• Journal of the Korean Data and Information Science Society
• /
• v.16 no.4
• /
• pp.979-987
• /
• 2005

In this research we study conventional and new statistical methods to analyse and detect outliers in network traffic and we apply the nonlinear time series model to make better performance of detecting abnormal traffic rather the linear time series model to compare the performances of the two models.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.8
• /
• pp.1-9
• /
• 2024

In this paper, we propose a new approach by analyzing driver behavior and gaze changes within the vehicle in real-time to assess and predict the risk of traffic accidents. Utilizing data analysis and machine learning algorithms, this research precisely measures drivers' abnormal behaviors and gaze movement patterns in real-time, and aggregates these into an overall Risk Score to evaluate the potential for traffic accidents. This research underscores the significance of internal factors, previously unexplored, providing a novel perspective in the field of traffic safety research. Such an innovative approach suggests the feasibility of developing real-time predictive models for traffic accident prevention and safety enhancement, expected to offer critical foundational data for future traffic accident prevention strategies and policy formulation.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.29 no.7
• /
• pp.828-835
• /
• 2023

Vessel traffic service operators (VTSOs) need to quickly and accurately analyze the maritime traffic situation in the vessel traffic service (VTS) area and provide information to the vessels. However, if traf ic increases rapidly, the workload of VTSOs increases, and they may not be able to provide adequate information. Therefore, it is essential to develop VTSO support technologies that can reduce their workload and provide consistent information. In this paper, we propose a model for automatically detecting abnormal vessels in the VTS area. The proposed model consists of a positional model and a contextual model and is specifically optimized for the traffic characteristics of the target area. The implemented model was tested by using real-world data collected at a test center (Daesan Port VTS). Our experiments confirmed that the model could automatically detect various abnormal situations, and the results were validated through expert evaluation.

• Journal of Information Processing Systems
• /
• v.20 no.3
• /
• pp.375-390
• /
• 2024

Edge computing architecture has effectively alleviated the computing pressure on cloud platforms, reduced network bandwidth consumption, and improved the quality of service for user experience; however, it has also introduced new security issues. Existing anomaly detection methods in big data scenarios with cloud-edge computing collaboration face several challenges, such as sample imbalance, difficulty in dealing with complex network traffic attacks, and difficulty in effectively training large-scale data or overly complex deep-learning network models. A lightweight deep-learning model was proposed to address these challenges. First, normalization on the user side was used to preprocess the traffic data. On the edge side, a trained Wasserstein generative adversarial network (WGAN) was used to supplement the data samples, which effectively alleviates the imbalance issue of a few types of samples while occupying a small amount of edge-computing resources. Finally, a trained lightweight deep learning network model is deployed on the edge side, and the preprocessed and expanded local data are used to fine-tune the trained model. This ensures that the data of each edge node are more consistent with the local characteristics, effectively improving the system's detection ability. In the designed lightweight deep learning network model, two sets of convolutional pooling layers of convolutional neural networks (CNN) were used to extract spatial features. The bidirectional long short-term memory network (BiLSTM) was used to collect time sequence features, and the weight of traffic features was adjusted through the attention mechanism, improving the model's ability to identify abnormal traffic features. The proposed model was experimentally demonstrated using the NSL-KDD, UNSW-NB15, and CIC-ISD2018 datasets. The accuracies of the proposed model on the three datasets were as high as 0.974, 0.925, and 0.953, respectively, showing superior accuracy to other comparative models. The proposed lightweight deep learning network model has good application prospects for anomaly traffic detection in cloud-edge collaborative computing architectures.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.4
• /
• pp.69-76
• /
• 2009

The construction of Internet IP-based Network is composed of router and switch models in a variety of companies. The construction by various models causes the complexity of the management and control as different types of CLI is used by different company to filter out abnormal traffics like worm, virus, and DDoS. To improve this situation, IETF is working on enacting XML based configuration standards from NETCONF working group, but currently few commands processing at the level of operation layer on NETCONF are only standardized and it's hard for unified control operation process between different make of system as different company has different XML command to filter out abnormal traffics. This thesis proposes ways to prevent abnormal attacks and increase efficiency of network by re-routing the abnormal traffics coming thru unified control for different make of systems into Sinkhole router and designing a control system to efficiently prevent various attacks after checking the possibility of including abnormal traffics from unified control operation.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2007.11a
• /
• pp.357-361
• /
• 2007

