KR101073402B1 - Method for simulating and examining traffic and network traffic analysis system - Google Patents

Method for simulating and examining traffic and network traffic analysis system Download PDF

Info

Publication number
KR101073402B1
KR101073402B1 KR1020100002856A KR20100002856A KR101073402B1 KR 101073402 B1 KR101073402 B1 KR 101073402B1 KR 1020100002856 A KR1020100002856 A KR 1020100002856A KR 20100002856 A KR20100002856 A KR 20100002856A KR 101073402 B1 KR101073402 B1 KR 101073402B1
Authority
KR
South Korea
Prior art keywords
traffic
simulated
real
probability density
density function
Prior art date
Application number
KR1020100002856A
Other languages
Korean (ko)
Other versions
KR20110082915A (en
Inventor
이상일
안명길
조병인
안성진
김현철
이영민
Original Assignee
국방과학연구소
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 국방과학연구소 filed Critical 국방과학연구소
Priority to KR1020100002856A priority Critical patent/KR101073402B1/en
Publication of KR20110082915A publication Critical patent/KR20110082915A/en
Application granted granted Critical
Publication of KR101073402B1 publication Critical patent/KR101073402B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance or administration or management of packet switching networks
    • H04L41/14Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning
    • H04L41/145Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing packet switching networks
    • H04L43/04Processing of captured monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing packet switching networks
    • H04L43/06Report generation
    • H04L43/062Report generation for traffic related reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing packet switching networks
    • H04L43/08Monitoring based on specific metrics
    • H04L43/0823Errors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing packet switching networks
    • H04L43/08Monitoring based on specific metrics
    • H04L43/0876Network utilization
    • H04L43/0888Throughput

Abstract

The present invention relates to traffic generation pattern analysis in a network environment. The present invention provides a method of simulating the actual traffic of a military communication network and verifying the similarity to model and simulate a special communication environment such as a battlefield. That is, the present invention collects the real traffic of the network to extract the distribution function and parameters through the traffic generation pattern analysis, to generate a simulated traffic simulation of the real traffic, and then to verify the similarity between the simulated traffic and the real traffic By presenting the method, it is easy to secure and verify the reliability.

Description

Traffic simulation and similarity verification method of network and network traffic analysis system {METHOD FOR SIMULATING AND EXAMINING TRAFFIC AND NETWORK TRAFFIC ANALYSIS SYSTEM}

The present invention relates to traffic in a network, and more particularly, to a method for simulating traffic and simulating similarity by analyzing traffic generation patterns.

Today's rapid development of communication technology and the spread of the Internet make it easy for users to get and share the information they want. In addition, as the number of users increases rapidly with the development of Internet transmission technology, the current network is saturated with complex and various kinds of traffic, and this trend will be further deepened. This includes many services, including traditional Internet applications such as world wide web (WWW), file transfer protocol (FTP) and Mail, as well as voice network integration, emerging streaming, peer-to-peer file sharing, and games. And applications are being run on the Internet.

Therefore, simulation and simulation of traffic similar to actual traffic is required in a simulation environment, which is required for network-based inter-operability test evaluation, future network traffic demand prediction, and expansion plan research.

Accordingly, an object of the present invention is to propose a method for generating a simulated traffic by analyzing a generation pattern of the real traffic in order to generate the real traffic similarly in a simulation environment, and verifying the similarity between the simulated traffic and the real traffic.

In order to achieve the above object, the traffic modeling method of the network according to the present invention,

A traffic modeling method for modeling simulated traffic in a network and verifying similarity with real traffic,

(a) collecting actual traffic of the network by capturing packets of the network;

(b) extracting a probability density function and a parameter value of the traffic based on the information obtained from the collected real traffic;

(c) generating simulated traffic using the probability density function and parameter values of the real traffic;

(d) extracting probability density functions and parameter values of the generated simulated traffic;

(e) comparing the probability density function and the parameter value of the real traffic with the probability density function and the parameter value of the simulated traffic.

Preferably, the method further comprises the step of verifying that the real traffic and the simulated traffic have the same characteristics.

