• ETRI Journal
• /
• 제34권6호
• /
• pp.827-837
• /
• 2012

We propose a flow admission control (FAC) for setting up a wire-speed connection for new flows based on their negotiated bandwidth. It also terminates a flow that does not have a packet transmitted within a certain period determined by the users. The FAC can be used to provide a reliable transmission of user datagram and transmission control protocol applications. If the period of flows can be set to a short time period, we can monitor active flows that carry a packet over networks during the flow period. Such powerful flow management can also be applied to security systems to detect a denial-of-service attack. We implement a network processor called a flow management network processor (FMNP), which is the second generation of the device that supports FAC. It has forty reduced instruction set computer core processors optimized for packet processing. It is fabricated in 65-nm CMOS technology and has a 40-Gbps process performance. We prove that a flow router equipped with an FMNP is better than legacy systems in terms of throughput and packet loss.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권10호
• /
• pp.4176-4197
• /
• 2020

Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a similar target and activity pattern is called bot group activities. The detection of bot group activities using intrusion detection models can only detect single bot activities but cannot detect bots' behavioral relation on bot group attack. Detection of bot group activities could help network administrators isolate an activity or access a bot group attacks and determine the relations between bots that can measure the correlation. This paper proposed a new model to measure the similarity between bot activities using the intersections-probability concept to define bot group activities called as B-Corr Model. The B-Corr model consisted of several stages, such as extraction feature from bot activity flows, measurement of intersections between bots, and similarity value production. B-Corr model categorizes similar bots with a similar target to specify bot group activities. To achieve a more comprehensive view, the B-Corr model visualizes the similarity values between bots in the form of a similar bot graph. Furthermore, extensive experiments have been conducted using real botnet datasets with high detection accuracy in various scenarios.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권8호
• /
• pp.3551-3567
• /
• 2016

The Low Earth Orbit satellite network has the unique characteristics of the non-uniform and time-variant traffic load distribution, which often causes severe link congestion and thus results in poor performance for delay-sensitive flows, especially when the network is heavily loaded. To solve this problem, a novel adaptive routing algorithm, referred to as the delay-oriented adaptive routing algorithm (DOAR), is proposed. Different from current reactive schemes, DOAR employs Destination-Sequenced Distance-Vector (DSDV) routing algorithm, which is a proactive scheme. DSDV is extended to a multipath QoS version to generate alternative routes in active with real-time delay metric, which leads to two significant advantages. First, the flows can be timely and accurately detected for route adjustment. Second, it enables fast, flexible, and optimized QoS matching between the alternative routes and adjustment requiring flows and meanwhile avoids delay growth caused by increased hop number and diffused congestion range. In addition, a retrospective route adjustment requesting scheme is designed in DOAR to enlarge the alternative routes set in the severe congestion state in a large area. Simulation result suggests that DOAR performs better than typical adaptive routing algorithms in terms of the throughput and the delay in a variety of traffic intensity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권4호
• /
• pp.1307-1323
• /
• 2014

With the exhaustion of global IPv4 addresses, IPv6 technologies have attracted increasing attentions, and have been deployed widely. Meanwhile, new applications running over IPv6 networks will change the traditional traffic characteristics obtained from IPv4 networks. Traditional models obtained from IPv4 cannot be used for IPv6 network monitoring directly and there is a need to investigate those changes. In this paper, we explore the flow features of IPv6 traffic and compare its difference with that of IPv4 traffic from flow level. Firstly, we analyze the differences of the general flow statistical characteristics and users' behavior between IPv4 and IPv6 networks. We find that there are more elephant flows in IPv6, which is critical for traffic engineering. Secondly, we find that there exist many one-way flows both in the IPv4 and IPv6 traffic, which are important information sources for abnormal behavior detection. Finally, in light of the challenges of analyzing massive data of large-scale network monitoring, we propose a group flow model which can greatly reduce the number of flows while capturing the primary traffic features, and perform a comparative measurement analysis of group users' behavior dynamic characteristics. We find there are less sharp changes caused by abnormity compared with IPv4, which shows there are less large-scale malicious activities in IPv6 currently. All the evaluation experiments are carried out based on the traffic traces collected from the Northwest Regional Center of CERNET (China Education and Research Network), and the results reveal the detailed flow characteristics of IPv6, which are useful for traffic management and anomaly detection in IPv6.

• 한국콘텐츠학회논문지
• /
• 제10권4호
• /
• pp.397-405
• /
• 2010

본 연구는 서울 수도권의 지하철 교통망에서 승객들의 흐름을 찾아 시각화 방법을 제안하고 주요 업무지역의 출퇴근 승객 흐름을 분석한다. 지하철 승객 흐름은 대용량 시공간 데이터로서 일반적인 통계적 분석으로는 그 흐름의 본질을 분석하기가 매우 어렵다. 그러나 승객의 흐름을 시공간상에 역동적으로 시각화하여 보여주면 직관적인 분석이 가능할 뿐만 아니라 통행흐름의 특성을 보다 효과적으로 파악할 수 있다. 지하철 승객들의 대용량 교통카드 트랜잭션 데이터베이스로부터 제안된 방법으로 승객 흐름을 찾아 지하철 교통망의 각 링크의 흐름을 다양한 방법으로 시각화하여 주요 업무지역에서의 통행 행태를 직관적으로 분석하였다. 그 결과로 서울의 중심업무지역들과 지하철 노선과의 연관성이 매우 높고, 세 주요 중심업무지역들의 하루 지하철 승객흐름 양상에 뚜렷한 차이가 있음을 확인할 수 있었다.

