• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.443-451
• /
• 2005

Stateful inspection devices must maintain flow information. These devices create the flow information also for network attack packets, and it can fatally inflate the dynamic memory allocation on stateful inspection devices under network attacks. The memory inflation leads to memory overflow and subsequent performance degradation. In this paper, we present a guideline to set the flow entry timeout for a stateful inspection device to remove harmful embryonic entries created by network attacks. Considering Transmission Control Protocol (TCP) if utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that for all practical purposes one should not reserve memory for an embryonic TCP connection with more than (R+T) seconds of inactivity where R=0, 3, 9 and $1\leqq{T}\leqq{2}$ depending on the load level.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.6
• /
• pp.1091-1098
• /
• 2009

In this paper, we designed the authentication system for home network service and applied it to actual sensor nodes. The pair-wise pre-distribution key skim is applied for prevention of authentication key from sniffing on the wireless sensor networks. The authentication key and data are encrypted by using the CBC mode RC5 algorithm based on the SPINS. The experimental environment consists of a base station (BS)and sensor nodes and each sensor node sends both sensing data and the encrypted authentication key to the BS. For simulations we set up some what-if scenarios of security menaces in home network service.Slightly modified the TOS_Msg data arrays of TinyOS is suggested to store 8-byte authentication key which can enable data encryption and authentication at the each sensor node. As a result, malfunction caused by communication between BS and nodes of other groups of added nodes having malicious purpose can be protected. Also, we confirmed that a critical data of home networking service like vital signal can be transmitted securely through this system by encryption technique.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.185-194
• /
• 2007

WiBro has become intentionally standardize as IEEE 802.16e. This WiBro service has been started by a portable internet at home as well as abroad. In this paper, an offender hacker do not direct attack on system on system that It marched an attack directly in damage system because a place oneself in mobile station of portable internet WiBro and avoid to attack hacker's system. At this time, a mobile make use of network inspection policy for back-tracking based on log data. Used network log audit, and presented TCP/IP bases at log bases as used algorithm, the SWT technique that used Thumbprint Algorithm. Timing based Algorithm, TCP Sequence number. Study of this paper applies algorithm to have been progressed more that have a speed to be fast so that is physical logical complexity of configuration of present Internet network supplements a large disadvantage, and confirm an effective back-tracking system. result of research of this paper contribute to realize a back-tracking technique in ubiquitous in WiBro internet network.

• Journal of Convergence for Information Technology
• /
• v.10 no.7
• /
• pp.41-48
• /
• 2020

Recently, the spreading business of AMI (Advanced Metering Infrastructure) remote metering systems in various regions of the country has been activated, and it provides various metering functions such as two-way communication and security plan functions for power demand management. Current AMI system is difficult to analyze based on the existing RDB(Relational Database) due to the increase in the size of new internal IoT devices and networks. This study proposes a new GDB(Graph Database) based failure analysis method that utilizes existing RDB data. It analyzes the correlation of new failure patterns through accumulated data such as internal thresholds and status values. As a result of GDB-based simulation, it was confirmed that RDB can predict to a new obstacle pattern that was difficult to analyze.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1284-1290
• /
• 2004

In market-basket analysis, weighted association rule(WAR) discovery can mine the rules which include more beneficial information by reflecting item importance for special products. However, when items are divided into more than one group and item importance for each group must be measured by different measurement or separately, we cannot directly apply traditional weighted association rule discovery. To solve this problem, we propose a novel methodology to discovery the weighted association rule in this paper In this methodology, the items should be first divided into sub-groups according to the properties of the items, and the item importance is defined or calculated only with the items enclosed to the sub-group. Our algorithm makes qualitative evaluation for network risk assessment possible by generating risk rule set for risk factor using network sorority data, and quantitative evaluation possible by calculating risk value using statistical factors such as weight applied in rule generation. And, It can be widely used for new model of more delicate analysis in market-basket database in which the data items are distinctly separated.

