• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.643-645
• /
• 2011

For network is growing at a rapid rate, network environment is more complex. The technology of using network traffic to monitor our network in real-time is developed. Cacti is a representative monitoring tool which based on RRDTool(Round Robin Database tool), SNMP(Simple Network Management Protocol). In this paper, it show you how to develop a system which based on Cacti and Libpcap to monitor our monitored objects. At this system, using Libpcap to capture network traffic packets, analyze these packets and then turn out in Cacti in graphical form. So as to achieve monitoring system. This system's execution is efficient and the management is easy and the results are accurate, so it can be widely utilized in the future.

• Journal of Advanced Marine Engineering and Technology
• /
• v.40 no.10
• /
• pp.906-915
• /
• 2016

In this study, a network monitoring system, including a secure 460-Network and a 460-Gateway, is designed and developed according with the requirements of the IEC (International Electro-Technical Commission) 61162-460 network standard for the safety and security of networks on board ships. At present, internal or external unauthorized access to or malicious attack on a ship's on board systems are possible threats to the safe operation of a ship's network. To secure the ship's network, a 460-Network was designed and implemented by using a 460-Switch, 460-Nodes, and a 460-Gateway that contains firewalls and a DMZ (Demilitarized Zone) with various application servers. In addition, a 460-firewall was used to block all traffic from unauthorized networks. 460-NMS (Network Monitoring System) is a network-monitoring software application that was developed by using an simple network management protocol (SNMP) SharpNet library with the .Net 4.5 framework and a backhand SQLite database management system, which is used to manage network information. 460-NMS receives network information from a 460-Switch by utilizing SNMP, SNMP Trap, and Syslog. 460-NMS monitors the 460-Network load, traffic flow, current network status, network failure, and unknown devices connected to the network. It notifies the network administrator via alarms, notifications, or warnings in case any network problem occurs. Once developed, 460-NMS was tested both in a laboratory environment and for a real ship network that had been installed by the manufacturer and was confirmed to comply with the IEC 61162-460 requirements. Network safety and security issues onboard ships could be solved by designing a secure 460-Network along with a 460-Gateway and by constantly monitoring the 460-Network according to the requirements of the IEC 61162-460 network standard.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.1C
• /
• pp.107-115
• /
• 2005

ATC (Abnormal traffic controller) is presented as next generation security technology to securely support reliable Internet service and to guarantee network survivability, which is deployed in Internet access point. The key concept of the ATC is abnormal traffic monitoring and traffic control technology. When fault factors exist continuously and/or are repeated, abnormal traffic control guarantees service completeness as much as possible. The ATC with control policy on abnormal traffic is superior to the ATC with blocking policy as well as conventional network node, when the ratio of effective traffic to abnormal traffic is higher than $30{\%}.$ When traffic intended unknown attack occurs, network IDS is high false positive probability and so is limited to apply. In this environment, the ATC can be a key player to help the network node such as router to control abnormal traffic.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.41-50
• /
• 2008

Recently amount of traffic into the network rapidly increase since multimedia streaming services is generally adopted for application. In addition, various network management systems have been suggested for providing a stable service and QoS guarantee. It is necessary for such systems to have QoS monitoring module in order to evaluate acceptance or violation of QoS requirements by analogizing a state information of each node within network. In this paper, we suggest a network management system to evaluate QoS level between end-to-end agents and analysis traffics transmitted between them. The proposed system is implemented for the purpose of collecting network traffic information and monitoring of the view. The proposed system makes user easily understand information of QoS parameters such as throughput, delay and jitter by adopting a method of visual and numerical representation. To achieve this, we purportedly generate test packet into network for confirming acceptance or violation of QoS requirements from point of view of multimedia application service.

• International Journal of Concrete Structures and Materials
• /
• v.2 no.2
• /
• pp.91-98
• /
• 2008

Curved bridges are important components of a highway transportation network for connecting local roads and highways, but very few data have been collected in terms of their field performance. This paper presents two-years monitoring and system identification results of a curved concrete box-girder bridge, the West St. On-Ramp, under ambient traffic excitations. The authors permanently installed accelerometers on the bridge from the beginning of the bridge life. From the ambient vibration data sets collected over the two years, the element stiffness correction factors for the columns, the girder, and boundary springs were identified using the back-propagation neural network. The results showed that the element stiffness values were nearly 10% different from the initial design values. It was also observed that the traffic conditions heavily influence the dynamic characteristics of this curved bridge. Furthermore, a probability distribution model of the element stiffness was established for long-term monitoring and analysis of the bridge stiffness change.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.2
• /
• pp.313-329
• /
• 2011