비정상 트래픽 제어 프레임워크에 적용된 비정상 트래픽 제어 기술은 침입, 분산서비스거부 공격, 포트스캔 공격과 같은 비정상 행위의 트래픽을 제어하는 공격 대응 방법이다. 이 대응 방법은 비정상 행위에 대한 true-false 방식의 공격 대응 방법이 가지는 높은 오탐율(false-positive rate)을 낮출 수 있다는 장점이 있지만, 공격 지속시간에만 의존하여 비정상 트래픽을 판단하기 때문에, 공격에 대한 신속한 대응을 하지 못한다는 한계를 가지고 있다. 이에 본 논문에서는 비정상 트래픽 제어 프레임워크에 퍼지 로직을 적용하여 신속한 공격 대응이 가능한 포트스캔 공격 탐지 기법을 제안한다.

• Asian Journal of Business Environment
• /
• v.11 no.4
• /
• pp.5-16
• /
• 2021

Purpose: This study aims to investigate the impact of auditor-client traffic convenience on accrual -based and real earnings management of the client firms. Research design, data and methodology: Using a sample of firms listed in Shanghai and Shenzhen Stock Exchanges over the period of 2007 to 2018, this paper empirically investigates the association between auditor-client traffic convenience and earnings management. We use three measures of auditor-client traffic convenience: railway traffic convenience, expressway traffic convenience, and air traffic convenience. The accrual-based earnings management is measured by abnormal accruals estimated by industry and year using the Modified Jones Model. Results: Findings indicate that traffic convenience is conducive to detecting and restraining positive accrual earnings management and real earnings management. After changing the measurement of independent variable and dependent variable, including potential omitted variables, the results are statistically unchanged. Further, the research shows that traffic convenience can not only improve audit quality, but also lead to higher fee premiums. Auditors didn't share with clients the cost reduction benefits caused by traffic convenience. Conclusions: Traffic convenience provides auditors with easy access to the client firms, alleviating the information asymmetry and improving corporate earnings quality. The findings have implications for regulators, audit practitioners and stakeholders.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.25-30
• /
• 2011

MANET has a weak construction in security more because it is consisted of only moving nodes and doesn't have central management system. The DDoS attack is a serious attack among these attacks which threaten wireless network. The DDoS attack has various object and trick and become intelligent. In this paper, we propose the technique to raise DDoS detection rate by classifying abnormal traffic pattern. Cluster head performs sentinel agent after nodes which compose MANET are made into cluster. The decision tree is applied to detect abnormal traffic pattern after the sentinel agent collects all traffics and it judges traffic pattern and detects attack also. We confirm high attack detection rate of proposed detection technique in this study through experimentation.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.139-146
• /
• 2008

Despite of information security installation, leakage of personal information in web services has not decreased. This is because traffics to web applications are still vulnerable by permitting external sources to access services in port HTTF 80 and HTTPS 443, even with firewall systems in place. This thesis analyzes various attack patterns resulted from web service environment and vulnerable traffic and categorizes the traffics into normal and abnormal traffics. Also this proposes ways to analyze web application attack patterns from those abnormal traffics based on weak points warned in OWASF(Open Web Application Security Project), design a system capable of detect and isolate attacks in real time, and increase efficiency of preventing attacks.

• Korean Journal of Artificial Intelligence
• /
• v.11 no.2
• /
• pp.19-27
• /
• 2023

In recent times, an exponential increase in Internet traffic has been observed as a result of advancing development of the Internet of Things, mobile networks with sensors, and communication functions within various devices. Further, the COVID-19 pandemic has inevitably led to an explosion of social network traffic. Within this context, considerable attention has been drawn to research on network traffic analysis based on machine learning. In this paper, we design and develop a new machine learning framework for network traffic analysis whereby normal and abnormal traffic is distinguished from one another. To achieve this, we combine together well-known machine learning algorithms and network traffic analysis techniques. Using one of the most widely used datasets KDD CUP'99 in the Weka and Apache Spark environments, we compare and investigate results obtained from time series type analysis of various aspects including malicious codes, feature extraction, data formalization, network traffic measurement tool implementation. Experimental analysis showed that while both the logistic regression and the support vector machine algorithm were excellent for performance evaluation, among these, the logistic regression algorithm performs better. The quantitative analysis results of our proposed machine learning framework show that this approach is reliable and practical, and the performance of the proposed system and another paper is compared and analyzed. In addition, we determined that the framework developed in the Apache Spark environment exhibits a much faster processing speed in the Spark environment than in Weka as there are more datasets used to create and classify machine learning models.