• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.157-162
• /
• 2004

Recently, the growth of information infrastructure is getting fatter and faster. At the same time, the security accidents are increasing together. We have problem that do not handle traffic because we have the Intrusion Detection Systems in low speed environment. In order to overcome this, we need effective security analysis techniques that ran Processed data of high-capacity because high speed network environment. In this paper we proposed the Gigabit Intrusion Detection System for coordinated security function such as intrusion detection, response on the high speed network. We suggested the detection mechanism in high speed network environment that have pattern matching function based packet header and based packet data that is proceeded in system kernel area, we are shown that this mechanism was excellent until maximum 20 times than existing system in traffic processing performance.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.4
• /
• pp.81-93
• /
• 2012

We propose efficient mobility management schemes based on pointer forwarding for Proxy Mobile IPv6 Networks(PMIPv6) with the objective to reduce the overall network traffic incurred by mobility management and packet delivery. The proposed schemes are per-user-based, i.e., the optimal threshold of the forwarding chain length that minimizes the overall network traffic is dynamically determined for each individual mobile user, based on the user's specific mobility and service patterns. We demonstrate that there exists an optimal threshold of the forwarding chain length, given a set of parameters characterizing the specific mobility and service patterns of a mobile user. We also demonstrate that our schemes yield significantly better performance than schemes that apply a static threshold to all mobile users. A comparative analysis shows that our pointer forwarding schemes outperform routing-based mobility management protocols for PMIPv6.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.11
• /
• pp.3479-3489
• /
• 2000

Most of the study on fairness control method for Distributed-Queue Dual-Bus(DQDB) have been performed under specific load types such as equal probability load types or symmetric load types. On Web-based internet enviroments client-server load types are more practical traffic patlerns than specrfic load types. In this paper, an effiective fairness control method to distribute DQDR network bandwidth fairly to all stations under a client-server load is proposed. In order to implement a dynamic bandwidth timing capabihty needed to distribute the bandwidth fairty at heavy loads, the proposed method uses two pararnetexs, one is an access hrnit to legulate each station's packet transmission and the other is the number of extra emply slots that are yielded to downstream stations. In point of implementation this mechanism is simpler and easier than Bandwidth Tuning Mechanism(BTM) that uses an intermediate pattern and an adptation function. Simulation results show that it outperforms othen mecharusms.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.5
• /
• pp.794-804
• /
• 2018

Various applications running in computers exchange information in the form of packets through the network. Most packets are formatted into UDP/IP or TCP/IP standard. Network management administrators of enterprises and organizations should be able to monitor and manage packets transmitted over the network for Internet traffic measurement & monitoring, network security, and so on. The goal of this paper is to analyze the performance of several algorithms which closely examine and analyze payloads in a DPI(Deep Packet Inspection) system. The main procedure of packet payload analysis is to quickly search for a specific pattern in a payload. In this paper, we introduce several algorithms which detect a specific pattern in payloads, analyze the performance of them from three perspectives, and suggest an application method suitable for requirements of a given DPI system.

• Review of KIISC
• /
• v.20 no.6
• /
• pp.73-87
• /
• 2010

정신한은행은 '10년 1 월부터 6월까지 약 6개월 동안 "위험관리 기반의 침해사고 조기 대응체계 구축" 프로젝트를 수행하여 침해 시도 조기 탐지 및 대응을 위한 "침해사고 조기 경보 시스템" 및 "침해 사고 대응 프로세스 전산화"와 침해 사고의 사전 예방 강화를 위한 "정보시스템 상시 취약점 점검 체계"를 모두 하나의 프레임웍으로 묶어 통합 구축하였다. 신한은행은 이를 통해 내부망 및 인터넷 서비스망에 대해서 이마 알려진 네트웍 침입 패턴뿐만 아니라 네트웍 트래픽 전반에 대한 모니터링을 대폭 강화하여 기존 침입탐지 시스템이나 디도스 대응 시스템 등에서 탐지가 불가능했던 신종 침입 유형이나 소규모 디도스 공격 트래픽도 자동화된 탐지가 가능하게 되었다. 그리고 탐지된 침입시도의 유행 및 위험 수준에 따라서 사전 정의된 침해사고 대응 프로세스를 통해, 정보보안 담당자가 관련 부서 및 경영진의 요구사항에 각각 최적화된 전용 상황 모니터링 화면을 공유하며 침해사고를 효과적으로 공동 대응할 수 있게 되었다. 또한 정보시스템 전반에 대하여 상시 취약점 점검을 실시하고 그 점검 결과를 데이터베이스로 구축하고 정보시스템의 위험 수준에 따른 체계화된 대응 방안을 수립할 수 있게 되었다. 신한은행은 금번 구축된 시스템을 정보보안 영역 전반으로 확대하여 동일 프레임웍에서 위험관리 기반의 내부 정보 유출 체계를 구축하고, 향후 그룹사에도 확대 적용하여 전체 그룹사의 보안 수준을 제고하는 데 활용할 계획이다. * 금번 구축 사례에서 소개된 침해사고 조기 대응체계는 구축 완료 시점에 사내 명칭 공모를 통해 "Ageis"로 선정되었으며, 본 사례에서도 전체 시스템을 가리킬 때 Ageis로 지칭한다. Aegis는 그라스 신화에서 Zeus 신이 딸 Athena 신에게 주었다는 방패로서 보호, 후원, 지도 등의 뜻을 가지며, 이지스 또는 아이기스 라고 발음된다.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.11
• /
• pp.1373-1382
• /
• 2001