Preferably, the verification in step (f)

And comparing and verifying the Hurst parameter value of the real traffic and the Hurst parameter value of the simulated traffic.

Preferably, in the step (f)

If the two Hurst parameter values do not coincide with each other, it is determined that the real traffic and the simulated traffic are not similar.

If it is determined as described above, it is characterized in that the step of extracting the probability density function of the real traffic and the modeling process for generating the simulated traffic.

Preferably, in step (e)

If the parameter value of the real traffic probability density function and the parameter value of the simulated traffic probability density function match,

It is determined that the simulated traffic is similar to the real traffic, and that the simulated traffic modeling has been successfully performed.

Preferably, in step (e)

If a parameter value of the real traffic probability density function does not coincide with a parameter value of the simulated traffic probability density function,

The modeling process of generating the simulated traffic may be performed by looking at a design error of the module generating the simulated traffic or through a debugging process.

Preferably, step (a) is

And classifying flow information and packet header information of the real traffic from the captured packets.

Preferably, the flow information is

A data value indicating how many packets occurred per unit of time,

Characterized in that it comprises a data value indicating how much traffic in a particular time zone.

Preferably, the packet header information is

Analyzes field values contained in the packet header

It includes information about the origin and destination of the packet, the length of the packet, the time of occurrence, and the packet itself, such as the application.

Preferably, in the step (a)

The collected real traffic information may further include classifying for each application system and analyzing and managing necessary parameters separately for comparison with the simulated traffic.

Preferably, step (c)

Modeling real traffics by classifying application systems to generate the simulated traffic;

And inputting a probability density function and a parameter value of the real traffic corresponding to each application system for generating the simulated traffic.

In addition, in order to achieve the above object, the traffic simulation and similarity verification method of the network according to the present invention,

(A) collecting network real traffic and analyzing a generation pattern of the traffic;

(B) extracting the collected real traffic information and modeling the simulated traffic using the extracted information;

(C) obtain Hurst parameter values of the collected real traffic and the simulated traffic, respectively;

And comparing the obtained values to verify the similarity between the real traffic and the simulated traffic.

Preferably, in the step (B)

If the parameter value of the probability density function extracted from the real traffic and the parameter value of the probability density function extracted from the simulated traffic coincide with each other,

It is determined that the simulated traffic is similar to the real traffic, and that the simulated traffic modeling has been successfully performed.

Preferably, in the step (C)

When the two Hurst parameter values coincide with each other, it is determined that the real traffic and the simulated traffic are similar.

In addition, in order to achieve the above object, the traffic analysis system of the network according to the present invention,

A network traffic capture module for capturing packets coming and going on the network, and classifying the captured packets into flow information and packet header information, thereby collecting real traffic;

A first PDF (Probability Density Function) / parameter extraction module for extracting a probability density function and a parameter value of the real traffic from the captured flow information and packet header information;

A traffic generator for generating simulated traffic using the extracted probability density function and parameter values of the real traffic;

A second PDF (Probability Density Function) / parameter extraction module for extracting a probability density function and a parameter value from the generated simulated traffic;

And a comparison module for determining similarity between the real traffic and the simulated traffic by comparing the probability density function and the parameter value of the real traffic with the probability density function and the parameter value of the simulated traffic.

Preferably, the first Hurst parameter generation module for generating a first Hurst parameter value from the simulated traffic generated in the traffic generator;

A second Hurst parameter generation module for generating a second Hurst parameter value from the real traffic generated by the network traffic capture module;

And comparing the generated first Hurst parameter value with the generated second Hurst parameter value to verify a self similarity between the real traffic and the simulated traffic.

The present invention provides a method of simulating real traffic on a network and a method of verifying the similarity thereof. The present invention has the effect of establishing a more reliable and stable network modeling and simulation environment by utilizing this method.

FIG. 1 is a block diagram illustrating the overall structure of a real-time simulation traffic generator based on a distribution function and parameters according to an embodiment of the present invention.
2 is a flowchart illustrating a simulation process for verifying a probability density function and self-similarity between real traffic and simulated traffic according to an embodiment of the present invention.
3 is a block diagram of FIG. 2 as an embodiment of the present invention.

