• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.24 no.12B
• /
• pp.2320-2334
• /
• 1999

In this paper, we propose multiple IS-MMBS service schemes for very low power and micro-size RMIMS (radio-interfaced micro information monitoring system) terminals. In MMBS service area, when new arrival RMIMS terminals have real-time traffic characteristic or large traffic bandwidth, only single IS-MMBS service scheme can not guarantee RMIMS terminal's QoS(quality of service) such as buffer overflow or packet loss. In this case, the proposed multiple IS-MMBS service schemes can be effectively used for QoS service of RMIMS terminal. According to clustering method of RMIMS terminals and MMBS segment method, the proposed schemes can be divided into terminal segment method, region segment method, application based segment method, traffic type based segment method, overlapping segment method and hybrid segment method

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.4C
• /
• pp.308-315
• /
• 2002

Guaranteed frame rate (GFR) service has been defied to provide minimum cell rate (MCR) guarantees for virtual connections (VCs) carrying Internet traffic in ATM networks and allow them to fairly share residual bandwidth. The simplest switch implementation mechanism to support the GFR service in ATM networks consists of the frame-based generic cell rate algorithm (F-GCRA) frame classifier and the early packet discard (EPD)-like buffer acceptance algorithm in a single FIFO buffer. This mechanism is simple, but has foiled to guarantee the same bandwidth as an MCR to a VC that has reserved a relatively large MCR. This paper applies the packet spacing scheme to TCP traffic to alleviate its burstness, so as to guarantee a larger MCR to a VC. In addition, the random early detection (RED) scheme is added to the buffer acceptance algorithm in order to improve fairness in use of residual bandwidth. Simulation results show that the applied two schemes improve a quality of service (QoS) in the GFR service for the TCP traffic.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.717-726
• /
• 2003

In this paper, we analyze the associated rule based deductive algorithm which creates the rules automatically for intrusion detection from the vast packet data. Based on the result, we also suggest the deductive algorithm which creates the rules of intrusion pattern fast in order to apply the intrusion detection systems. The deductive algorithm proposed is designed suitable to the concept of clustering which classifies and deletes the large data. This algorithm has direct relation with the method of pattern generation and analyzing module of the intrusion detection system. This can also extend the appication range and increase the detection speed of exiting intrusion detection system as the rule database is constructed for the pattern management of the intrusion detection system. The proposed pattern generation technique of the deductive algorithm is used to the algorithm is used to the algorithm which can be changed by the supporting rate of the data created from the intrusion detection system. Fanally, we analyze the possibility of the speed improvement of the rule generation with the algorithm simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.35-45
• /
• 2004

In explosively increasing internet environments, information security is one of the most important consideration. Nowadays, various security solutions are used as such problems countermeasure; IDS, Firewall and VPN. However, basically internet has much vulnerability of protocol itself. Specially, it is possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledge number, timestamp and so on. In this Paper, we focus cm the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, we used Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using Support Vector Machine.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.97-105
• /
• 2008

The various mutations of the malicious codes are fast generated on the network. Also the behaviors of them become intelligent and the damage becomes larger step by step. In this paper, we suggest the method to select the useful measures for the detection of the codes. The method has the advantage of shortening the detection time by using header data without payloads and uses connection data that are composed of TCP/IP packets, and much information of each connection makes use of the measures. A naive estimator is applied to the probability distribution that are calculated by the histogram estimator to select the specific measures among 80 measures for the useful detection. The useful measures are then selected by using relative entropy. This method solves the problem that is to misclassify the measure values. We present the usefulness of the proposed method through the result of the detection experiment using the detection patterns based on the selected measures.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.729-732
• /
• 2010

