• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.9 no.1
• /
• pp.75-80
• /
• 2008

Measurement of network traffic have shown that the self-similarity is a ubiquitous phenomenon spanning across diverse network environments. In previous work, we have explored the feasibility of exploiting the long-range correlation structure in a self-similar traffic for the congestion control. We have advanced the framework of the multiple time scale congestion control and showed its effectiveness at enhancing performance for the rate-based feedback control. Our contribution is threefold. First, we define a modular extension of the TCP-a function called with a simple interface-that applies to various flavours of the TCP-e.g., Tahoe, Reno, Vegas and show that it significantly improves performance. Second, we show that a multiple time scale TCP endows the underlying feedback control with proactivity by bridging the uncertainty gap associated with reactive controls which is exacerbated by the high delay-bandwidth product in broadband wide area networks. Third, we investigate the influence of the three traffic control dimensions-tracking ability, connection duration, and fairness-on performance.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.73-75
• /
• 2007

The Ad Hoc Network Interfaces has been tremendously useful in doing capacity planning and performance prediction. However, in many real-world cases. it has found that the predicted results form a queuing analysis differ substantially from the actual observed performance. Specially, in recent years, a number of studies have demonstrated that for some environments, the traffic pattern is self-similar rather than Poisson. In this paper, we study these Clustering characteristics and the definition of standadization processes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.6B
• /
• pp.575-583
• /
• 2004

In this paper, we extend the multiple time scale control framework to the window-based congestion control, in particular, such as the TCP. This is performed by interfacing the TCP with a large time scale control module which adjusts the aggressiveness of the bandwidth consumption behavior exhibited by the TCP as a function of large time scale Self-Similar network state. i.e., conformation that exceeds the horizon of the feedback loop as determined by the RTT. How to effectively utilize such an information-due to its probabilistic nature, dispersion over the multiple time scales, and affection on the top of the existing window-based congestion controls-is a non-trivial problem. The evaluation performance of the multiple time scale TCP is facilitated by a simulation of the bench-mark environment which is based on the physical modeling of a self-similar traffic. We explicate our methodology for discerning and evaluating the impact of changes in transport protocols in the protocol stack under the self-similar traffic conditions. We discuss issues arising in the comparative performance evaluation under heavy-tailed workloads.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.649-658
• /
• 2005

Since the Network based attack Is extensive in the real state of damage, It is very important to detect intrusion quickly at the beginning. But the intrusion detection using supervised learning needs either the preprocessing enormous data or the manager's analysis. Also it has two difficulties to detect abnormal traffic that the manager's analysis might be incorrect and would miss the real time detection. In this paper, we propose a traffic attributes correlation analysis mechanism based on self-organizing maps(SOM) for the real-time intrusion detection. The proposed mechanism has three steps. First, with unsupervised learning build a map cluster composed of similar traffic. Second, label each map cluster to divide the map into normal traffic and abnormal traffic. In this step there is a rule which is created through the correlation analysis with SOM. At last, the mechanism would the process real-time detecting and updating gradually. During a lot of experiments the proposed mechanism has good performance in real-time intrusion to combine of unsupervised learning and supervised learning than that of supervised learning.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.9B
• /
• pp.589-597
• /
• 2007

In this paper, a WDM metro ring consisting of access nodes with $FT-FR^n$ (Fixed Transmitter - n Fixed Receivers) is considered. A trade-off exists between node throughput and transmission fairness because the access nodes share wavelength channels. In order to eliminate the transmission unfairness and to increase throughput, the p-persistent medium access control (MAC) protocol is proposed: each node uses an empty optical slot to transmit a packet and make it available with the extraction of a transferred packet at the source access node, called source-stripping. The local empty slot can be used to transfer a head-of-line packet in the local buffer with probability p or it is used for the next downstream nodes with 1-p. The proposed MAC protocol provides better node throughput than the non-persistent protocol and exhibits better fairness index than the 1-persistent protocol in WDM ring networks. In addition, numerical analysis shows that the proposed MAC protocol maximizes the node throughput under uniform traffic conditions. For more detailed results, we use the network simulation under Poisson and self-similar traffic. Furthermore, unpredictable traffic constructed by the combination of the former and the latter is also considered. The reasonable probability of the p-persistent protocol for a given architecture can be determined through simulation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.12
• /
• pp.1168-1173
• /
• 2012

In this paper, we propose a protection architecture of passive optical network (PON) system by using two optical line terminals (OLTs). Using this scheme, the network can sustain services to access area and restores normal operation in faulty conditions. Unlike existing systems, the proposed one increases the efficiency of the system by operating both OLTs using different wavelengths in normal condition. During protection mode, a Shared-bandwidth allocation scheme is employed to maximize the utilization efficiency. Performance analysis shows that the proposed scheme can provide reliability to Ethernet-based PON system very efficiently.

