• Electronics and Telecommunications Trends
• /
• v.38 no.5
• /
• pp.71-80
• /
• 2023

With the rapid advancement of the Internet, the use of encrypted traffic has surged in order to protect data during transmission. Simultaneously, network attacks have also begun to leverage encrypted traffic, leading to active research in the field of encrypted traffic analysis to overcome the limitations of traditional detection methods. In this paper, we provide an overview of the encrypted traffic analysis field, covering the analysis process, domains, models, evaluation methods, and research trends. Specifically, it focuses on the research trends in the field of anomaly detection in encrypted network traffic analysis. Furthermore, considerations for model development in encrypted traffic analysis are discussed, including traffic dataset composition, selection of traffic representation methods, creation of analysis models, and mitigation of AI model attacks. In the future, the volume of encrypted network traffic will continue to increase, particularly with a higher proportion of attack traffic utilizing encryption. Research on attack detection in such an environment must be consistently conducted to address these challenges.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.872-885
• /
• 2015

The rapid increase of smart mobile devices and mobile applications has led to explosive growth of data traffic in cellular network. Offloading data traffic becomes one of the most urgent technical problems. Recent work has proposed to exploit opportunistic communications to offload cellular traffic for mobile data dissemination services, especially for accepting large delayed data. The basic idea is to deliver the data to only part of subscribers (called target-nodes) via the cellular network, and allow target-nodes to disseminate the data through opportunistic communications. Human mobility shows temporal and spatial characteristics and predictability, which can be used as effective guidance efficient opportunistic communication. Therefore, based on the regularity of human mobility we propose NodeRank algorithm which uses the encounter characteristics between nodes to choose target nodes. Different from the existing work which only using encounter frequency, NodeRank algorithm combined the contact time and inter-contact time meanwhile to ensure integrity and availability of message delivery. The simulation results based on real-world mobility traces show the performance advantages of NodeRank in offloading efficiency and network redundant copies.

• Journal of the Korea Society for Simulation
• /
• v.11 no.4
• /
• pp.15-23
• /
• 2002

As recently the network environment and application services have been more complex and diverse, there has. In this paper we introduce a scheme the extract useful information for network management by analyzing traffic data in user login file. For this purpose we use classification and association rule based on episode concept in data mining. Since login data has inherently time series characterization, convertible data mining algorithms cannot directly applied. We generate virtual transaction, classify transactions above threshold value in time window, and simulate the classification algorithm.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.21 no.8
• /
• pp.1970-1975
• /
• 1996

The characteristics of data traffic on the Ethernet LAN are investigated on the basis of measurements. The analysis on the arrival pattern of packets on the network is found not to be a Poission process but to be Weibull distributions. An analysis of network traffic, packet arrivals are found to exhibit a 'source locality'. It is observed that file transfers are reponsible for about 92% of the traffic on the network. Our results will be useful for modelling purposes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.2
• /
• pp.313-329
• /
• 2011

To provide a seamless network to customers, Internet service providers must promptly detect and control abnormal traffic. One approach is to shorten the traffic information measurement cycle. However, performance degradation is inevitable if traffic measurement servers merely shorten the cycle and measure all traffic. This paper presents a software architecture that can measure traffic more frequently without degrading performance by estimating the level of abnormal traffic. The algorithm in the architecture estimates the values of the interface group objects in MIB by using the IP group objects thereby reducing the number of measurements and the size of measured data. We evaluated this architecture on part of Internet service provider's IP network. When the traffic was measured 5 times more than before, the CPU usage and TPS of the proposed scheme was 7% and 41% less than that of the original scheme while the false positive rate and false negative rate were 3.2% and 2.7% respectively.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.6
• /
• pp.103-112
• /
• 2010

A study on network traffic analysis and modeling has been exclusively done due to its importance. However, conventional studies on network traffic analysis and modeling only focus on transmitting simple packet stream or traffic features of specific application, such as HTTP. In this paper, we propose a network traffic generator, which reflects the characteristics of multimedia data. To analyze the traffics of online game, which is one of the most popular multimedia contents, we modeled the distribution according to the time between packets and packet size random variable and designed the traffic generator which has the model for input. We generated the traffics of L4D(Left4Dead), WoW(World of Warcraft) with proposed network traffic generator and we found that the generated traffics have similar distributions with real data.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.11 no.1
• /
• pp.15-24
• /
• 2008

The data delivery confirmation method of MIL-STD-188-220C, which is a tactical wireless mobile Ad-Hoc communication protocol, is that a source node requires the end-to-end ack from all destination nodes and the data-link ack from 1-hop neighboring destination nodes and relaying nodes, regardless of the hop distance from a source node to destination nodes. This method has the problem to degrade the whole communication network performance because of excessive data traffic due to the duplicate use of end-to-end ack and data-link ack, and the collision among end-to-end acks on the wireless network in the case of confirming a data delivery within an 1-hop distance. In order to solve this problem, this paper has proposed the method to perform the data delivery confirmation with the improvement of communication network performance through the data traffic reduction by achieving the reliable data delivery confirmation requiring the only data-link ack within an 1-hop distance. The effects of the proposed method are analyzed in the two aspects of the data delivery confirmation delay time and the data delivery confirmation success ratio.

• Journal of Korean Society of Transportation
• /
• v.26 no.4
• /
• pp.205-215
• /
• 2008

As static traffic assignment has reached its limitation with ITS policy applications and due to the increase of interest in studies of ITS policies since the late 1980's, dynamic traffic assignment has been considered a tool to overcome such limitations. This study used the Dynameq program, which simulates route choice behavior by macroscopic modeling and dynamic network loading and traffic flow by microscopic modeling in consideration of the feasibility of the analysis of practical traffic policy. The essence of this study is to evaluate the feasibility for analysis in practical transportation policy of using the dynamic traffic assignment technique. The study involves the verification of the values estimated from the dynamic traffic assignment with South Korea's expressway network and dynamic O/D data by comparing results with observed link traffic volumes. This study used dynamic O/D data between each toll booth, which can be accurately obtained from the highway Toll Collection System. Then, as an example of its application, exclusive bus-lane policies were analyzed with the dynamic traffic assignment model while considering hourly variations.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.05a
• /
• pp.410-415
• /
• 2005

Recent measurements of local-area and wide-area traffic have shown that network traffic exhibits at a wide range of scales - Self-similarity. Self-similarity is expressed by long term dependency, this is contradictory concept with Poisson model that have relativity short term dependency. Therefore, first of all for design and dimensioning of next generation communication network, traffic model that are reflected burstness and self-similarity is required. Here self-similarity can be characterized by Hurst parameter. In this paper, when different many data traffic being integrated under various environments is arrived to communication network, Hurst Parameter's change is analyzed and compared with simulation results.

• Journal of Korean Society of Transportation
• /
• v.14 no.4
• /
• pp.49-76
• /
• 1996

Until recently, the inductive loop detecters(ILD) have been used to collect a traffic information in a part of traffic manangment and control. The ILD is able to collect a various traffic data such as a occupancy time and non-occupancy time, traffic volume, etc. The occupancy time of these is very important information for traffic control algorithms, which is required a high accuracy. This accuracy may be improved by classifying a vehicle type with ILD. To classify a vehicle type based on a Analog Digital Converted data collect form ILD, this study used a typical and modifyed statistic method and General Learning Vector Quantization unsuperviser neural network model and a hybrid model of GLVQ and statistic method, As a result, the hybrid model of GLVQ neural network model is superior to the other methods.