• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.550-552
• /
• 2005

국내에는 많은 수의 네트워크 망 제공 업체로부터 고속 네트워크가 제공되고 있다. 이러한 네트워크 망에서 또한 많은 침입 탐지 시스템을 필요로 하고 있고 또한 많은 새로운 웜 바이러스의 출현에 따른 연구도 필요로 하고 있다. 그러나 현재 실정에 맞는 네트워크 데이터 셋이 구성되어 있지 않고 이러한 문제점으로 하여 정확한 침입 탐지 혹은 웜 바이러스의 효과적인 탐지와 차단에서 어려움이 있다. 이러한 문제를 해결하기 위해 본 논문에서는 실제 환경과 흡사한 데이터 셋 구성을 위한 방안에 대해서 제안 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.7-9
• /
• 2005

본 논문에서는 행위 기반의 침입 탐지와 탐지한 트래픽을 차단하는 기능을 갖는 시스템을 프로세스 기반 사건 중심 시뮬레이션 시스템인 SSFNet을 기반으로 구현하고, 다양한 시뮬레이션을 통해 구현된 시스템의 성능 및 실세계 반영 모습을 시뮬레이션 하였다. 제안된 시스템은 능동적인 패킷 분석을 통한 유해 트래픽을 구분하는 기능을 포항하고 있다. 시뮬레이션에서는 실제 사파이어 웜을 구현하여 시스템의 성능 검증을 하였으며, 기타 기본적인 네트워크 공격에 대한 행위도 구현 하여 시스템의 성능을 검증하였다.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2005.11a
• /
• pp.171-179
• /
• 2005

Computer virus modeling and simulation research has been conducted with focus on the network vulnerability analysis. However, computer virus generally shows the biological virus characters such as proliferation, reproduction and evolution. Therefore it is necessary to research the computer virus modeling and simulation using Artificial Life. The approach of computer modeling and simulation using the Artificial Life technology Provides the efficient analysis method for the effects on the network by computer virus and the behavioral mechanism of the computer virus. Hence this paper proposes the methodology of computer virus modeling and simulation using Artificial Life, which may be contribute the research on the computer virus vaccine.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.101-106
• /
• 2004

Recently, a network defense simulator becomes essential in studying cyber incidents because the cyber terror become more and more interesting. The network defense simulator is a tool to estimate damages and an effectiveness of a defense mechanism by modeling network intrusions and defense mechanisms. Using this tool, users can find efficient ways of preventing a cyber terror and recovering from the damage. Previous simulators start the simulation after entire scenario has made and been loaded to simulation engine. However, in this way it can't model human judgement and behavior, and it can't simulate the real cyber terror very well. In this paper, we have added a dynamic simulation component to our previous network security simulator. This component improved accurate modeling of network intrusions and defense behaviors. We have also proposed new modified architecture of the simulation system. Finally we have verified correct simulation results from stammer worn simulation.

• Journal of Korea Game Society
• /
• v.5 no.1
• /
• pp.41-44
• /
• 2005

This paper is model can be useful and capable of automatically collecting and classifying the various information about a wide range of security incidents such as hackings, worms, spyware, cyber-terror, network espionage and information warfare from firewall, IDS, VPN and so on. According to them Internet game and an automated/integrated computer emergency response system can perform an attack assessment and an early warning for any incidents based on Enterprise Security Management environment.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.41 no.4
• /
• pp.87-92
• /
• 2004

Digital halftoning is to quantize a grayscale image to binary image. The error diffusion halftoning generates high quality bilevel image. But that also has some defects such as warms effect, sharpening and etc. To reduce these defects, Kite proposed the modified threshold modulation that has a parameter to control sharpening. Nevertheless some degradation left near edges with large luminance change. In this paver, we propose a method to control the parameter in proportional to local edge magnitude. The results of computer simulation show more reductions of the sharpening in the halftone image. Especially there are great improvement of quality near edges with large luminance change.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2003.06a
• /
• pp.1861-1864
• /
• 2003

The objective of this study is to suggest the form rolling technology to produce high precision worm. Rack dies and roll dies are usually used to roll parts with worm teeth. The form roiling processes of worm shaft used as automotive part using the rack dies of counter flow type and the roll dies are considered and simulated by the commercial finite element code, DEFORM-3D. It is also important to determine the initial blank diameter in form rolling because it affects the quality of thread. The calculation method of the initial blank diameter in form rolling is suggested and it is verified by FE-simulation. The experiments using rack dies and roll dies are performed under the same conditions as those of simulation. The results of simulation and experiment in this study show that the from rolling process of worm shaft using the rack dies is decidedly superior to that using rolling dies from the aspect of the surface roughness and the profile of worm.

• Journal of the Korean Society for Precision Engineering
• /
• v.21 no.10
• /
• pp.57-64
• /
• 2004

The objective of this study is to suggest the form rolling technology to produce high precision worm on the base of three dimensional finite element simulation and experiment. It is important to determine the initial workpiece diameter in form rolling because it affects the quality of tooth profile. The calculation method of the initial workpiece diameter in form rolling is suggested and it is verified by finite element simulation. The form rolling processes of worm shaft used as automotive part using both the rack dies of counter flow type and the roll dies are considered and simulated with the same numerical model as actual process by the commercial finite element code, BEFORM-3D. Deformation modes of workpiece between the form rolling by the rack dies of counter flow type and the roll dies are investigated from the result of simulation. The experiments using rack dies and roll dies are performed under the same conditions as those of simulation. The surface roughness, the straightness and the profile of worm are measured precisely using the worm shafts obtained from experiment. The results of simulation and experiment in this study show that the form rolling process of worn shaft using the rack dies is decidedly superior to that using roll dies from the aspect of the precision of worm such as the surface roughness, the straightness and the profile of worm.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.855-864
• /
• 2005

In this paper, we propose an intrusion detection system(IDS) architecture which can detect and respond against the generation of abnormal traffic such as malicious code and Internet worms. We model the system, design and implement a simulator using OPNET Modeller, for the performance analysis on the response capacity of alert information in the proposed system. At first, we model the arrival process of alert information resulted from abnormal traffic. In order to model the situation in which alert information is intensively produced, we apply the IBP(Interrupted Bernoulli Process) which may represent well the burstiness of traffic. Then we perform the simulation in order to gain some quantitative understanding of the system for our performance parameters. Based on the results of the performance analysis, we analyze factors which may hinder in accelerating the speed of security node, and would like to present some methods to enhance performance.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.3
• /
• pp.178-192
• /
• 2006

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Stammer. In this paper, we propose microarchitectural techniques that can detect and recover from such malicious code attacks. The idea is that the buffer overflow attacks usually exhibit abnormal behaviors in the system. This kind of unusual signs can be easily detected by checking the safety of memory references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the safety guards are negligible. In addition, we propose a more aggressive technique called corruption recovery buffer (CRB), which can further increase the level of security. Combined with the safety guards, the CRB can be used to save suspicious writes made by an attack and can restore the original architecture state before the attack. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed microarchitectural techniques. Experimental data shows that enforcing a single safety guard can reduce the number of system failures substantially by protecting the stack against return address corruptions made by the attacks. Furthermore, a small 1KB CRB can nullify additional data corruptions made by stack smashing attacks with only less than 2% performance penalty.