The present invention is applied to a traffic related technology of a network system. However, the present invention is not limited thereto, and the technical idea of the present invention may be applied to systems and fields of other technical fields.

As the inventive concept allows for various changes and numerous embodiments, particular embodiments will be illustrated in the drawings and described in detail in the written description. However, this is not intended to limit the present invention to specific embodiments, it should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention.

Terms including ordinal numbers such as first and second may be used to describe various components, but the components are not limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component. The term and / or includes any item of a plurality of related listed items or a plurality of related listed yields.

When an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, but other elements may be present in between. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that there is no other component in between.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, the terms "comprise" or "have" are intended to indicate that there is a feature, number, step, action, component, part, or combination thereof described on the specification, and one or more other features. It is to be understood that the present disclosure does not exclude the possibility of the presence or the addition of numbers, steps, operations, components, components, or a combination thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in the commonly used dictionaries should be construed as having meanings consistent with the meanings in the context of the related art and shall not be construed in ideal or excessively formal meanings unless expressly defined in this application. Do not.

The present invention focuses on the need to simulate the actual traffic of a military communication network and verify its similarity in order to model and simulate a special communication environment such as a battlefield. With this in mind, the present invention analyzes a traffic generation pattern in a network environment: i) collects real traffic of a network and extracts distribution functions and parameters through traffic generation pattern analysis; ii) generate simulated traffic that simulates real traffic; iii) Then, we propose a method to verify the similarity between simulated traffic and real traffic, to build a reliable and stable network modeling and simulation environment.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout. The description will be omitted.

1 is a block diagram showing the overall structure of a real-time simulation traffic generator based on a distribution function and parameters according to an embodiment of the present invention.

As shown in FIG. 1, the present invention is largely based on the network traffic capture module 101, the PDF (Probability Density Function) / parameter extraction module 102 and 104, the traffic generation module 103, and the comparison module 105 and 107. And Hurst parameter generation modules 106 and 108.

The network traffic capture module 101 of FIG. 1 is described. In the present invention, an existing packet capture tool is used to collect actual network traffic. In the present invention, the packets coming and going on the network to be measured are captured, and the captured packets are classified into flow information and packet header information. Here, as flow information, data values such as how many packets are generated per unit of time, how much traffic in a specific time zone, etc. may be determined. Meanwhile, in the packet header information, field values included in the header may be analyzed to determine information about the packet itself, such as a packet's origin and destination, a packet length, an occurrence time, and a corresponding application system. The collected information is classified for each application system to compare with the simulated traffic and analyze and manage necessary parameters separately.

Probability Density Function (PDF) / parameter extraction module 102 in Figure 1, through the network traffic capture module through the information obtained by collecting the actual network traffic (ie flow information and packet header information), the probability density of the traffic Probability Density Function and its parameter values are extracted. If only the traffic flows are to be compared, it is necessary to determine what distribution the traffic volume obtained through packet capture by the network traffic capture module is using Q-Q Plot. On the other hand, in the case of a comparative group segmented by application system, the traffic information is separately prepared using the information included in the packet header, and then the distribution is found by using the Q-Q Plot.

Here, the Q-Q Plot is a method of measuring whether two distributions included in the same comparison group match each other, and is also widely used as a method for measuring whether a specific distribution is most similar to and suitable for a specific distribution. Through this, we find the optimal sum probability density function, extract the parameter (parameter) values constituting the distribution function, and store the information about the distribution function-parameter pair.

On the other hand, if the probability density function and parameters cannot be properly extracted through the actual network traffic collection, the probability density function and the parameter values can be obtained from the values verified through direct simulation and experiment.

The traffic generation module 103 of FIG. 1 generates mock traffic. That is, the traffic generation module 103 may obtain the information obtained through the network traffic capture module 101 and the PDF (Probability Density Function) / parameter extraction module 102 (that is, the actual traffic on the network and the probability density function of the corresponding traffic ( Probability Density Function) and its corresponding parameter values are used to generate the simulated traffic.

Hereinafter, the function and operation of the traffic generation module 103 of FIG. 1 will be described in more detail.

