• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.72-83
• /
• 2006

It is not a practical solution that the DDoS attacks or worm propagations are protected and responded within a domain itself because it clogs access of legitimate users to share communication lines beyond the boundary a domain. Especially, the DDoS attacks with spoofed source address or with bogus packets that the destination addresses are changed randomly but has the valid source address does not allow us to identify access of legitimate users. We propose a scheme of distributed network security management to protect access of legitimate users from the DDoS attacks exploiting randomly spoofed source IP addresses and sending the bogus packets. We assume that Internet is divided into multiple domains and there exists one or more domain security manager in each domain, which is responsible for identifying hosts within the domain. The domain security manager forwards information regarding identified suspicious attack flows to neighboring managers and then verifies the attack upon receiving return messages from the neighboring managers. Through the experiment on a test-bed, the proposed scheme was verified to be able to maintain high detection accuracy and to enhance the. normal packet survival rate.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.12
• /
• pp.287-296
• /
• 2019

Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB - based IDS proposed in this paper, we constructed prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.363-373
• /
• 2010

The existing QoS mechanisms for video streaming are short of the consideration for various user environments and the characteristic of streaming applying programs. In order to overwhelm this problem, studies on the video streaming protocols exploiting scalable video coding (SVC), which provide spatial, temporal, and qualitative scalability in video coding, are progressing actively. However, these protocols also have the problem to deepen network congestion situation, and to lower fairness between other traffics, as they are not equipped with congestion control mechanisms. SVC based streaming protocols also have the problem to overlook the property of videos encoded in SVC, as the protocols transmit the streaming simply by extracting the bitstream which has the maximum bit rate within available bandwidth of a network. To solve these problems, this study suggests TCP-friendly network adaptive SVC streaming(T-NASS) protocol which considers both network status and SVC bitstream property. T-NASS protocol extracts the optimal SVC bitstream by calculating TCP-friendly transmission rate, and by perceiving the network status on the basis of packet loss rate and explicit congestion notification(ECN). Through the performance estimation using an ns-2 network simulator, this study identified T-NASS protocol extracts the optimal bitstream as it uses TCP-friendly transmission property and perceives the network status, and also identified the video image quality transmitted through T-NASS protocol is improved.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.317-326
• /
• 2010

Nowadays, transmission bandwidth for network traffic is increasing and the type is varied such as peer-to-peer (PZP), real-time video, and so on, because distributed computing environment is spread and various network-based applications are developed. However, as PZP traffic occupies much volume among Internet backbone traffics, transmission bandwidth and quality of service(QoS) of other network applications such as web, ftp, and real-time video cannot be guaranteed. In previous research, the port-based technique which checks well-known port number and the Deep Packet Inspection(DPI) technique which checks the payload of packets were suggested for solving the problem of the P2P traffics, however there were difficulties to apply those methods to detection of P2P traffics because P2P applications are not used well-known port number and payload of packets may be encrypted. A proposed algorithm for identifying P2P heavy traffics based on flow transport parameters and behavioral characteristics can solve the problem of the port-based technique and the DPI technique. The focus of this paper is to identify P2P heavy traffic flows rather than all P2P traffics. P2P traffics are consist of two steps i)searching the opposite peer which have some contents ii) downloading the contents from one or more peers. We define P2P flow patterns on these P2P applications' features and then implement the system to classify P2P heavy traffics.

• Journal of KIISE:Information Networking
• /
• v.29 no.4
• /
• pp.375-385
• /
• 2002

The IETF has defined the Intserv model and the RSVP signaling protocol to improve QoS capability for a set of newly emerging services including voice and video streams that require high transmission bandwidth and low delay. However, since the current Intserv model requires each router to maintain the states of each service flow, the complexity and the overhead for processing packets in each rioter drastically increase as the size of the network increases, giving rise to the scalability problem. This motivates our work; namely, we investigate and devise new control schemes to enhance the scalability of the Intesev model. To do this, we basically resort to the SCORE network model, extend it to fairly well adapt to the three services presented in the Intserv model, and devise schemes of the QoS scheduling, the admission control, and the edge and core node architectures. We also carry out the computer simulation by using ns-2 simulator to examine the performance of the proposed scheme in respects of the bandwidth allocation capability, the packet delay, and the packet delay variation. The results show that the proposed scheme meets the QoS requirements of the respective three services of Intserv model, thus we conclude that the proposed scheme enhances the scalability, while keeping the efficiency of the current Intserv model.