통신망의 발달로 다양한 인터넷 기반 기술들이 등장함에 따라 현재는 데이터뿐만 아닌 음성에 대한 부분도 IP 네트워크를 통해 전송하려는 움직임이 발판이 되어 VoIP(Voice Over Internet Protocol)라는 기술이 등장하였다. SIP(Session Initiation Protocol) 프로토콜 기반 VoIP 서비스는 통신 절감 효과가 큰 장점과 동시에 다양한 부가서비스를 제공하여 사용자 수가 급증하고 있다. VoIP 서비스는 호(Call)를 제어하기 위해 SIP 기반으로 구성이 되며, SIP 프로토콜은 IP 망을 이용하여 다양한 음성과 멀티미디어 서비스를 제공하게 되는데 IP 프로토콜에서 발생하는 인터넷 보안 취약점을 그대로 동반하기 때문에 DoS(Denial of Service) 및 DDoS(Distribute Denial of Service)에 취약한 성향을 가지고 있다. DDoS 공격은 단시간 내에 대량의 패킷을 타깃 호스트 또는 네트워크에 전송하여 네트워크 접속 및 서비스 기능을 정상적으로 작동하지 못하게 하거나 시스템의 고장을 유도하게 된다. 인터넷 기반 생활이 일상화 되어 있는 현 시점에서 안전한 네트워크 환경을 만들기 위해 DDoS 공격에 대한 대응 방안이 시급한 시점이다. DDoS 공격에 대한 탐지는 매우 어렵기 때문에 근본적인 대책 마련에 대한 연구가 필요하며, 정상적인 트래픽 및 악의적인 트래픽에 대한 탐지 시스템 개발이 절실히 요구되는 사항이다. 본 논문에서는 SIP 프로토콜 및 공격기법에 대해 조사하고, DoS와 DDoS 공격에 대한 특성 및 종류에 대해 조사하였으며, SIP를 이용한 VoIP 서비스에서 IP 분류와 메시지 중복 검열을 통한 DDoS 공격 탐지기법을 제안한다.

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.351-358
• /
• 2008

Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems(IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network environment. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. Secondly, we use a machine learning approach based on a Support Vector Machine(SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB data sets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.

• Journal of Korean Society of Transportation
• /
• v.33 no.3
• /
• pp.284-293
• /
• 2015

The objective of this paper is to determine the conditions of road surface by utilizing the images collected from closed-circuit television (CCTV) cameras installed on roadside. First, a technique was examined to detect wet surfaces at nighttime. From the literature reviews, it was revealed that image processing using polarization is one of the preferred options. However, it is hard to use the polarization characteristics of road surface images at nighttime because of irregular or no light situations. In this study, we proposes a new discriminant for detecting wet and dry road surfaces using CCTV image data at night. To detect the road surface conditions with night vision, we applied the wavelet packet transform for analyzing road surface textures. Additionally, to apply the luminance feature of night CCTV images, we set the intensity histogram based on HSI(Hue Saturation Intensity) color model. With a set of 200 images taken from the field, we constructed a detection criteria hyperplane with SVM (Support Vector Machine). We conducted field tests to verify the detection ability of the wet road surfaces and obtained reliable results. The outcome of this study is also expected to be used for monitoring road surfaces to improve safety.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.45 no.1
• /
• pp.14-26
• /
• 2008

IP over Ethernet technology widely used as Internet access uses the ARP(Address Resolution Protocol) that translates an ip address to the corresponding MAC address. recently, there are ARP security attacks that intentionally modify the IP address and its corresponding MAC address, utilizing various tools like "snoopspy". Since ARP attacks can redirect packets to different MAC address other than destination, attackers can eavesdrop packets, change their contents, or hijack the connection. Because the ARP attack is performed at data link layer, it can not be protected by security mechanisms such as Secure Shell(SSH) or Secure Sockets Layer(SSL). Thus, in this paper, we classify the ARP attack into downstream ARP spoofing attack and upstream ARP redirection attack, and propose a new security mechanism using DHCP information for acquisition of IP address. We propose a "DHCP snoop mechanism" or "DHCP sniffing/inspection mechanism" for ARP spoofing attack, and a "static binding mechanism" for ARP redirection attack. The proposed security mechanisms for ARP attacks can be widely used to reinforce the security of the next generation internet access networks including BcN.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.1
• /
• pp.1-12
• /
• 2004

In this paper, we take advantage of the characteristics of optical burst switching (OBS) to support service-differentiation in optical networks. With the offset time between control packet and burst data, the proposed scheme uses different offset time of each service class. As contrasted with the Previous method, in which the high Priority service use only long offset time, it derives the burst loss rate as a QoS parameter in consideration of conservation law and given service-differential ratios and decides a reasonable offset time for this QoS finally Firstly proposed method classifies services into one of high or low class and is an algorithm deciding the offset time for supporting the required QoS of high class. In order to consider the multi-classes environment, we expand the analysis method of first algorithm and propose the second algorithm. It divides services into one of high or low group according to their burst loss rate and decides the offset time for high group, and lastly cumulates the offset time of each class. The proposed algorithms are evaluated through simulation. The result of simulation is compared with that of analysis to verify the proposed scheme.