In the present invention, in order to generate mock traffic, traffic is modeled by classifying existing applications. In the process of modeling traffic by classifying existing applications, traffic distribution values for each application system should be input. Modeling traffic through the simulator allows you to enter specific distributions and corresponding parameters. In this case, the probability density function and parameter values measured above may be input for each application system. The modeled traffic generator generates mock traffic.

 As described above, the actual traffic obtained through the network traffic capture module 101 and the PDF / parameter extraction module 102 and the simulated traffic obtained through the traffic generator 103 are processed in the comparison module 105.

Hereinafter, the comparison module 105 of FIG. 1 will be described.

The comparison module 105 compares the parameters between the actual traffic and the simulated traffic. The traffic generator 103 generates mock traffic. The generated simulated traffic is again processed by the PDF / parameter extraction module 104, whereby the traffic probability density function and parameter values can be extracted. If modeling is successful and accurate, then the probability density functions and parameters extracted from the simulated traffic must match those extracted from the actual traffic (ie, the probability density functions and parameters).

If the two values extracted from the simulated traffic and the actual traffic show different results, the modification of the traffic generator is performed by examining errors in the module design in the traffic generator 103 or through debugging. Even if this correction process causes errors in the measured and simulated traffic parameters, it is necessary to go back to the first step of the verification module and re-analyze the actual network traffic. If the probability density function and parameter values measured initially are incorrect, we cannot expect that the simulated traffic generated through the input of those values will be similar to the actual traffic.

If the flows and parameter values compared through these processes coincide without a large error, it can prove that the design of the traffic generator and the analysis of the parameters extracted from the actual traffic have been performed without error.

As described above, the comparison module 105 compares and feedbacks the two values, the value of the parameter extracted from the actual traffic, and the value of the parameter extracted from the simulated traffic, thereby modeling by reducing the error between the two values. .

Hereinafter, the Hurst parameter generation module 106 and 108 and the comparison module 107 will be described.

The Hurst parameter generation module 106 and 108 and the comparison module compare the degree of self-similarity between the real traffic and the simulated traffic through the self-similarity of the traffic. In this case, the degree of self-similarity can be known by obtaining Hurst parameter values through R / S Plot, VT Plot, or Wavelet method. That is, the Hurst parameter generation module 108 obtains a Hurst parameter value using actual traffic. If the Hurst parameter value obtained by measuring the actual traffic shows more than 0.5 and less than 1, it can be said to be self-similarity, and it is understood how much self-similarity is shown through the numerical value.

In addition, the Hurst parameter value measured in the simulation traffic may be obtained by the Hurst parameter generation module 106 using the simulation traffic generated from the traffic generator 103. At this time, mock traffic generated by modeling real traffic should show self-similarity like real traffic. Therefore, the Hurst parameter generation module 106 obtains a Hurst parameter value for the simulated traffic by applying a method of obtaining actual traffic to the simulated traffic.

If the Hurst parameter value of the simulated traffic does not exist within the range (ie, the value is 0.5 or more and 1 or less) and thus does not show self-similarity, it is difficult to compare the traffic with the real traffic and it is difficult to see that the two traffics are similar. In order to show similarity between two traffics (ie, simulated traffic and real traffic), they must have the same characteristics, so they must have common characteristics for self-similarity. If both traffics have self-similarity, the value of Hurst parameter also matches without any significant error. You should show how to do it.

2 is a flowchart illustrating a simulation process for verifying a probability density function and self-similarity between real traffic and simulated traffic according to an embodiment of the present invention.

3 is a block diagram illustrating FIG. 2 as an embodiment of the present invention.

As shown in FIG. 2, prior to the verification of the traffic generator 103 of FIG. 1, a simulation for the traffic similarity verification scheme presented in the present invention is performed.

1) As shown in FIG. 2, real traffic information is collected (S201). To collect the actual traffic information, we designate one real network server for the simulation. For example, a packet sniffer such as Tcpdump or Wireshark (Ether-real) is used to collect information from the server (that is, the designated network server) and analyze the information. Because it simulates the methodology for simulating the simulated traffic similarity, one specific application traffic is selected, the flow information of the traffic is analyzed, and the data is recorded in a file such as Excel.

