• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1031-1034
• /
• 2002

본 논문에서는 커널수준의 침입탐지를 위한 동적 침입탐지 규칙 변경 기법을 제안한다. 제안하는 기법은 침입탐지 규칙은 규칙타입 프로토콜 타입, 패킷 헤더와 패킷 페이로드에 대한 검사를 수행하기 위한 규칙들로 세분화하여 LVR로 표현하고 이들 LVR이 계층적으로 구성된 IDRL로 관리한다. 침입탐지는 IDRL을 이용하여 수행하며, 규칙에 대한 변경은 변경된 규칙에 대한 LVR을 구성하고 LV를 이용한 포인터 변경을 이용하여 IDRL에 반영하는 방법이다. 제안하는 기법은 IDRL을 이용한 침입탐지와 탐지규칙의 변경을 IDRL에 최소한의 비용으로 수행하고, LVR을 이용하여 침입탐지 규칙을 디스크와 메모리에 동일한 형태로 저장 및 관리하여 탐지규칙 초기화 비용과 변경 비용을 최소화할 수 있다. 이를 통하여 보다 안전한 커널 수준에서의 네트워크 보안을 위한 효율적인 동적 침입탐지 규칙 변경을 지원할 수 있다는 장점을 가진다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.434-437
• /
• 2010

NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.23 no.5
• /
• pp.1196-1207
• /
• 1998

The link sublayer segmentizes a use data into several frames and transmits it through a wireless channel. In this case, the packet error probability and link throughput are affected by the frame size. And a portion of pure user data in a packet affects a link throughput. In this paper we analyze and simulate the retransmission scheme of the Wireless Local Loop(WLL) system and study the link throughput according to the payload size.

• Journal of Advanced Navigation Technology
• /
• v.6 no.1
• /
• pp.77-83
• /
• 2002

The emergence of Bluetooth as a radio interface scheme has allowed electronic devices to be instantly interconnected as ad-hoc networks. These short range ad-hoc wireless networks are called piconets, operated in the unlicensed 2.45 GHz ISM(Industrial, Scientific, Medical) band where up to eight devices may be used to configure single or overlapping piconets. In this paper, we have simulated the PER(Packet Error Rate), the ratio of received packet and payload BER(Bit Error Rate) of piconet with packet types of Bluetooth ACL/SCO(Asynchronous Connection Less/Synchronous Connection Oriented) link over wireless ad-hoc environment. The Rayleigh fading effects are considered as channel model, and the simulation results are based on the baseband model of Bluetooth specification. From the simulation results, the PER and the throughput of Bluetooth piconet are sensibly affected by the packet type of ACL/SCO link.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.6C
• /
• pp.614-622
• /
• 2006

In this paper, we propose an efficient packetization method to reduce the packetization overhead. For the purpose, we firstly verify the relationship between packet length and packet loss rate. The empirical results show that as the packet length is larger than the path MTU, the packet loss rate is drastically increased, producing poor visual quality at the receiver side. However, as the length of the packet is reduced, we should transmit more packets per frame and the packetization overhead will be increased. This increase in the packetization overhead reduces the number of bits allocated to the video data, resulting in the low visual quality. Therefore, each packet should be packetized to have the packet length close to the path MTU. In this paper, we show that the this process of the packetization with the constraint on the packet length is very similar to the dynamic storage allocation in the operating system. We had thoroughly surveyed the dynamic storage allocation methods used in the recent operating systems and propose to use the allocation methods for the video packetization. We empirically show that the proposed method can reduce the packetization overhead upto 28.3%, compared with the conventional sequential packetization method which have been widely used in Internet video transmission.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.681-684
• /
• 2008

Bluetooth baseband performs FEC (forward error check) at the interface of transmitter and receiver modem. Well-designed FEC means directly the efficiency of retransmission of the data payload therefore design optimization is very important. In this paper, we designed a optimal 1/3, 2/3 type of FEC. 1/3 FEC. which performs 3 times customary repetition was designed for packet header, and 2/3 FEC was designed for data packets with (15, 10) reduced hamming code. The proposed hardware FEC block was described and verified using Verilog HDL and later to be automatically synthesized. The synthesized FEC block operated at 40Mhz normal clock speed of the target baseband microcontroller.

