• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.1501-1504
• /
• 2001

MPEG-4 비디오 스트림을 전송하기 위해 RTP 프로토콜을 사용할 경우 RTP 패킷에 MPEG-4 비디오 스트림을 수용하기에 적절한 페이로드 포맷이 정의되어야 한다. RTP 페이로드에 MPEG-4 비디오 스트림을 수용하기 위한 기존의 방법은 MPEG-4 코덱으로부터 생성된 비디오 스트림의 형태에 따라 많은 종류의 페이로드 포맷이 정의되어야 하는 문제점이 있거나, 혹은 각 계층에서 생성된 스트림을 (in 패킷화하는 방법이 명료하지 않은 문제점 등이 있다. 이 논문에서는 MPEG-4 시스템을 사용 하지 않고, MPEG-4 비디오 기초스트림을 RTP 패킷에 담아 전송하기 위한 새로운 RTP 페이로드 포맷을 제안하였고, 제안된 포맷을 이용하여 MPEG-4 비디오를 전송하는 시스템을 설계 및 구현하였다. 제안된 RTP 페이로드 포맷은 비디오 객체(Video Object)에 대한 RTP 페이로드 포맷만을 정의하여 포맷의 종류를 최소화함으로써 포맷의 종류가 많아짐으로해서 생기는 부가적인 오버헤드를 감소시켰으며, 또한 하나의 RTP 패킷에는 단 하나의 비디오 객체에 대한 정보만을 저장하여 비디오 객체간의 독립성을 유지하였다. 제안된 포맷을 이용하여 구현된 MPEG가 비디오 전송시스템은 RTP 패킷의 크기를 pad-MTU와 같거나 작게 설계함으로써, IP 계층에서 RTP패킷의 단편화 현상이 발생하지 않고 효율적인 전송이 이루어지도록 하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.5
• /
• pp.794-804
• /
• 2018

Various applications running in computers exchange information in the form of packets through the network. Most packets are formatted into UDP/IP or TCP/IP standard. Network management administrators of enterprises and organizations should be able to monitor and manage packets transmitted over the network for Internet traffic measurement & monitoring, network security, and so on. The goal of this paper is to analyze the performance of several algorithms which closely examine and analyze payloads in a DPI(Deep Packet Inspection) system. The main procedure of packet payload analysis is to quickly search for a specific pattern in a payload. In this paper, we introduce several algorithms which detect a specific pattern in payloads, analyze the performance of them from three perspectives, and suggest an application method suitable for requirements of a given DPI system.

• Journal of Korea Multimedia Society
• /
• v.9 no.2
• /
• pp.197-207
• /
• 2006

When the latency of a flow in a fair packet scheduler, which is determined by its rate, violates its required delay bound, the scheduler should reduce the latency with even raising the rate being reserved for the flow. The excessively reserved rate win enforce some outgoing link bandwidth be lost. This loss can not be, unfortunately, evaluated by the three metrics of latency, fairness and implementation complexity used in previous works. This paper is aimed to first introduce the metric of bandwidth utilization to investigate the bandwidth loss in a scheduler and then evaluate the timestamp based schedulers in terms of the bandwidth and payload utilizations. The results show that the bandwidth utilization increases with loosing the required delay bound and, in particular, schedulers with the latency property of WFQ have much better payload utilization by up to 50% than that in the SCFQ one.

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.503-510
• /
• 2005

With the increasing importance of network protection from cyber threats, it is requested to develop a multi-gigabit rate pattern matching method for protecting against malicious attacks in high-speed network. This paper devises a high-speed pattern matching algorithm with TCAM by using an m-byte jumping window pattern matching scheme. The proposed algorithm significantly reduces the number of TCAM lookups per payload by m times with the marginally enlarged TCAM size which can be implemented by cascading multiple TCAMs. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload. It is shown by simulation that for the Snort nile with 2,247 patterns, our proposed algorithm supports more than 10 Gbps rate with a 9Mbit TCAM.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• The KIPS Transactions:PartC
• /
• v.13C no.2 s.105
• /
• pp.203-210
• /
• 2006