2) As shown in FIG. 2, an optimal distribution and a parameter are derived (S202). At this time, Q-Q Plot is used to find the optimal distribution of the measured traffic. The Q-Q plot shows the distribution of a specific distribution and the measured traffic, indicating whether the two distributions match. In other words, if the points on the plot show a straight line, it means that the two distributions that are compared coincide with each other. In this way, it is possible to find the optimal distribution of actual traffic for several standard distributions. In order to draw a Q-Q plot, the present invention extracts parameter values according to the probability density function using a statistical program such as SPSS.

3) The extracted probability density function and parameter values are stored (S203).

4) As shown in FIG. 2, traffic modeling for simulation traffic is performed (S204). In the present invention, the probability density function and the parameters obtained by measuring one application system are applied to traffic modeling (for example, OPNET modeling in FIG. 2).

5) From the simulated traffic S204, a probability density function and its parameters can be obtained (S205). Again, use the same Q-Q plot as above.

6) The probability distribution and parameter values of the simulated traffic obtained through S204 and S205 are compared with the probability distribution and parameter values of the real traffic obtained through S201 and S202 (S206). That is, it is determined whether the result value of the simulated traffic extracted through the process S205 matches the probability density function and the parameter value applied in the traffic modeling.

If each probability distribution and each parameter value of the simulated traffic and the real traffic coincide with each other, it can be assumed that the two traffics, that is, the real traffic and the simulated traffic, are generated similarly.

7) Meanwhile, in order to verify whether these two traffics have the same characteristics, the Hurst parameter values indicating the degree of self-similarity are compared (S207). The degree of self-similarity between the measured traffic and the simulated traffic is calculated using the Hurst parameter calculation method presented in the present invention and used as a verification of the traffic characteristics. If it is obtained that the two values do not coincide or have opposite characteristics, the two traffics cannot be regarded as similar. At this time, the simulation must be performed again by returning to obtaining the probability density function of the measured traffic and modeling the application system.

Hereinafter, a traffic analysis system of a network according to the present invention will be described.

The function and configuration of the traffic analysis system according to the present invention employs reference to FIGS. 1 to 3. However, the traffic analysis system of the present invention has described only the components of the technical features, and includes basic hardware (input unit, output unit, transceiver, etc.) for implementing the embodiments of the present invention, It is possible to configure software that can be implemented or modules containing the software. Functions and operations of these hardware and software components are equally applicable to those skilled in the art. However, the characteristics of the traffic analysis system according to the present invention will be described with reference to the description of FIG. 1 as follows.

Traffic analysis system of the network according to the present invention,

A network traffic capture module 101 for collecting real traffic by capturing packets coming and going on the network and classifying the captured packets into flow information and packet header information; A first PDF (Probability Density Function) / parameter extraction module (102) for extracting a probability density function and a parameter value of the real traffic from the captured flow information and packet header information; A traffic generator 103 for generating simulated traffic using the extracted probability density function and parameter values of the real traffic; A second PDF (Probability Density Function) / parameter extraction module (104) for extracting a probability density function and parameter values from the generated simulated traffic; And a comparison module 105 for determining the similarity between the real traffic and the simulated traffic by comparing the probability density function and the parameter value of the real traffic with the probability density function and the parameter value of the simulated traffic.

In addition, the traffic analysis system of the network according to the present invention comprises: a first Hurst parameter generation module (106) for generating a first Hurst parameter value from the simulated traffic generated in the traffic generator;

A second Hurst parameter generation module (108) for generating a second Hurst parameter value from the real traffic generated in the network traffic capture module;

And a comparison module 107 which compares the generated first Hurst parameter value with the generated second Hurst parameter value and verifies a magnetic similarity between the real traffic and the simulated traffic.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. will be. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

101: network traffic capture module 102, 104: PDF / parameter extraction module
103: traffic generator 105, 107: comparison module
106, 108: Hurst parameter generation module

Claims (10)

