Проекты

Statistics-based Network Behavior Modeling

2018-05-01 ~ 2018-10-31

We focused on statistical-based network behavior modeling to develop technology that efficiently classifies network traffic and detects unusual signs that deviate from normal patterns. To overcome the limitations of traditional port-based and payload-based traffic classification methods, we used host behavior analysis and Latent Dirichlet Allocation (LDA) techniques to identify traffic characteristics and patterns, which increased our classification accuracy. For user convenience, we developed a GUI-based traffic classification tool and added an x.509 certificate analysis feature to extract certificate information from SSL communication traffic. Using real-world laboratory data and public datasets, we analyzed various network behaviors, including server, client, and attack traffic. We then visually verified the anomalies using BLINC graphs and Radar charts. check

Characterization and Automatic Labeling of Malicious Traffic in Control System Networks

2017-04-01 ~ 2017-10-31

We proposes an automated method for classifying specialized network traffic in Industrial Control Systems (ICS), also known as SCADA. To address the limitations of existing traffic classification tools, which struggle to identify the unique traffic patterns in these critical systems, we leveraged Latent Dirichlet Allocation (LDA), a probabilistic text modeling technique. By treating a network traffic flow as a document and its payload data as words, the LDA model automatically extracts hidden "topics" (traffic signatures) to classify the flows. Applied to real-world water resource control system traffic data (approx. 44 GB), our method successfully classified 96.3% of the traffic that existing tools failed to identify, demonstrating its effectiveness and applicability in specialized SCADA environments.

August 12, 2025