• ETRI Journal
• /
• v.24 no.4
• /
• pp.311-322
• /
• 2002

Presently, optical burst switching (OBS) technology is under study as a promising solution for the backbone of the optical Internet in the near future because OBS eliminates the optical buffer problem at the switching node with the help of no optical/electro/optical conversion and guarantees class of service without any buffering. To implement the OBS network, there are a lot of challenging issues to be solved. The edge router, burst offset time management, and burst assembly mechanism are critical issues. In addition, the core router needs data burst and control header packet scheduling, a protection and restoration mechanism, and a contention resolution scheme. In this paper, we focus on the burst assembly mechanism. We present a novel data burst generation algorithm that uses hysteresis characteristics in the queueing model for the ingress edge node in optical burst switching networks. Simulation with Poisson and self-similar traffic models shows that this algorithm adaptively changes the data burst size according to the offered load and offers high average data burst utilization with a lower timer operation. It also reduces the possibility of a continuous blocking problem in the bandwidth reservation request, limits the maximum queueing delay, and minimizes the required burst size by lifting up data burst utilization for bursty input IP traffic.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.8B
• /
• pp.667-680
• /
• 2008

In this work, we present the results of our empirical study on 802.11 wireless LAN network traffic. We collect the packet trace from existing campus wireless LAN infra-structure. We analyzed four different data sets: aggregate traffic, upstream traffic, downstream traffic, tcp only packet trace from aggregate traffic. We analyze the time series aspect of underlying traffic (byte count process and packet count process), marginal distribution of time series, and packet size distribution. We found that in all four data sets there exist long-range dependent property in byte count and packet count process. Inter-arrival distribution is well fitted with Pareto distribution. Upstream traffic, i.e. from the user to Internet, exhibits significant difference in its packet size distribution from the rests. Average packet size of upstream traffic is 151.7 byte while average packet size of the rest of the data sets are all greater than 260 bytes. Packets with full data payloads constitutes 3% and 10% in upstream traffic and the downstream traffic, respectively. Despite the significant difference in packet size distribution, all four data sets have similar Hurst values. The Hurst alone does not properly explain the stochastic characteristics of the underlying traffic. We model the underlying traffic using fractional-ARIMA (FARIMA) and fractional Gaussian Noise (FGN). While the fractional Gaussian Noise based method is computationally more efficient, FARIMA exhibits superior performance in accurately modeling the underlying traffic.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.3B
• /
• pp.274-287
• /
• 2009

In the Internet environment in which best-effort services are provided, we need to guarantee end-to-end performance rather than hop performance to provide services with a variety of QoS(Quality of Service) requirements. The end-to-end performance is affected by many factors along the path of traffic flow. Most existing simulation studies are concentrated on a single node or a few nodes. We need much different approach considering the simulation execution time to simulate a large-scale network. In this paper, we derive requirements and present methodologies for the implementation of the simulator to simulate it. Then, we design and implement our simulator using OPNET. Performance evaluation is carried out using the simulator for large-scale KII (National Information Infrastructure in Korea). We use a self-similar traffic model and present some results on the end-to-end performance metric for the networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5568-5587
• /
• 2018

This research uses artificial intelligence methods for computer network intrusion detection system modeling. Primary classification is done using self-organized maps (SOM) in two levels, while the secondary classification of ambiguous data is done using Sugeno type Fuzzy Inference System (FIS). FIS is created by using Adaptive Neuro-Fuzzy Inference System (ANFIS). The main challenge for this system was to successfully detect attacks that are either unknown or that are represented by very small percentage of samples in training dataset. Improved algorithm for SOMs in second layer and for the FIS creation is developed for this purpose. Number of clusters in the second SOM layer is optimized by using our improved algorithm to minimize amount of ambiguous data forwarded to FIS. FIS is created using ANFIS that was built on ambiguous training dataset clustered by another SOM (which size is determined dynamically). Proposed hybrid model is created and tested using NSL KDD dataset. For our research, NSL KDD is especially interesting in terms of class distribution (overlapping). Objectives of this research were: to successfully detect intrusions represented in data with small percentage of the total traffic during early detection stages, to successfully deal with overlapping data (separate ambiguous data), to maximize detection rate (DR) and minimize false alarm rate (FAR). Proposed hybrid model with test data achieved acceptable DR value 0.8883 and FAR value 0.2415. The objectives were successfully achieved as it is presented (compared with the similar researches on NSL KDD dataset). Proposed model can be used not only in further research related to this domain, but also in other research areas.