAM can significantly reduce the Pending Interest Table overload in involved routers, and bring in normal data-returning rate and data-retrieval delay.

• 한국전자통신학회논문지
• /
• 제8권12호
• /
• pp.1849-1856
• /
• 2013

서비스 거부공격, 즉 DDoS(Destribute Denial of Service) 공격은 정상적인 사용자가 서비스를 이용하지 못하도록 방해하는 공격 기법이다. DDoS 공격에 대응하기 위해서는 공격주체, 공격대상, 그리고 그 사이의 네트워크를 대상으로 다양한 기법들이 연구개발 되고 있으나 모두 완벽한 답이 되지 못하고 있는 실정이다. 본 연구에서는 DDoS 공격이 발생하는 근원지에서 공격의 사전 준비작업 혹은 공격에 이용되는 봇이나 악성코드 등이 발생시키는 네트워크 트래픽의 분석을 통해 발견된 악성코드 및 봇을 제거하거나 공격 트래픽을 중도에서 차단함으로써 DDoS 공격에 대해 효율적으로 대응하는 방법을 개발하는 것을 목적으로 한다.