• 한국인공지능학회지
• /
• 제11권2호
• /
• pp.19-27
• /
• 2023

In recent times, an exponential increase in Internet traffic has been observed as a result of advancing development of the Internet of Things, mobile networks with sensors, and communication functions within various devices. Further, the COVID-19 pandemic has inevitably led to an explosion of social network traffic. Within this context, considerable attention has been drawn to research on network traffic analysis based on machine learning. In this paper, we design and develop a new machine learning framework for network traffic analysis whereby normal and abnormal traffic is distinguished from one another. To achieve this, we combine together well-known machine learning algorithms and network traffic analysis techniques. Using one of the most widely used datasets KDD CUP'99 in the Weka and Apache Spark environments, we compare and investigate results obtained from time series type analysis of various aspects including malicious codes, feature extraction, data formalization, network traffic measurement tool implementation. Experimental analysis showed that while both the logistic regression and the support vector machine algorithm were excellent for performance evaluation, among these, the logistic regression algorithm performs better. The quantitative analysis results of our proposed machine learning framework show that this approach is reliable and practical, and the performance of the proposed system and another paper is compared and analyzed. In addition, we determined that the framework developed in the Apache Spark environment exhibits a much faster processing speed in the Spark environment than in Weka as there are more datasets used to create and classify machine learning models.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2017년도 춘계학술대회
• /
• pp.637-638
• /
• 2017

MQTT broker는 트래픽에 따라 네트워크 성능이 저하되어 패킷 손실, 지연 등의 문제가 발생한다. 하지만 MQTT broker는 트래픽 측정을 위한 별도의 인터페이스를 지원하지 않아 네트워크 성능 저하에 대처할 수 없다. 본 논문에서는 MQTT broker의 트래픽 측정을 위한 시스템을 제안한다. 제안하는 시스템은 jnetpcap 라이브러리를 사용하여 MQTT broker로 송수신되는 모든 트래픽을 측정한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권2호
• /
• pp.313-329
• /
• 2011

To provide a seamless network to customers, Internet service providers must promptly detect and control abnormal traffic. One approach is to shorten the traffic information measurement cycle. However, performance degradation is inevitable if traffic measurement servers merely shorten the cycle and measure all traffic. This paper presents a software architecture that can measure traffic more frequently without degrading performance by estimating the level of abnormal traffic. The algorithm in the architecture estimates the values of the interface group objects in MIB by using the IP group objects thereby reducing the number of measurements and the size of measured data. We evaluated this architecture on part of Internet service provider's IP network. When the traffic was measured 5 times more than before, the CPU usage and TPS of the proposed scheme was 7% and 41% less than that of the original scheme while the false positive rate and false negative rate were 3.2% and 2.7% respectively.

• 한국정보과학회논문지:정보통신
• /
• 제37권1호
• /
• pp.27-34
• /
• 2010

본 논문에서는 네트워크 트래픽의 수동적 측정치 분석을 통해 잘 알려진 장거리 상관관계가 광역 네트워크의 능동적 측정치에도 존재하는지 여부를 관련 분석법을 통하여 검정하고자 한다. 이를 위하여 PingER 프로젝트를 통하여 측정된 광역 네트워크 트래픽의 대표적인 능동적 측정치인 RTT(Round Trip Time)와 RTT의 변동성 시계열 데이터에 대하여 분석을 수행하였다. RTT 시계열 데이터는 장거리 상관관계 혹은 1/f 노이즈의 특성을 보였으며, RTT의 고차원 변화량으로 정의된 변동성은 로그정규분포를 따르며 변동성에 대한 장거리 상관관계는 고려하는 시간 간격이 짧은 경우 장거리 상관관계를 보이고, 시간 간격이 긴 경우에는 장거리 상관관계 혹은 1/f 노이즈를 따름을 밝혔다. 본 연구를 통해 볼 때 장거리 상관관계는 비단 패킷 도착의 시간 간격 등과 같은 수동적 측정뿐만 아니라 RTT와 같은 능동적 측정에서도 나타나는 특징이며, 특히 능동적 측정에는 수동적 측정에는 잘 나타나지 않는 1/f 노이즈 특성이 존재함을 밝혔다.

• 한국정보과학회:학술대회논문집
• /
• 한국정보과학회 2003년도 가을 학술발표논문집 Vol.30 No.2 (3)
• /
• pp.49-51
• /
• 2003

Developers of network games have used several prediction techniques for hiding transmission delay to support the real­time requirement of network games. Nowadays many researches that are related with network game are in progress to solve delay problems more radically, such as to propose new routers architecture and transport protocols suitable to characteristics of network game traffic. So for these advanced researches the tasks to grasp the traffic characteristics of a network game are needed. In this paper we aimed to capture the traffic of MMORPG and present the statistical analysis of measured data. The measurement and the analysis were accomplished with the server of 'Lineage' that regarded as the most successful MMORPG. Next, we have implemented a traffic generator that reflects the characteristics of MMORPG and shown that the trace generated by MMORPG traffic generator had identical characteristics with actual traffic using statistical testing method. We expect that this traffic generator can be used in many researches related with a network game.

