• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.6
• /
• pp.179-188
• /
• 2014

Due to the tremendous amount and its rapid increase of network traffic, the performance of network equipments are becoming an important issue. Network filtering is one of primary functions affecting the performance of the network equipment such as a firewall or a load balancer to process the packet. In this paper, we propose a cache based tri method to improve the performance of the existing tri method of searching for network filtering. When several packets are exchanged at a time between a server and a client, the tri method repeats the same search procedure for network filtering. However, the proposed method can avoid unnecessary repetition of search procedure by exploiting cache so that the performance of network filtering can be improved. We performed network filtering experiments for the existing method and the proposed method. Experimental results showed that the proposed method could process more packets up to 790,000 per second than the existing method. When the size of cache list is 11, the proposed method showed the most outstanding performance improvement (18.08%) with respect to memory usage increase (7.75%).

• The KIPS Transactions:PartA
• /
• v.13A no.2 s.99
• /
• pp.147-156
• /
• 2006

Recently, streaming service accounts for large part of internet traffic and it is becoming the most popular service. Because of P2P's scalability, P2P-based streaming system is proposed. There are frequent leave and join of a node. To overcome the group dynamics, Multiple Multicast Trees Methods were suggested. However, since they did not consider discrepancy in peers' capacity, it may cause the trees to be long and unstable. So we suggest Resilient Capacity-Aware Multicast Tree construction scheme (R-CAT) that promotes superior peer to upper position in the tree and construct more stable and short multicast trees. By simulation we can show that R-CAT cost more overhead packets for tree joining process, but it reduce the end-to-end delay of the resulting tree and the number of packets lost during the node joining and leaving processes much more than SplitStream.

• The Journal of the Korea Contents Association
• /
• v.3 no.2
• /
• pp.65-72
• /
• 2003

In this paper, the new scheme using a Combined Cache(CC) that combing the Paging and Routing Cache(PRC) and an alternative handoff method according to the type of data transmission for achieving the efficient realtime communication. The PRC and quasi-soft handoff method reduce the path duplication. But they increase the network traffic load because of the handoff state packet of Mobile Host(MH). Moreover the use the same handoff method without differentiating the type of transmission data. Those problems are solved by operating U with a semi-soft handoff method for realtime data transmission and with a hard handoff method for non-realtime data transmission. As a result or simulation a better performance is obtained because of the reduction of the number of control packet in case that the number of cells are below 20. And the packet arrival time and loss of packet decreased significantly for realtime data transmission.

• Journal of Digital Convergence
• /
• v.19 no.9
• /
• pp.463-468
• /
• 2021

Although the IoT is showing explosive growth due to the development of technology and the spread of IoT devices and activation of services, serious security risks and financial damage are occurring due to the activities of various botnets. Therefore, it is important to accurately and quickly detect the activities of these botnets. As security in the IoT environment has characteristics that require operation with minimum processing performance and memory, in this paper, the minimum characteristics for detection are selected, and KNN (K-Nearest Neighbor), Naïve Bayes, Decision Tree, Random A comparative study was conducted on the performance of machine learning algorithms such as Forest to detect botnet activity. Experimental results using the Bot-IoT dataset showed that KNN can detect DDoS, DoS, and Reconnaissance attacks most effectively and efficiently among the applied machine learning algorithms.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.2
• /
• pp.1-7
• /
• 2019

Recently, multimedia streaming service has been activated, and the demand for high-quality multimedia convergence contents services is predicted to increase significantly in the future. The issues of the increasing network load due to the rise of multimedia streaming traffic must be addressed in order to provide QoS guaranteed services. To do this, an efficient network resource management and mobility support technologies are needed through seamless mobility support for heterogeneous networks. Therefore, in this paper, an MIH technology was used to recognize the network situation information in advance and reduce packet loss due to handover delays, and an ACLMIH-FHPMIPv6 is designed that can provide an intelligent interface through introducing a hierarchical mobility management technique in FPMIPv6 integrated network.

• Journal of the Korea Convergence Society
• /
• v.10 no.5
• /
• pp.35-42
• /
• 2019

Recently, as the Internet and various wearable devices have appeared, Internet technology has contributed to obtaining more convenient information and doing business. However, as the internet is used in various parts, the attack surface points that are exposed to attacks are increasing, Attempts to invade networks aimed at taking unfair advantage, such as cyber terrorism, are also increasing. In this paper, we propose a feature selection method to improve the classification performance of the class to classify the abnormal behavior in the network traffic. The UNSW-NB15 dataset has a rare class imbalance problem with relatively few instances compared to other classes, and an undersampling method is used to eliminate it. We use the SVM, k-NN, and decision tree algorithms and extract a subset of combinations with superior detection accuracy and RMSE through training and verification. The subset has recall values of more than 98% through the wrapper based experiments and the DT_PSO showed the best performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.173-186
• /
• 2003

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive dating. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a 'advanced ICW Traceback' mechanism, which is based on the modified pushback system with secure router mechanism. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source, by which we can diminish network overload and enhance Traceback performance.

• The Journal of the Korea Contents Association
• /
• v.22 no.6
• /
• pp.135-144
• /
• 2022

This study explores that how the logic of network power in the existing digital content distribution structure works against local media. The limitless citation of local media content, in particular, is becoming more common in order to profit from network traffic while not giving appropriate remuneration for local media content. This study tried to demonstrate how network media dominance alienates local media material by using YouTube network analysis of TV Maile Shinmun. According to the research result, it was found that major news media tends to take profits from the local media interview by not properly indicating the source video, or reporting the core content of the local media interview, making it unnecessary to look for the original video source. Despite the viewpoint that the digital environment presents opportunities for local media, the current network logic would not benefit local media, which calls for the need that the digital content distribution strategy of local media develops a new order such as NFT, one of blockchain-based monetary system.h the help of information technology.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.2
• /
• pp.47-52
• /
• 2023

Mobile Edge Computing(MEC) is considered as a promising technology to effectively support the explosively increasing traffic demands. It can provide low-latency services and reduce network traffic by caching contents at the edge of networks such as Base Station(BS). Although users may associate with the nearest BSs, it is more beneficial to associate users to the BS where the requested content is cached to reduce content download latency. Therefore, in this paper, we propose a mobility-aware joint caching and user association algorithm to imporve the cache hit ratio. In particular, the proposed algorithm performs caching and user association based on sojourn time and content preferences. Simulation results show that the proposed scheme improves the performance in terms of cache hit ratio and latency as compared with existing schemes.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.108-110
• /
• 2021

Since 2015, attacks using the IoT protocol have been continuously reported. Among various IoT protocols, attackers attempt DDoS attacks using SSDP(Simple Service Discovery Protocol), and as statistics of cyber shelters, Korea has about 1 million open SSDP servers. Vulnerable SSDP servers connected to the Internet can generate more than 50Gb of traffic and the risk of attack increases gradually. Until recently, distributed denial of service attacks and distributed reflective denial of service attacks have been a security issue. Accordingly, the purpose of this study is to analyze the request packet of the existing SSDP protocol to identify an amplification attack and to avoid a response when an amplification attack is suspected, thereby preventing network load due to the occurrence of a large number of response packets due to the role of traffic reflection amplification.