  1. A traffic modeling method for modeling simulated traffic in a network and verifying similarity with real traffic,
    (a) collecting actual traffic of the network by capturing packets of the network;
    (b) extracting a probability density function and a parameter value of the traffic based on the information obtained from the collected real traffic;
    (c) generating simulated traffic using the probability density function and parameter values of the real traffic;
    (d) extracting probability density functions and parameter values of the generated simulated traffic;
    (e) comparing the probability density function and the parameter value of the real traffic with the probability density function and the parameter value of the simulated traffic;
    In step (e)
    If the parameter value of the real traffic probability density function and the parameter value of the simulated traffic probability density function match, it is determined that the simulated traffic is similar to the real traffic, and that simulation traffic modeling has been successfully performed. Determined,
    In step (e)
    If a parameter value of the real traffic probability density function does not coincide with a parameter value of the simulated traffic probability density function,
    Traffic modeling method of the network, characterized in that for performing the modeling process for generating the simulated traffic through the error analysis or debugging of the design of the module for generating the simulated traffic.
  2. The method of claim 1,
    (f) verifying that the real traffic and the simulated traffic have the same characteristics.
  3. The method of claim 2, wherein in step (f), the verification is performed.
    And comparing the Hurst parameter value of the real traffic and the Hurst parameter value of the simulated traffic, which indicates a degree of self-similarity.
  4. The method of claim 3, wherein in step (f)
    If the two Hurst parameter values do not coincide with each other, it is determined that the real traffic and the simulated traffic are not similar.
    If it is determined as above, extracting the probability density function of the real traffic and performing a modeling process for generating the simulated traffic.
  5. delete
  6. The method of claim 1, wherein step (a)
    Classifying flow information and packet header information of the real traffic from the captured packets;
    The flow information is
    A data value indicating how many packets occurred per unit of time,
    The traffic modeling method comprising a data value indicating how much traffic in a particular time zone.
  7. The method of claim 1, wherein in step (a)
    The collected information of the real traffic further comprises the step of classifying each application system for comparison with the simulated traffic and analyzing and managing the necessary parameters separately, characterized in that the network traffic modeling method.
  8. The method of claim 1, wherein step (c)
    Modeling real traffics by classifying application systems to generate the simulated traffic;
    And inputting a probability density function and a parameter value of the real traffic corresponding to each application system for generating the simulated traffic.
  9. (A) collecting network real traffic and analyzing a generation pattern of the traffic;
    (B) extracting the collected real traffic information and modeling the simulated traffic using the extracted information;
    (C) obtaining a Hurst parameter value of each of the collected real traffic and the simulated traffic, and comparing the obtained values to verify the similarity between the real traffic and the simulated traffic;
    In the step (B)
    When the parameter value of the probability density function extracted from the real traffic and the parameter value of the probability density function extracted from the simulated traffic coincide with each other, it is determined that the simulated traffic is similar to the real traffic, and the simulation traffic modeling is successful. Is determined by
    In the step (C)
    And when the two Hurst parameter values coincide with each other, it is determined that the real traffic and the simulated traffic are similar to each other.
  10. A network traffic capture module for capturing packets coming and going on the network, and classifying the captured packets into flow information and packet header information, thereby collecting real traffic;
    A first PDF (Probability Density Function) / parameter extraction module for extracting a probability density function and a parameter value of the real traffic from the captured flow information and packet header information;
    A traffic generator for generating simulated traffic using the extracted probability density function and parameter values of the real traffic;
    A second PDF (Probability Density Function) / parameter extraction module for extracting a probability density function and a parameter value from the generated simulated traffic;
    A comparison module for determining similarity between the real traffic and the simulated traffic by comparing the probability density function and the parameter value of the real traffic with the probability density function and the parameter value of the simulated traffic;
    A first Hurst parameter generation module for generating a first Hurst parameter value from the simulated traffic generated by the traffic generator;
    A second Hurst parameter generation module for generating a second Hurst parameter value from the real traffic generated by the network traffic capture module;
    And a comparison module for comparing the generated first Hurst parameter value with the generated second Hurst parameter value and verifying a self similarity between the real traffic and the simulated traffic.
KR1020100002856A 2010-01-12 2010-01-12 Method for simulating and examining traffic and network traffic analysis system KR101073402B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020100002856A KR101073402B1 (en) 2010-01-12 2010-01-12 Method for simulating and examining traffic and network traffic analysis system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020100002856A KR101073402B1 (en) 2010-01-12 2010-01-12 Method for simulating and examining traffic and network traffic analysis system