• 한국경영과학회지
• /
• 제34권1호
• /
• pp.61-83
• /
• 2009

This study developed a variable demand traffic assignment model by stable dynamics. Stable dynamics, suggested by Nesterov and do Palma[19], is a new model which describes and provides a stable state of congestion in urban transportation networks. In comparison with the user equilibrium model, which is based on the arc travel time function in analyzing transportation networks, stable dynamics requires few parameters and is coincident with intuitions and observations on congestion. It is therefore expected to be a useful analysis tool for transportation planners. In this study, we generalize the stable dynamics into the model with variable demands. We suggest a three stage optimization model. In the first stage, we introduce critical travel times and dummy links and determine variable demands and link flows by applying an optimization problem to an extended network with the dummy links. Then we determine link travel times and path flows in the following stages. We present a numerical example of the application of the model to a given network.

• International Journal of Railway
• /
• 제1권4호
• /
• pp.134-142
• /
• 2008

Serving as a strategic crossing point for major corridors in Central Europe, Railnet Austria's Infrastructure Network incurs continual increases in international traffic flows and is therefore subject to accumulating traffic congestion with potential restrictions to infrastructure access. This imposes challenges towards preserving open access to Railnet Austria's existing railway network and hinders quality infrastructure service during maintenance, repair, and upgrading. Through Railnet Austria's experiences, the economic viability of a railway network can be sustained through maintaining open access with good quality service of planned trainpaths, thus representing new challenges for future infrastructure maintenance and capacity planning. Railnet Austria's Capacity Management Department has proven that these challenges can be accommodated more effectively through recent technological developments in data warehousing and software development.

• 한국수자원학회:학술대회논문집
• /
• 한국수자원학회 2018년도 학술발표회
• /
• pp.276-276
• /
• 2018

In this paper the potential of the Principle Component Analysis(PCA) technique that can be used to detect leaks in water pipe network blocks was evaluated. For this purpose the PCA was conducted to evaluate the relevance of the calculated outliers of a PCA model utilizing the recorded pipe flows and the recorded pipe leak incidents of a case study water distribution system. The PCA technique was enhanced by applying the computational algorithms developed in this study. The algorithms were designed to extract a partial set of flow data from the original 24 hour flow data so that the variability of the flows in the determined partial data set are minimal. The relevance of the calculated outliers of a PCA model and the recorded pipe leak incidents was analyzed. The results showed that the effectiveness of detecting leaks may improve by applying the developed algorithm. However, the analysis suggested that further development on the algorithm is needed to enhance the applicability of the PCA in detecting leaks in real-world water pipe networks.

• 기술혁신연구
• /
• 제6권1호
• /
• pp.71-98
• /
• 1998

This paper analyzes the characteristics of technological knowledge flow-structure of Korean manufacturing in dynamic perspective. In doing that, the concept of the knowledge network is introduced which is defined as a set of industries and their interaction(knowledge flow) or linkage. The analysis of the inter-industrial knowledge flows is based on the technological similarity by using R&D researchers' academic background in the year of 1984, 1987, 1990. The analysis is carried out by such methodology as network analysis, indicator analysis and simple statistical analysis. And the final results are drawn both in absolute terms(dimension effect) and in relative terms(proportion effect) respectively. The main findings are as follow. First, the Korean manufacturing knowledge network appears to strengthen existing inter-industrial knowledge linkages rather than to construct new linkages. Second, the network seems to form a dualistic structure in that some high-technology sectors(knowledge production sectors) emerge along with traditional sectors(knowledge absorbing sectors). Third, since the mid-1980s, an inter-industrial fusion is witnessed among technologically intensive sectors, indicating that some sophisticated innovation modes are emerging in Korean manufacturing system. And fourth, by using the relations of the inter-industrial knowledge-flows, we classified manufacturing industries into 3 type ; knowledge-outflow sector, knowledge-inflow sector and knowledge intermediary sector.

• 정보처리학회논문지C
• /
• 제12C권1호
• /
• pp.19-28
• /
• 2005

최근 알려지지 않은 공격(unknown attack)으로부터 네트워크를 보호하기 위한 네트워크 트래픽 어노멀리(anomaly) 검출에 대한 관심이 고조되고 있다. 본 논문에서는 캠퍼스 네트워크의 보드라우터(border router)의 NetFlow 데이터로 제공되는 초당비트수(bits per second)와 초당플로수(flows per second)의 상관관계를 단순회귀분석을 통하여 새로운 어노멀리 검출 기법을 제시하였다. 새로이 제안된 기법을 검증하기 위해 실지 캠퍼스 네트워크에 적용하였으며 그 결과론 Holt-Winters seasonal(HWS) 알고리즘과 비교하였다. 특히, 제안된 기법은 기존 RRDtool에 통합시켜 실시간 검출이 가능하도록 설계하였다.