• 인터넷정보학회논문지
• /
• 제5권4호
• /
• pp.23-33
• /
• 2004

본 논문에서는, 고속의 인터넷 백본 링크상에서 네트워크 공격의 징후를 트래픽 측정에 의하여 탐지해 내기 위한 방법을 제안한다. 이를 위하여, 인터넷 백본상에서 나타나는 정상 및 공격 트래픽의 패턴을 분석하였고. 이러한 트래픽 특성을 활용하여 네트워크 공격 감지를 위한 두가지 트래픽 척도를 도출하였다. 이들은 평균 파워 스펙트럼과 패킷수 대 트래픽양 비율이다. 그리고, 이들 트래픽 척도들을 집합된 트래픽 수준에서 측정함으로써 네트워크 공격 징후 감지를 위한 방법론을 제안한다. 실험 결과는 제안된 방법이 네트워크 공격 징후를 매우 잘 감지해내고 있음을 보여준다. 제안된 방법은 개별 플로우 또는 개별 패킷들에 기반을 둔 기존의 방법들과 달리, 집합된 트래픽 수준에서 운영되므로 계산의 복잡성을 현저히 줄일수있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권4호
• /
• pp.1307-1323
• /
• 2014

With the exhaustion of global IPv4 addresses, IPv6 technologies have attracted increasing attentions, and have been deployed widely. Meanwhile, new applications running over IPv6 networks will change the traditional traffic characteristics obtained from IPv4 networks. Traditional models obtained from IPv4 cannot be used for IPv6 network monitoring directly and there is a need to investigate those changes. In this paper, we explore the flow features of IPv6 traffic and compare its difference with that of IPv4 traffic from flow level. Firstly, we analyze the differences of the general flow statistical characteristics and users' behavior between IPv4 and IPv6 networks. We find that there are more elephant flows in IPv6, which is critical for traffic engineering. Secondly, we find that there exist many one-way flows both in the IPv4 and IPv6 traffic, which are important information sources for abnormal behavior detection. Finally, in light of the challenges of analyzing massive data of large-scale network monitoring, we propose a group flow model which can greatly reduce the number of flows while capturing the primary traffic features, and perform a comparative measurement analysis of group users' behavior dynamic characteristics. We find there are less sharp changes caused by abnormity compared with IPv4, which shows there are less large-scale malicious activities in IPv6 currently. All the evaluation experiments are carried out based on the traffic traces collected from the Northwest Regional Center of CERNET (China Education and Research Network), and the results reveal the detailed flow characteristics of IPv6, which are useful for traffic management and anomaly detection in IPv6.

• ETRI Journal
• /
• 제42권3호
• /
• pp.366-375
• /
• 2020

The network traffic prediction of a smart substation is key in strengthening its system security protection. To improve the performance of its traffic prediction, in this paper, we propose an improved gravitational search algorithm (IGSA), then introduce the IGSA into a wavelet neural network (WNN), iteratively optimize the initial connection weighting, scalability factor, and shift factor, and establish a smart substation network traffic prediction model based on the IGSA-WNN. A comparative analysis of the experimental results shows that the performance of the IGSA-WNN-based prediction model further improves the convergence velocity and prediction accuracy, and that the proposed model solves the deficiency issues of the original WNN, such as slow convergence velocity and ease of falling into a locally optimal solution; thus, it is a better smart substation network traffic prediction model.

• 전자공학회논문지
• /
• 제50권2호
• /
• pp.35-46
• /
• 2013

모바일 네트워크 사용량이 급증함에 따라 트래픽 수요 문제를 해결하기 위한 많은 연구가 이뤄지고 있다. 특히 네트워크 환경 측정 분야는 정확한 분석을 통해 네트워크상에 발생되는 문제들의 원인을 찾아냄으로써 트래픽 수요 문제를 해결할 수 있는 기반을 제공한다. 특히 최근 스마트폰의 수요가 늘어남에 따라 모바일 플랫폼 특성이 네트워크에 미치는 영향을 고려한 측정시스템이 필요하다. 이에 본 논문에서는 모바일 플랫폼을 위한 네트워크 환경 측정 시스템을 설계하였다. 설계된 시스템은 클라이언트를 통하여 얻은 패킷의 정보를 통하여 패킷 전송간의 지연시간과 throughput을 실시간으로 계산한다. 그리고 측정시 클라이언트인 모바일 단말기에 요구되는 계산량을 줄임으로써 모바일 단말기에 걸리는 부하를 최소화하였다. 설계한 시스템을 통하여 네트워크 자원을 최대로 사용하였을 시 Wi-Fi 망이 3G 망보다 짧은 전송지연시간, 높은 최대 throughput, 낮은 손실률을 가지고, Android가 iOS보다 짧은 전송지연시간과 높은 최대 throughput을 가지며, UDP가 TCP보다 긴 전송지연시간, 높은 최대 throughput을 가진다는 것을 확인하였다.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 1998년도 하계종합학술대회논문집
• /
• pp.909-912
• /
• 1998

In this paper, a new connection admission controller using neural network is presented. The controller measures traffic flow, cell loss rate, and cell delay periodically. Using those measured information, it learns the distributions of traffics of each traffic. Also the proposed controller is able to measure and manage the delays that source traffics experience through the network by using DWRR multiplexer with buffers dedicated to each traffic source. Experimental result show that the heterogeneous traffic sources with various QoS requirement.