Publications (2)

Publication Number Publication Date
KR20110082915A KR20110082915A (en) 2011-07-20
KR101073402B1 true KR101073402B1 (en) 2011-10-17

Family

ID=44920745

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020100002856A KR101073402B1 (en) 2010-01-12 2010-01-12 Method for simulating and examining traffic and network traffic analysis system

Country Status (1)

Country Link
KR (1) KR101073402B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10785122B2 (en) * 2018-10-05 2020-09-22 Cisco Technology, Inc. Canary release validation mechanisms for a containerized application or service mesh

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101299192B1 (en) * 2012-09-14 2013-08-21 아주대학교산학협력단 Apparatus for simulating based on modeling and simulation framework in distributed cognitive radio networks
KR102040094B1 (en) * 2018-10-19 2019-11-05 국방과학연구소 Data construction apparatus and method for the generation of internet background traffic in the cyber training system
KR102179439B1 (en) * 2018-11-06 2020-11-16 국방과학연구소 Meta information platform devices and methods for recycle standard/threat traffic

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000252987A (en) * 1999-03-02 2000-09-14 Nippon Telegr & Teleph Corp <Ntt> Transmission network system and its traffic generation method and method for evaluating network performance

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000252987A (en) * 1999-03-02 2000-09-14 Nippon Telegr & Teleph Corp <Ntt> Transmission network system and its traffic generation method and method for evaluating network performance

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
‘자기유사성을 고려한 VoIP 트래픽 생성 시뮬레이션 방법의 연구’, 한국시뮬레이션학회, 2004년 춘계학술대회 논문집, 2004.05.01.*

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10785122B2 (en) * 2018-10-05 2020-09-22 Cisco Technology, Inc. Canary release validation mechanisms for a containerized application or service mesh

Also Published As

Publication number Publication date
KR20110082915A (en) 2011-07-20

Similar Documents

Publication Publication Date Title
Felderer et al. Model‐based security testing: a taxonomy and systematic classification
Baier et al. Performance evaluation and model checking join forces
Ning et al. Learning attack strategies from intrusion alerts
Dall’Asta et al. Exploring networks with traceroute-like probes: Theory and simulations
De Donato et al. Traffic identification engine: an open platform for traffic classification
Berkes et al. Detecting changes in the mean of functional observations
Fonseca et al. Evaluation of web security mechanisms using vulnerability & attack injection
Mahadevan et al. Orbis: rescaling degree correlations to generate annotated internet topologies
KR100962532B1 (en) System for load regenerating using packets of load test and its method
Obes et al. Attack planning in the real world
Hjelmvik et al. Statistical protocol identification with spid: Preliminary results
Katoen et al. Bisimulation minimisation mostly speeds up probabilistic model checking
Huang et al. Distilling critical attack graph surface iteratively through minimum-cost sat solving
CN106161451B (en) Defend the method, apparatus and system of CC attack
CN104506484B (en) A kind of proprietary protocol analysis and recognition methods
Gascon et al. Pulsar: Stateful black-box fuzzing of proprietary network protocols
TWI541662B (en) Methods and systems for estimating entropy
Ghosh et al. A framework for quantitative analysis of cascades on networks
TWI234974B (en) Methodology of predicting distributed denial of service based on gray theory
Rieck et al. Persistent homology for the evaluation of dimensionality reduction schemes
Gupta et al. PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications
CN102035698B (en) HTTP tunnel detection method based on decision tree classification algorithm
CN105022960A (en) Multi-feature mobile terminal malicious software detecting method based on network flow and multi-feature mobile terminal malicious software detecting system based on network flow
Liu et al. Weighted graph clustering for community detection of large social networks
Sala et al. Measurement-calibrated graph models for social network experiments

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20141006

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20191002

Year of fee payment: 9