• Journal of the Korea Society of Computer and Information
• /
• v.6 no.3
• /
• pp.64-71
• /
• 2001

In this paper we propose the network traffic monitoring system that can supported network and system operation, management, expansion, and design using network analysis and diagnosis to a network administrator. The proposed system consists of two parts: analysis server for collection and analysis of the network information. and supports real-time monitoring of network traffic, and client system shows user a graphical data that analyzed a returned result from the server This system implements web-based technology using java and contributes to enhance the effectiveness of network administrator's management.

• Journal of IKEEE
• /
• v.13 no.2
• /
• pp.140-149
• /
• 2009

Traffic anomaly detection is one of important technology that should be considered in network security and administration. In this paper, we propose an abnormal traffic detection mechanism that includes traffic monitoring and traffic analysis. We develop analytical passive monitoring system called WISE-Mon which can inspect traffic behavior. We establish a criterion by analyzing the characteristics of a traffic training set. To detect abnormal traffic, we derive a hyperplane by using Fisher linear discriminant and chi-square distribution as well as the analyzed characteristics of traffic. Our mechanism can support reliable results for traffic anomaly detection and is compatible to real-time detection. In addition, since the trend of traffic can be changed as time passes, the hyperplane has to be updated periodically to reflect the changes. Accordingly, we consider the self-learning algorithm which reflects the trend of the traffic and so enables to increase the pliability of detection probability. Numerical results are presented to validate the accuracy of proposed mechanism. It shows that the proposed mechanism is reliable and relevant for traffic anomaly detection.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.2900-2910
• /
• 1999

Since its introduction in the early 1990s, the quick growth of the world Wide Web (WWW) traffic raises the question whether past LAN packet traces still reflect the current situation or whether they have become obsolete. For this study, several LAN packet traces were obtained by monitoring the LAN of a typical academic environment. The tools for monitoring the network were a stand-alone HP LAN Protocol Analyzer as well as the free-ware software tool tcpdump. Our main focus was placed on acquiring a low-level overview of the LAN traffic. Thus, we could determine what protocols were mainly used and how the packet sizes were distributed. In particular, we were interested in establishing the amount of WWW traffic on the LAN, and what MIME-Types this traffic is subdivided into. Our results indicate that in a typical academic environment such as ours, conventional sources of LAN traffic such as NFS are still predominant, whereas WWW traffic plays a rather marginal role. Furthermore, we verified that a large portion of the network packets contains little or no data at all, while another significant portion of the packets has sizes around the MTU. Consequently, research in the networking field has to direct its focus on issues beyond the WWW.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.30 no.1
• /
• pp.11-19
• /
• 2012

Due to existing infrastructure to collect traffic information was constructed to expressway and national highway, we cannot precisely know traffic situation for their surrounding area. Therefore, it is difficult to provide reliable traffic information to users using navigation and smartphone. In this research, we collected aerial images by using unmanned airship capable of wide-area monitoring and proposed a method extracting vehicle speed from the collected data. And, we performed experiments to verify the accuracy of extracted vehicle speed. Our method proposed in this research can be used to extract a new approach of traffic information according to increased demand of traffic monitoring. We expect that our method will become a new research trend in traffic information application.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.12
• /
• pp.1160-1167
• /
• 2012

Identifying traffic is an important issue for many networking applications including quality of service, firewall enforcement, and network security. Once we know the purpose of using the traffic in the firewall, we can allow or deny it and provide quality of service, and effective operation in terms of security. However, a number of applications encrypts traffics in order to enhance security or privacy. As a result, effective traffic monitoring is getting more difficult. In this paper, we analyse SSH encrypted traffic and identify differences among SSH tunneling, SFTP, and normal SSH traffics. By using EM clustering, we identify traffics and validate experiment results.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.8
• /
• pp.1613-1618
• /
• 2012

For network is growing at a rapid rate, network environment is more complex. The technology of using network traffic to monitor our network in real-time is developed. Cacti is a representative monitoring tool which based on RRDTool(Round Robin Database tool), SNMP(Simple Network Management Protocol). In this paper, it show you how to develop a system which based on Cacti and Libpcap to monitor our monitored objects. At this system, using Libpcap to capture network traffic packets, analyze these packets and then turn out in Cacti in graphical form. So as to achieve monitoring system. This system's execution is efficient and the management is easy and the results are accurate, so it can be widely utilized in the future.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.3 no.2
• /
• pp.355-362
• /
• 1999

Traffic monitoring, a part of the system management, is a vital function lot the proper operation of a system in use. Currently OMG has been trying to standardize CORBA system management. Besides, many companies and research laboratories have been developing and studying CORBA system management. In this paper, we have designed the proxy to monitor the CORBA traffic using the OSI management technology. To manage CORBA traffic resources, 6 parameters have been made into managed objects. The monitoring system consists of a CORBA server, a proxy object and an MIB. The CORBA server is made up of a service provider, a proxy server, and a event sewer. The proxy object acts as a process of a CORBA object, and is made up of a proxy client, a event client, and an IPC server.

• Journal of KIISE:Information Networking
• /
• v.37 no.6
• /
• pp.477-482
• /
• 2010

Recently, advanced Internet applications such as Internet telephone, multimedia streaming, and file sharing have appeared. Especially, P2P or web-based file sharing applications have been notorious for their illegal usage of contents and massive traffic consumption by a few users. This paper presents a novel method to identify the P2P or web-based file names with traffic monitoring. For this purpose, we have utilized the Korean decoding method on the IP packet payload. From experiments, we have shown that the file names requested by BitTorrent, Clubbox, and Tple applications could be correctly identified.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.8B
• /
• pp.707-718
• /
• 2008

The methodology of classifying traffics is changing from payload based or port based to machine learning based in order to overcome the dynamic changes of application's characteristics. However, current state of traffic classification using machine learning (ML) algorithms is ongoing under the offline environment. Specifically, most of the current works provide results of traffic classification using cross validation as a test method. Also, they show classification results based on traffic flows. However, these traffic classification results are not useful for practical environments of the network traffic monitoring. This paper compares the classification results using cross validation with those of using split validation as the test method. Also, this paper compares the classification results based on flow to those based on bytes. We classify network traffics by using various feature sets and machine learning algorithms such as J48, REPTree, RBFNetwork, Multilayer perceptron, BayesNet, and NaiveBayes. In this paper, we find the best feature sets and the best ML algorithm for classifying traffics using the split validation.