• Journal of KIISE:Databases
• /
• v.34 no.6
• /
• pp.473-482
• /
• 2007

Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. They raise alarm when possible intrusion happens. But they often output a large amount of low-level of incomplete alert information. Consequently, a large amount of incomplete alert information that can be unmanageable and also be mixed with false alerts can prevent intrusion response systems and security administrator from adequately understanding and analyzing the state of network security, and initiating appropriate response in a timely fashion. So it is important for the security administrator to reduce the redundancy of alerts, integrate and correlate security alerts, construct attack scenarios and present high-level aggregated information. False alarm rate is the ratio between the number of normal connections that are incorrectly misclassified as attacks and the total number of normal connections. In this paper we propose a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The proposed model can classify the alarms from the intrusion detection systems into false alert or true attack. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4B
• /
• pp.311-322
• /
• 2006

Peer-to-peer (P2P) systems have become a popular medium through which to share huge amounts of data. On the basis of network topology, P2P systems are divided into three types: centralized, structured distribution, unstructured distribution. Unstructured P2P systems such as Gnutella are novel in the sense that they are extensible and reliable. However, as the number of nodes increases, unstructured P2P systems would suffer from the high complexity of search operations that have to scan the network to find the required data items. Efficient replication of data items can reduce the complexity, but it introduces another problem of maintaining consistency among replicated data items when each data item could be updated. In this paper, we propose a new update propagation algorithm that propagates an updated data item to all of its replica. The proposed algorithm can reduce the message transfer overhead by adopting the notion of timestamp and hybrid push/pull messaging.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.12B
• /
• pp.1058-1067
• /
• 2006

In this paper, we propose a inband/outband broadcast method for hidden incumbent system detection of medium access control layer for wireless regional area network systems using cognitive radio technology. Through some extra channels that are not currently used, a short message is broadcasted. The message allows CPE detecting an appearance of incumbent system to send sensing report to CR BS. For the hidden incumbent system report message, the BS needs a process or method for allocation of upstream resource to CPEs. And transmitting multiple out-band signals has a possibility to collide with out-band signals of other co-located WRAN BSs. To avoid out-band signal collision, BSs randomly select it out-band signal broadcasting time within the pre-defined explicit out-band signaling, period. And fractional Bandwidth Usage allows WRAN BSs to efficiently use bandwidth.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.11
• /
• pp.73-81
• /
• 2012

This paper proposes an ETWAD(Encapsulation and Tunneling Wormhole Attack Detection) design based on positional information and hop count on Ad-Hoc Network. The ETWAD technique is designed for generating GAK(Group Authentication Key) to ascertain the node ID and group key within Ad-hoc Network and authenticating a member of Ad-hoc Network by appending it to RREQ and RREP. In addition, A GeoWAD algorithm detecting Encapsulation and Tunneling Wormhole Attack by using a hop count about the number of Hops within RREP message and a critical value about the distance between a source node S and a destination node D is also presented in ETWAD technique. Therefore, as this paper is estimated as the average probability of Wormhole Attack detection 91%and average FPR 4.4%, it improves the reliability and probability of Wormhole Attack Detection.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.941-948
• /
• 2005

In the self-healing group key distribution scheme, users are capable of recovering lost group keys on their own without requesting additional transmission from the group manager, where there is no reliable network infrastructure. In this paper, we propose a new self-healing group key distribution scheme with revocation capability, which is optimal in terms of user memory storage and more efficient in terms of communication complexity than the previous results. We obtain a slightly improved result from (13) and (14) by using the new broadcasting method. In addition, we prove that our scheme has the properties of t-wise forward secrecy and t-wise backward secrecy, and extend this self-healing approach to the session key recovery scheme from a single broadcast message.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.1
• /
• pp.115-121
• /
• 2017

Times New RomanThe utilization of Information and Communication Technologies (ICT) in the smart grid application can construct efficient and reliable electrical grid. IEC 61850 was adopted as the standard for smart grid exchanging the information required in an electric power utility. However, applying technologies like IEC 61850 using Ethernet to the automation of small distribution substation directly may cost more than the value of the small distribution substation itself. IEEE 802.15.4 technology attracts attention in the field of power utility automation because of low installation cost and ease of installation. Studies are conducted, which use IEEE 802.15.4 in less strict D1 small distribution substation. This study applied IEEE 802.15.4 to the small distribution substation and conducted performance evaluation using the actual equipment. This study determined the scope of application of IEEE 802.15.4 by conducting a comparative analysis of the message type in IEC 61850.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.6
• /
• pp.18-26
• /
• 2008

In this paper, dynamic GTS scheduling method based on IEEE 802.15.4 is proposed for wireless control system considering reliability and real-time property. The proposed methods can guarantee a transmission of real-time periodic and sporadic data within the limited time frame in factory environment. The superframe of IEEE 802.15.4 is used for the dynamic transmission method of real-time mixed traffic (periodic data, sporadic data, and non real-time message). By separating CFP and CAP properly, the periodic, sporadic, and non real-time messages are transmitted effectively and guarantee real-time transmission within a deadline. The simulation results show the improvement of real-time performance of periodic and sporadic data at the same time.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.3-8
• /
• 2014

Wireless Ad hoc Network is threatened from many types of attacks because of its open structure, dynamic topology and the absence of infrastructure. Attacks by malicious nodes inside the network destroy communication path and discard packet. The damage is quite large and detecting attacks are difficult. In this paper, we proposed attack detection technique using secure authentication infrastructure for efficient detection and prevention of internal attack nodes. Cluster structure is used in the proposed method so that each nodes act as a certificate authority and the public key is issued in cluster head through trust evaluation of nodes. Symmetric Key is shared for integrity of data between the nodes and the structure which adds authentication message to the RREQ packet is used. ns-2 simulator is used to evaluate performance of proposed method and excellent performance can be performed through the experiment.

• Journal of Korea Multimedia Society
• /
• v.15 no.8
• /
• pp.1048-1058
• /
• 2012

This paper proposes the DDMPF(Distributed Data Management Protocol using FAT) which prevents data loss and keeps the security of self-organized storages by comprising a client, a storage server, and a verification server in clouding environment. The DDMPF builds a self-organized storage server, solves data loss by decentralizing the partitioned data in it in contrast to the centralized problem and the data loss caused by the storage server problems of existing clouding storages, and improves the efficiency of distributed data management with FAT(File Allocation Table). And, the DDMPF improves the reliability of data by a verification server's verifying the data integrity of a storage server, and strengthens the security in double encryption with a client's private key and the system's master key using EC-DH algorithm. Additionally, the DDMPF limits the number of verification servers and detects the flooding attack by setting the TS(Time Stamp) for a verification request message and the replay attack by using the nonce value generated newly, whenever the verification is requested.

• Journal of KIISE:Software and Applications
• /
• v.32 no.10
• /
• pp.963-973
• /
• 2005

Increasing attention is being recently devoted to various problems inherent in the topological design of networks systems. The topological structure of these networks can be based on service centers, terminals (users), and connection cable. Lately, these network systems are well designed with tiber optic cable, because the requirements from users become increased. But considering the high cost of the fiber optic cable, it is more desirable that the network architecture is composed of a spanning tree. In this paper, we present a GA (Genetic Algorithm) for solving bicriteria network topology design problems of wide-band communication networks connected with fiber optic cable, considering the connection cost, average message delay, and the network reliability We also employ the $Pr\ddot{u}fer$ number (PN) and cluster string in order to represent chromosomes. Finally, we get some experiments in order to certify that the proposed GA is the more effective and efficient method in terms of the computation time as well as the Pareto optimality.