• Journal of KIISE:Information Networking
• /
• v.34 no.4
• /
• pp.246-255
• /
• 2007

Due to the bandwidth-consuming characteristics of the heavy-hitter P2P applications, it has become critical to have the capability of pinpointing and mitigating P2P traffic. Traditional port-based classification scheme is no more adequate for this purpose because of newer P2P applications, which incorporating port-hopping techniques or disguising themselves as HTTP-based Internet disk services. Alternatively, packet filtering scheme based on payload signatures suggests more practical and accurate solution for this problem. Moreover, it can be easily deployed on existing IDSes. However, it is significantly difficult to maintain up-to-date signatures of P2P applications. Hence, the automatic signature generation method is essential and will be useful for successful signature-based traffic identification. In this paper, we suggest an automatic signature generation method for Internet disk P2P applications and provide an experimental results on CNU campus network.

• Journal of the Korean Institute of Telematics and Electronics C
• /
• v.35C no.3
• /
• pp.32-45
• /
• 1998

A partitioned signature file is an enhancement of the signature file that divides all the signatures into blocks in such a way that each block contains the signatures with the same key. Its directory storesall the keys as meta information for avoiding unnecessary block accesses by examming them first before the acture searching of the blocks.. Efficient directory management is very important in large databasse environments since ist size gets larger proportionally to that of the database. In this paper, we first point out the problems in the directory management methods of the previous partitioned signature files, and then present a new one solving them. OUr method offers good features in the followint three aspects: (1) suitability for large database environments, (2) adaptability to dynamic situations, and (3) storage overhead for the directory. Moreover, we can seamlessly integrate it as a subcomponent into previously-developed general-purpose storage engines. These features show that our method is applicableto signature-based access structures for the content-based retrieval in various multimedia applications such as hypermedia systems, digital library systems, multimedia document systems, multimedia mailing systems, and so on.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.748-757
• /
• 2002

Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.