• KNOM Review
• /
• v.22 no.1
• /
• pp.42-51
• /
• 2019

Recently, the amount of internet traffic is increasing due to the increase in speed and capacity of the network environment, and protocol data is increasing due to mobile, IoT, application, and malicious behavior. Most of these private protocols are unknown in structure. For efficient network management and security, analysis of the structure of private protocols must be performed. Many protocol reverse engineering methodologies have been proposed for this purpose, but there are disadvantages to applying them. In this paper, we propose a methodology for inferring a detailed protocol structure based on network trace analysis by hierarchically combining CSP (Contiguous Sequential Pattern) and SP (Sequential Pattern) Algorithm. The proposed methodology is designed and implemented in a way that improves the preceeding study, A²PRE, We describe performance index for comparing methodologies and demonstrate the superiority of the proposed methodology through the example of HTTP, DNS protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.408-420
• /
• 2010

On a Mobile Ad hoc NETwork(MANET), it is difficult to detect and prevent misbehaviors nodes existing between end nodes, as communication between remote nodes is made through multiple hop routes due to lack of a fixed networked structure. Therefore, to maintain MANET's performance and security, a technique to identify misbehaving middle nodes and nodes that are compromise by such nodes is required. However, previously proposed techniques assumed that nodes comprising MANET are in a friendly and cooperative relationship, and suggested only methods to identify misbehaving nodes. When these methods are applied to a larger-scale MANET, large overhead is induced. As such, this paper suggests a system model called Secure Cluster-based MANET(SecCBM) to provide secure communication between components aperANET and to ensure eed. As such, this pand managems suapemisbehavior nodes. SecCBM consists apetwo stages. The first is the preventis pstage, whereemisbehavior nodes are identified when rANET is comprised by using a cluster-based hierarchical control structure through dynamic authentication. The second is the post-preventis pstage, whereemisbehavior nodes created during the course apecommunication amongst nodes comprising the network are dh, thed by using FC and MN tables. Through this, MANET's communication safety and efficiency were improved and the proposed method was confirmed to be suitable for MANET through simulation performance evaluation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.11
• /
• pp.2581-2585
• /
• 2010

In the field of network sense for the Ubiquitous environment, the technology of RFID is a significant part. Due to the real time processing of information and the property of network, RFID has been used in service field such as distribution, administrative control of physical distribution, remote measuring device, and security. instead of currently used bar-code. The management system of port facilities using the current RFID technology has the effects of reducing working hours and improvement in data processing, but it is not proper for human resource allocation since it is dominantly worked for physical resources. In this paper, we designed and implemented personnel control system using RFID of 2.4GHz in port facilities which presents a monitoring system for safety operation and increase of efficiency using RFID in order to overcome the limitations and problems of current port operation management techniques.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.520-523
• /
• 2010

In the field of network sense for the Ubiquitous environment, the technology of RFID is a significant part. Due to the real time processing of information and the property of network, RFID has been used in service field such as distribution, administrative control of physical distribution, remote measuring device, and security, instead of currently used bar-code. The management system of port facilities using the current RFID technology has the effects of reducing working hours and improvement in data processing, but it is not proper for human resource allocation since it is dominantly worked for physical resources. In this paper, we designed and implemented personnel control system using RFID of 2.4GHz in port facilities which presents a monitoring system for safety operation and increase of efficiency using RFID in order to overcome the limitations and problems of current port operation management techniques.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.6
• /
• pp.580-586
• /
• 2017

The establishment of big data service environment requires both cloud-based network technology and clustering technology to improve the efficiency of information access. These cloud-based networks and clustering environments can provide variety of valuable information in real-time, which can be an intensive target of attackers attempting illegal access. In particular, attackers attempting IP spoofing can analyze information of mutual trust hosts constituting clustering, and attempt to attack directly to system existing in the cluster. Therefore, it is necessary to detect and respond to illegal attacks quickly, and it is demanded that the security policy is stronger than the security system that is constructed and operated in the existing single system. In this paper, we investigate routing pattern changes and use them as detection information to enable active correspondence and efficient information service in illegal attacks at this network environment. In addition, through the step-by -step encryption based on the routing information generated during the detection process, it is possible to manage the stable service information without frequent disconnection of the information service for resetting.