To provide a seamless network to customers, Internet service providers must promptly detect and control abnormal traffic. One approach is to shorten the traffic information measurement cycle. However, performance degradation is inevitable if traffic measurement servers merely shorten the cycle and measure all traffic. This paper presents a software architecture that can measure traffic more frequently without degrading performance by estimating the level of abnormal traffic. The algorithm in the architecture estimates the values of the interface group objects in MIB by using the IP group objects thereby reducing the number of measurements and the size of measured data. We evaluated this architecture on part of Internet service provider's IP network. When the traffic was measured 5 times more than before, the CPU usage and TPS of the proposed scheme was 7% and 41% less than that of the original scheme while the false positive rate and false negative rate were 3.2% and 2.7% respectively.

• Journal of Communications and Networks
• /
• v.18 no.5
• /
• pp.818-825
• /
• 2016

Network management and anomaly detection are challenges in high-speed networks due to the high volume of packets that has to be analysed. Flow-based analysis is a scalable method which reduces the high volume of network traffic by dividing it into flows. As sampling methods are extensively used in flow generators such as NetFlow, the impact of sampling on the performance of flow-based analysis needs to be investigated. Monitoring using sampled traffic is a well-studied research area, however, the impact of sampling on flow-based anomaly detection is a poorly researched area. This paper investigates flow sampling methods and shows that these methods have negative impact on flow-based anomaly detection. Therefore, we propose an efficient probabilistic flow sampling method that can preserve flow traffic distribution. The proposed sampling method takes into account two flow features: Destination IP address and octet. The destination IP addresses are sampled based on the number of received bytes. Our method provides efficient sampled traffic which has the required traffic features for both flow-based anomaly detection and monitoring. The proposed sampling method is evaluated using a number of generated flow-based datasets. The results show improvement in preserved malicious flows.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.12C
• /
• pp.1265-1275
• /
• 2002

In the network management system, there are two approaches; the centralized approach based on SNMP and the distributed approach based on mobile agent. Some information changes with time and the manager needs to monitor its value in real time. In such a case, the polling is generally used in SNMP because the manager can query agents periodically. However, the polling scheme needs both request and response messages for management information every time, which results in network traffic increase. In this paper, we suggest an adaptive network monitoring method to reduce the network traffic for SNMP-based network management. In the proposed strategy, each agent first decides its on monitoring period. Then, the manager collects them and approves each agent's period without modification or adjusts it based on the total traffic generated by monitoring messages. After receiving response message containing monitoring period from the manager, each agent sends management information periodically without the request of manager. To evaluate performance of the proposed method, we implemented it and compared the network traffic and monitoring quality of the proposed scheme with the general polling method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.8B
• /
• pp.707-718
• /
• 2008

The methodology of classifying traffics is changing from payload based or port based to machine learning based in order to overcome the dynamic changes of application's characteristics. However, current state of traffic classification using machine learning (ML) algorithms is ongoing under the offline environment. Specifically, most of the current works provide results of traffic classification using cross validation as a test method. Also, they show classification results based on traffic flows. However, these traffic classification results are not useful for practical environments of the network traffic monitoring. This paper compares the classification results using cross validation with those of using split validation as the test method. Also, this paper compares the classification results based on flow to those based on bytes. We classify network traffics by using various feature sets and machine learning algorithms such as J48, REPTree, RBFNetwork, Multilayer perceptron, BayesNet, and NaiveBayes. In this paper, we find the best feature sets and the best ML algorithm for classifying traffics using the split validation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.1
• /
• pp.38-55
• /
• 2013

Wireless network systems provide fast data transmission rates and various services to users of mobile devices such as smartphones and smart pads. Because many people use high-performance mobile devices, the use of real-time multimedia services is increasing rapidly. However, the preoccupation of resources by real-time traffic users is causing harm to other services-for example, frequent call interference, lowered service quality, and poor network performance. This paper suggests a resource allocation algorithm for effective traffic service support in a hybrid network. The main objective is to obtain an optimum value of data rates by comparing user requirements with the amount of resources that can be allocated. A new mechanism based on Adaptive-Quality of Service (QoS) and a monitoring system based on Queue-Aware are proposed. Adaptive-QoS supports effective resource control according to the type of traffic service, and the monitoring system based on Queue-Aware measures the amount of resources in order to calculate the maximum that can be allocated. We apply our algorithm to a test system and use Qualnet 4.5.1 to evaluate its performance.