• Journal of KIISE:Information Networking
• /
• v.33 no.1
• /
• pp.76-90
• /
• 2006

Sensor network consists of a large number of sensor nodes that are densely deployed either inside the phenomenon or very close to it. The life time of each node in the sensor network significantly affects the life time of whole sensor network. A node which drained out its battery may incur the partition of whole network in some network topology The life time of each node depends on the battery capacity of each node. Therefore if all sensor nodes in the network live evenly long, the life time of the network will be longer. In this paper, we propose Cluster-Based Power-Efficient Routing (CBPER) Protocol which provides scalable and efficient data delivery to multiple mobile sinks. Previous r(luting protocols, such as Directed Diffusion and TTDD, need to flood many control packets to support multiple mobile sinks and many sources, causing nodes to consume their battery. In CBPER, we use the fact that sensor nodes are stationary and location-aware to construct and maintain the permanent grid structure, which makes nodes live longer by reducing the number of the flooding control packets. We have evaluated CBPER performance with TTDD. Our results show that CBPER is more power-efficient routing protocol than TTDD.

• Journal of The Korean Society For Urban Railway
• /
• v.6 no.4
• /
• pp.233-241
• /
• 2018

Recently, integrated railway safety monitoring and control system, which is a convergence system based on data distribution service for railway safety monitoring and control, is under development. It collects safety data of vehicle, signal, power and safety monitoring facilities in real time and adopts communication middleware based on distributed service for mass data processing. However, in the case of a server device used as an existing control server, the performance of the distributed service middleware can not be exhibited due to low hardware performance due to safety reasons. In the safety control system, 200,000 packets per second were set as the transmission target, but the performance test of the LAB was not satisfied. In this paper, we analyze the characteristics of railway data to improve the data collection performance of existing equipment and apply DDS-based streaming transmission method to the data model of signal facilities and vehicle facilities with large packet amount according to the analysis result. As a result, it was confirmed that the throughput was improved about 30.4 times when the hardware performance was the same. We plan to improve the data processing performance by applying it to real-time railway safety integrated monitoring and control system in the future.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.8
• /
• pp.974-985
• /
• 2016

Riverbed Modeler, which is a commercial packet-level discrete event simulator is used to model, design, and simulate complicated communication protocols and large-scale network. Riverbed Modeler got credit for its reliability in field of network simulation. In the MANET simulation environment using Riverbed Modeler, it is very complicated to add a new routing protocol into existing architecture of routing protocols because it is required lots of modifications of protocol recognition. In this paper, we propose Routing Adding Framework which can reduce errors or mistakes during modifying the existing routing support architecture. Routing Adding Framework is provided as a adapter API for protocol recognition. and it is only minimum modifications for protocol identifiers when a new routing protocol is added to the child process of manet_mgr process which manages routing protocols for IP layer. With Routing Adding Framework, we can reduce less than half modification. Then, we shows an example of implementation of a hybrid routing protocol AntHocNet using Routing Adding Framework, and we verify its design and application of the Routing Adding Framework by obtaining simulation result with similar result given by AntHocNet.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.9A
• /
• pp.737-748
• /
• 2005

Two flexible admission control schemes for integrated voice and stream-type data services are proposed in DS-CDMA systems. Most Previous studies on admission control have focused on integration of short, bursty Packet-type data services and conventional voice services. However, stream-type data services with a relatively long service holding time are expected to be a considerable portion of data traffic in future generation cellular systems. Scheme I is a basic scheme that accommodates both voice and data services with full bandwidth. However, voice services are given priority over data services using the duration difference between the holding times for these services. Scheme ll uses a different method to efficiently give priority to voice services over stream-type data services. An additional interference margin for voice services is provided by suppressing interference from stream-type data services according to voice access requests and a varying interference status. Performance of the two schemes is evaluated by developing Markovian models. Numerical results show that the voice capacity is highly sensitive to the service holding time of data services while the performance measures of data services are not highly sensitive. Scheme H is a significant improvement over Scheme I for accommodating voice and stream-type data services

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.9
• /
• pp.806-813
• /
• 2012

In a cloud computing environment, various solutions were introduced to provide the service to users such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and Desktop as a Service (DaaS). Nowadays, Mobile as a Service (MaaS) to provide the mobility in a cloud environment. In other words, users must have access to data and applications even when they are moving. Thus, to support the mobility to a mobile Thin-Client is the key factor. Related works to support the mobility for mobile devices were Mobile IPv6 and Proxy Mobile IPv6 which showed performance drawbacks such as packet loss during hand-over which could be very critical when collaborating with cloud computing environment. The proposed model in this paper deploys middleware and replica servers to support the data transmission among cloud and PMIPv6 domain. It supports efficient mobility during high-speed movement as well as high-density of mobile nodes in local mobility anchor. In this paper, through performance evaluation, the proposed scheme shows the cost comparison between previous PMIPv6 and verifies its significant efficiency.