• Proceedings of the Korea Institute of Convergence Signal Processing
• /
• 2003.06a
• /
• pp.276-279
• /
• 2003

본 논문에서는 블루투스 장비 간 암호화를 위해 사용되는 암호화 모듈의 설계 및 구현에 관한 내용을 다룬다. 암호화 모듈은 기저 대역내에 암호화 키 생성 모듈과 암호화 엔진 모듈로 구성된다. 암호화 키 생성 모듈은 Cylink사에서 제안한 공개 도메인인 SAFER+(Secure And Fast Encryption Routine) 알고리즘을 사용하여 128bit 키를 생성한다. 그 구성은 키 치환을 위한 치환 함수(key-controlled substitution)와 선형 변환을 위한 PHT(Pseudo-Hadamard Transform)와 Armenian Shuffle 변환기로 구성된다. 암호화 엔진 모듈은 전송 패킷내의 페이로드 데이터와 생성된 사이퍼 키 스트림 데이터와 XOR연산을 통하려 암호화를 행하며 그 구성은 LFSR (Linear Feedback Shift Register)와 합 결합기로 구성된다. 이 중 암호화 키 생성 모듈은 LM(Link Manager)의 PDU(Protocol Data Unit) 패킷을 통해 상호 정보가 교환되므로 암호화키를 생성하는데 있어 시간적 제약이 덜 하다. 따라서 본 논문에서는 변형된 SAFER+ 알고리즘 구현하는데 있어 치환 함수의 덧셈과 XOR, 로그, 지수연산을 바이트 단위의 순차 계산을 수행함으로써 소요되는 하드웨어 용량을 줄이도록 설계하였다. 본 논문에서 제시한 모듈은 블루투스 표준안 버전 1.1에 근거하여 구현하였으며 시뮬레이션 및 테스트는 Xilinx FPGA를 이용하여 검증하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1233-1236
• /
• 2009

현재 다량의 네트워크 대역폭을 소모하는 응용 프로그램 트래픽을 확인하고 분류하는데 많은 방법들이 사용되고 있지만 정통적인 트래픽 분류 방법론인, 포트 번호, ip 등 등의 헤더 정보만으로는 응용 프로그램의 트랙픽을 정확하게 분류하지 못한다. 최근 동적인 포트 번호를 사용하는 새로운 트래픽 응용의 등장과 방화벽을 통과하기 위한 포트번호 변경으로 인하여 전통적인 TCP/UDP 헤더 기반의 트랙픽 분류 방법은 부정확해지고 있다. 이러한 트래픽을 정확하게 식별하고 분류하기 위해서는 패킷의 페이로드 내용에 대한 조사도 병행되어야 하고 시그니처 기반의 식별 방법을 사용하여야 한다. 하지만 이 방법은 정확도가 높은 반면 시그니처의 목록을 매번 최신 상태로 유지하여야 하는 단점과 길어지는 탐색 시간에 따른 시스템 부하의 문제를 가지고 있다. 본 연구에서는 이러한 단점을 향상시키는 목적으로 새로운 시그니처 기반의 해쉬 테이블에 캐시를 이용한 방법론인 효율적인 알고리즘을 제안하고 시그니처의 자료구조와 실제 패킷과 시그니처의 비교 방식을 수정함으로써 효율성을 높이는데 목적을 두고 있다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1313-1319
• /
• 2017

In this paper, we evaluate the performance of multi-hop transmissions in IEEE 802.15.6 ultra wide band (UWB) wireless body area network (WBAN). The packet structure in the physical layer, and encoding and decoding are considered for multi-hop transmissions in IEEE 802.15.6 UWB WBAN. We analyze the data success rate and energy efficiency of multi-hop transmissions with considering the length of data payload, transmission power, and distances between the nodes in IEEE 802.15.6 UWB WBAN. Through simulations, we evaluate the data success rate and energy efficiency of multi-hop transmissions with varying the length of data payload, transmission power, and distances between the nodes in IEEE 802.15.6 UWB WBAN. Finally, we can select an energy-efficient multi-hop transmission in IEEE 802.15.6 UWB WBAN depending on the length of data payload, transmission power, and distances between the nodes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1234-1244
• /
• 2009

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services and applications on Internet, which makes the need of application-level traffic classification important for the efficient management and control of network resources. Although lots of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in terms of accuracy and completeness. In this paper we propose an application traffic classification method using statistic signatures, defined as a directional sequence of packet size in a flow, which is unique for each application. The statistic signatures of each application are collected by our automatic grouping and extracting mechanism which is mainly described in this paper. By matching to the statistic signatures we can easily and quickly identify the application name of traffic flows with high accuracy, which is also shown by comprehensive excrement with our campus traffic data.