Fair packet scheduling algorithms supporting quality-of-services of real-time multimedia applications can be classified into the following two design schemes in terms of the reference time used in calculating the timestamp of arriving packet: Finish-time Design (FD) and Start-time Design (SD) schemes. Since the former can adjust the latency of a flow with raising the flow's reserved rate, it has been applied to a router for the guaranteed service of the IETF (Internet Engineering Task Force) IntServ model. However, the FD scheme may incur severe bandwidth loss for traffic flows requiring low-rate but strong delay bound such as internet phone. In order to verify the usefulness of the SD scheme based router for the IETF guaranteed service, this paper analyzes and compares two design schemes in terms of bandwidth and payload utilizations. It is analytically proved that the SD scheme is better bandwidth utilization than the FD one, and the simulation result shows that the SD scheme gives better payload utilization by up to 20%.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.81-87
• /
• 2023

Intrusion detection systems that learn metadata of network packets have been proposed recently. However these approaches require time to analyze packets to generate metadata for model learning, and time to pre-process metadata before learning. In addition, models that have learned specific metadata cannot detect intrusion by using original packets flowing into the network as they are. To address the problem, this paper propose a natural language processing-based intrusion detection system that detects intrusions by learning the packet payload as a single sentence without an additional conversion process. To verify the performance of our approach, we utilized the UNSW-NB15 and Transformer models. First, the PCAP files of the dataset were labeled, and then two Transformer (BERT, DistilBERT) models were trained directly in the form of sentences to analyze the detection performance. The experimental results showed that the binary classification accuracy was 99.03% and 99.05%, respectively, which is similar or superior to the detection performance of the techniques proposed in previous studies. Multi-class classification showed better performance with 86.63% and 86.36%, respectively.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.10
• /
• pp.79-88
• /
• 2003

We demonstrate a novel all-optical packet switching system that is suitable for optical ring networks. For the demonstration, video signals are encoded into optical packets which are composed of header and payload. The optical packets are all-optically processed at a switching node based on all-optical header processor, packet-level clock extraction, bit-level clock extraction, all-optical data format converter and so on.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.477-482
• /
• 2007

최근 다양한 P2P 프로그램을 많이 사용함에 따라 네트워크에서 생겨나는 트래픽의 상당 부분이 P2P가 발생시키는 트래픽으로 이미 HTTP, FTP의 양을 훨씬 뛰어넘고 있다. 현재 인터넷 환경에서 방화벽을 통과하기 위해 포트번호를 변경하여 통신을 하는 새로운 P2P응용들의 행동들은 전통적인 well-known port 기반의 응용프로그램을 구분하는 단순한 분석 방법만으로 신뢰하기가 어렵다. 새로운 P2P 응용들과 같은 트래픽 모니터링의 정확도를 높이기 위해서는 TCP/IP 헤더만이 아니라 패킷이 담고 있는 페이로드 내용에 대한 조사 차원의 모니터링 방법이 필요하다. 본 논문에서는 TCP/IP 헤더 정보와 더불어 패킷의 페이로드 내용을 조사하여 P2P 트래픽을 탐지하는 모니터링 기법을 제안한다. 이어 탐지되는 P2P 트래픽에 대하여 Linux Netfilter Framework의 Queuing Discipline에서 제공하는 계층적인 우선순위 큐를 사용하여 일정한 양의 대역폭을 할당하는 정책을 적용함으로써 안정적이면서 효율적인 네트워크 운용 방안을 제시한다.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.19 no.7
• /
• pp.741-753
• /
• 2008

This paper explores the throughput performance of CSMA/CA-based DCF protocol over both ideal channels and fading channels with payload size at the MAC layer in the 802.11a wireless LAN. In the ideal channel, there are no errors and at the transmission cycle there is one and only one active station which always has a packet to send and other stations can only accept packets and provide acknowledgements. In the fading channel, bit errors appear in the channel randomly and the number of stations is assumed to be fixed. And each station always has packets for transmission. In other words, we operate in saturation conditions. Up to now conventional research work about DCF throughput analysis of IEEE 802.11 a wireless LAN has been done over the ideal channel, but this paper is done over the Rayleigh/Ricean fading channel. So, the ratio of received average energy per bit-to-noise power spectral density $E_b/N_o$ is set to 25 dB and the ratio of direct-to-diffuse signal power in each sub-channel $\xi$ is set to 6 for combined Rayleigh/Ricean fading channel. In conclusion, it is shown that the saturation throughput is always less than the maximum throughput at all the payload size and the higher the transmission rate be, the higher the decreasing rate of saturation throughput compared to the maximum throughput be.