• Smart Media Journal
• /
• v.4 no.4
• /
• pp.24-32
• /
• 2015

Recently, SDN is actively used as datacenter networks and gradually increase its applied areas. Along with this change of networking environment, research of deploying network security systems on SDN becomes highlighted. Especially, systems for detecting network flooding attacks by monitoring every packets through ports of OpenFlow switches have been proposed. However, because of the centralized management of a SDN controller which manage multiple switches, it may be substantial overhead that the attack detection system continuously monitors all the flows. In this paper, a sampling based network flooding attack detection and prevention system is proposed to reduce the overhead of monitoring packets and to achieve reasonable functionality of attack detection and prevention. The proposed system periodically takes sample packets of network flows with the given sampling conditions, analyzes the sampled packets to detect network flooding attacks, and block the attack flows actively by managing the flow entries in OpenFlow switches. As network traffic sampler, sFlow agent is used, and snort, an opensource IDS, is used to detect network flooding attack from the sampled packets. For active prevention of the detected attacks, an OpenDaylight application is developed and applied. The proposed system is evaluated on the local testbed composed with multiple OVSes (Open Virtual Switch), and the performance and overhead of the proposed system under various sampling condition is analyzed.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.39-44
• /
• 2003

The network performance gets down during congestion periods to solve the problem effectively. A RED(Random Earl Detection) algorithm of the queue management algorithm is proposed and IETF recommends it as a queue management. A RED algorithm controls a congestion aspect dynamically. In analyzing parameters when static value of parameter is set in the gateway cannot be handled the status of current network traffic properly We propose the Effective RED algorithm to solve with the weakness of RED In this algorithm the maximum drop probability decides to accept or drop the interning packets, is adjusted dynamically on the current queue state for controlling the congestion phase effectively in the gateway. This algorithm is confirmed by computer simulation using the NS(Network Simulator)-2.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10b
• /
• pp.1267-1270
• /
• 2000

위성통신 시스템은 기존의 지상망이나 광 케이블 기술에 비해 통신 대역폭의 유연성과 다중 접속능력, 이동통신, 광역성, 멀티포인트 및 브로드캐스팅 등의 본래의 특징으로 인해 초고속정보통신망 구축에 중요한 역할을 하게 된다. 특히 OBP (On-Board Processing) 기술을 적용하면 기존 위성통신 탑재장치의 수동적인 중계 기능 이외에 복조/재변조, 부호/복호화 및 오류정정, 중계기 및 빔간의 상호 연결/절체 등의 새로운 기능이 추가되어 능동적인 중계를 가능하게 함으로써 통신 품질의 향상, 통신 링크의 전송 효율 개선, 전송 용량 증대 등의 장점을 갖고있다. OBP 탑재 위성 B-IDSN 중계망은 하나의 거대한 가상 ATM 교환기로 간주되고, 여러중계 지구국들중 목적 중계 지구국으로 패킷들을 직접 라우팅 할 수 있는 장점이 있다. 본 논문은 OBP 탑재 위성 B-ISDN 연동 프로토콜 연구를 수행하는 것으로서, 위성 B-ISDN 구조와 각 지구국별 신호 기능 및 B-IDSN 신호 시스템인 DSS2 계층 3 신호 프로토콜, B-ISUP 프로토콜, S-BISUP 프로토콜의 구조를 분석하였다. 또한 점-대-다지점을 위한 B-ISDN의 연결과 소유권 및 각각의 프로토콜에 대한 메시지와 프리미티브를 정의하여, 이를 토대로 OBP 탑재 위성 B-IDSN 연동 프로토콜의 기본 호 처리 절차를 설계 및 구현하고, 이를 테스트하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.416-419
• /
• 2004

Computer simulation has used to a area of military training in recent years. Computer simulation endow a military nan with field raining such as combat experience without operating combat strength or capabilities. To samely construct simulation environment against actual combat environment is to well construct ㏈ to operate war game model, associate among federates on network. we construct virtual combat environment enabling to efficiently manage network traffic among federates(or active nodes) on active network that construct virtual military training spare such as urgent combat field needed to rapidly transfer combat information including image and video.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.3
• /
• pp.31-38
• /
• 2010

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.10 no.2
• /
• pp.112-121
• /
• 2011

The IEEE WAVE standard specification does not support handover operation since it is designed to transmit mainly the ITS-related messages that are limited in length. More advanced multimedia applications such as Internet browsing and streaming of video clips produced by CCTVs, however, require handover support such that a sequence of data packets can be received seamlessly while an OBU's association with the RSUs changes. This paper presents a new handover scheme that can operate without performance degradation in the cases where there are multiple RSUs in the areas of handover by making use of the IEEE 802.11f IAPP Move-notify messages, based on the fast handover scheme with proactive caching by disassociation messages introduced previously. Experimental results from the simulation shows that the proposed handover scheme outperforms the scheme based solely on multicast.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.959-970
• /
• 2004

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current so curity mechanisms just have passive defense functionalities. In this paper, we propose new network suity architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We im-plemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.6B
• /
• pp.605-614
• /
• 2009

Existing Internet services were almost supported by the best effort service such as the data transmission service and were allowed the transmission delay and packet loss. However, recent Internet multimedia services such as Internet phone, Internet broadcasting are required a real-time processing and high bandwidth. Therefore, many studies for providing Internet QoS are performed at IETF (Internet Engineering Task Force). As the buffer management mechanism among IP QoS methods, active queue management method such as RED (Random Early Detection) algorithm has proposed. However, RED algorithm has a limitation of usage of an average buffer length and unfairness. So, many algorithms proposed as the modified algorithm of RED. But these modified algorithms also have difficulties to satisfy the requirements of various Internet user QoS. Therefore, in this paper we propose the QoS adaptive AQM (Active Queue Management) algorithm for the multimedia services that request various QoS requirements and present a performance evaluation by the simulations using the ns-2.

• The Journal of the Korea Contents Association
• /
• v.6 no.12
• /
• pp.29-39
• /
• 2006

With the increasing popularity of the wireless network, the vulnerability issue on IEEE 802.1x Wireless Local Area Network (WLAN) are more serious than we expected. Security issues range from mis-configured wireless Access Point(AP) such as session hijacking to Denial of Service(DoS) attack. We propose a new system based on intrusion detection or prevention mechanism to protect the wireless network against these attacks. The proposed system has a security solution on AP that includes an intrusion detection and protection system(IDS/IPS) as an embedded module. In this paper, we suggest integrated wireless IDS/IPS module on AP with wireless traffic monitoring, analysis and packet filtering module against malicious wireless attacks. We also present that the system provides both enhanced security and performance such as on the university wireless campus network.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.23-32
• /
• 2010

In this paper, we first propose the security enhancing of authentication protocol for Hash based RFID tag, and then a digital Codec for RFID tag is designed based on the proposed authentication protocol. The protocol is based on a three-way challenge response authentication protocol between the tags and a back-end server. In order to realize a secure cryptographic authentication mechanism, we modify three types of the protocol packets which defined in the ISO/IEC 18000-3 standard. Thus active attacks such as the Man-in-the-middle and Replay attacks can be easily protected. In order to verify effectiveness of the proposed protocol, a digital Codec for RFID tag is designed using Verilog HDL, and also synthesized using Synopsys Design Compiler with Hynix $0.25\;{\mu}m$ standard-cell library. Through security analysis and comparison result, we will show that the proposed scheme has better performance in user data confidentiality, tag anonymity, Man-in-the-middle attack prevention, replay attack, forgery resistance and location tracking.