• KNOM Review
• /
• v.22 no.3
• /
• pp.13-19
• /
• 2019

Network anomaly detection is a technology that collects information about flows on a network and detects malicious attacks occurring in a network in real time. In-band Network Telemetry (INT) technology provides more detailed information in real time, that is not provided by existing networks, such as hop latency and queue occupancy. In this paper, we propose the method to implement an anomaly detection system with higher performance by using INT as an input feature of machine learning and verify it through experiments.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.12
• /
• pp.1914-1924
• /
• 2016

In this paper, considering virtualized Evolved Packet Core(vEPC) network for 5G mobile network, we propose architecture for supporting Service Function Chaining(SFC) in 5G mobile network. Using SFC in 5G network, dynamic path configuration and providing network services based on subscriber and traffic information. SFC technology provides logical ordered set of network functions and delivers packet through providing logical path over the physical network. Based on the perspective of 5G core network in distributed manner, we design hierarchical SFC architecture to manage SFC for global path including vEPC and SGi-LAN network, and internal path between virtualized network functions in each cloud. In this paper, we define architecture and call flow for establishing data path using SFC. Finally, we design testbed architecture for real implementation based on open source software.

• KNOM Review
• /
• v.24 no.2
• /
• pp.13-23
• /
• 2021

Recently, as networks become more complex due to the activation of IoT devices, research on long-term traffic prediction beyond short-term traffic prediction is being activated to predict and prepare for network congestion in advance. The recursive strategy, which reuses short-term traffic prediction results as an input, has been extended to multi-step traffic prediction, but as the steps progress, errors accumulate and cause deterioration in prediction performance. In this paper, an LSTM-based multi-step traffic prediction method using a multi-output strategy is introduced and its performance is evaluated. As a result of experiments based on actual DNS request traffic, it was confirmed that the proposed LSTM-based multiple output strategy technique can reduce MAPE of traffic prediction performance for non-stationary traffic by 6% than the recursive strategy technique.

• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.