Traditionally, Mobile Teletraffic model consists of two sub-models, i.e. the network traffic model and the traffic source model. In this paper, we present the traffic source model by developing MobCall(Mobile Call Simulator) which analyses various mobile wireless environments based on regional characteristics that the base stations are located. User mobility is presented by regional average vehicle speeds and the transportation share rate. Moreover, the user mobility on subway, which is increasing in urban area, is considered in MobCall. Using MobCall, the accumulated number of calls in residential and commercial regions, the handoff rate with respect to traffic sources of Seoul, the handoff rate on highway, and the handoff rate according to the call duration are presented. MobCall enables the simulation of dynamic handoff buffering and functional entity control of one base station according to the changes in user's calling pattern at the design phase.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.77-84
• /
• 2012

The control network has been operated in a closed. But it changes to open to external for business convenience and cooperation with several organizations. As the way of connecting with user extends, the risk of control network gets high. Thus, in this paper, proposed the technique of an anomalous event detection using white-list for control network security and minimizing the cyber threats. The proposed method can be collected and cataloged of only normal data from traffic of internal network, control network and field devices. Through way to check the this situation, we can separate normal and abnormal behavior.

• 한국정보통신설비학회:학술대회논문집
• /
• 2004.08a
• /
• pp.273-277
• /
• 2004

서울대학교와 KT는 연구 환경 조성과 U-Campus 시범 구축을 위해서 산학협력 협약을 하고, 서울대학교에 NESPOT 시설을 구축하였다. 본 논문은 서울대학교 내의 NESPOT 이용자들의 NESPOT 서비스 이용 패턴 및 무선랜의 트래픽 특성을 분석하기 위한 시스템의 설계와 구현에 대한 내용을 다룬다. NESPOT 트래픽 특성을 분석하기 위한 시스템은 TCPDUMP를 이용하여 백본 라우터로부터 네트워크 전체에 대한 정보를 획득하고, SNMP (Simple Network management Protocol)을 통해 AP로부터 무선랜 관련 정보를 얻는다. 그리고, NESPOT 사용자의 단말에 관련된 보다 구체적인 정보를 얻기 위해서 TIS (Terminal Information System)을 개발하였다.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.1-8
• /
• 2003

In this paper. we develop an analytical model to evaluate the virtual topology reconfiguration phase of optical Internet networks. To counter the continual approximation problem brought by traditional heuristic approach, we take the traffic prediction into consideration and propose a new heuristic reconfiguration algorithm called Prediction based Multi-stage Reconfiguration approach. We then use this analytical model to study the different configuration operation policies in response to the changing traffic patterns in the higher layer and the congestion level on the virtual topology. This algorithm persists to decide the optimal instant of reconfiguration easily based on the network state. Simulation results show that our virtual topology management Policy significantly outperforms the conventional one, while the required physical resources are limited.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.203-205
• /
• 2022

As digital transformation and remote work environment advanced by Covid-19 become more common, the scale of leakage damage to industrial secrets and personal information caused by information leakage attacks is increasing. Recently, advanced and persistent information leakage attacks have become a serious security threat because they do not quickly leak large amounts of information, but continuously leak small amounts of information over a long period of time. In this study, we propose a framework for detecting advanced and persistent information leakage attacks based on traffic characteristics. The proposed method can effectively detect advanced and persistent information leakage attacks using traffic patterns, packet sizes, and metadata, even if the payload is encrypted.