• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.10
• /
• pp.4574-4577
• /
• 2011

In this paper, In this paper, analyzed structure of home networking used in USN(Ubiquitous Sensor Network) and embedded systems for home automation was implemented on the Android operating system. Developed a system for building a home network using wireless communication, so it is possible to minimize the difficulty of installation. Home automation system has built based on pre-defined ID according electronic components that make a house. In addition, a data structure suitable for home automation was defined and developing application programs based on Android OS according to packet structure, embedded system for home automation was developed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1385-1395
• /
• 2017

This paper aims to develop an IDS (Intrusion Detection System) that takes into account class imbalanced datasets. For this, we first built a set of training data sets from the Kyoto 2006+ dataset in which the amounts of normal data and abnormal (intrusion) data are not balanced. Then, we have run a number of tests to evaluate the effectiveness of machine learning techniques for detecting intrusions. Our evaluation results demonstrated that the Random Forest algorithm achieved the best performances.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.24-32
• /
• 2015

Recently, SDN is actively used as datacenter networks and gradually increase its applied areas. Along with this change of networking environment, research of deploying network security systems on SDN becomes highlighted. Especially, systems for detecting network flooding attacks by monitoring every packets through ports of OpenFlow switches have been proposed. However, because of the centralized management of a SDN controller which manage multiple switches, it may be substantial overhead that the attack detection system continuously monitors all the flows. In this paper, a sampling based network flooding attack detection and prevention system is proposed to reduce the overhead of monitoring packets and to achieve reasonable functionality of attack detection and prevention. The proposed system periodically takes sample packets of network flows with the given sampling conditions, analyzes the sampled packets to detect network flooding attacks, and block the attack flows actively by managing the flow entries in OpenFlow switches. As network traffic sampler, sFlow agent is used, and snort, an opensource IDS, is used to detect network flooding attack from the sampled packets. For active prevention of the detected attacks, an OpenDaylight application is developed and applied. The proposed system is evaluated on the local testbed composed with multiple OVSes (Open Virtual Switch), and the performance and overhead of the proposed system under various sampling condition is analyzed.

• Journal of KIISE
• /
• v.43 no.12
• /
• pp.1404-1411
• /
• 2016

Network virtualization is a technique that abstracts the physical network to provide multiple virtual networks to users. Virtualized network has the advantage to offer flexible services and improve resource utilization. In SDN architecture, network hypervisor serves to virtualize the network through address virtualization, topology virtualization and policy virtualization. Among them, address virtualization refers to the technique that provides an independent address space for each virtual network. Previous work divided the physical address space, and assigned an individual division to each virtual network. Each virtual address is then mapped one-to-one to a physical address. However, this approach requires a lot of flow entries, thus making it disadvantageous. Since SDN switches use TCAM (Ternary Contents Addressable Memory) for the flow table, it is very important to reduce the number of flow entries in the aspect of cost and scalability. In this paper, we propose a LISP based address virtualization, which separates address spaces for the physical and virtual addresses and transmits packet through tunneling, in order to resolve the limitation of the previous studies. By implementing a prototype, we show that the proposed scheme provides better scalability.

• Journal of KIISE:Information Networking
• /
• v.32 no.6
• /
• pp.659-667
• /
• 2005

A Mobile Ad Hoc Network(MANET) is a multi hop wireless network with no prepared base stations or centralized administrations, where flocks of peer systems gather and compose a network. Each node operates as a normal end system in public networks. In addition to it, a MANET node is required to work as a router to forward traffic from a source or intermediate node to others. Each node operates as a normal end system in public networks, and further a MANET node work as a router to forward traffic from a source or intermediate node to the next node via routing path. Applications of MANET are extensively wide, such as battle field or any unwired place; however, these are exposed to critical problems related to network management, node's capability, and security because of frequent and dynamic changes in network topology, absence of centralized controls, restricted usage on network resources, and vulnerability oi mobile nodes which results from the special MANET's character, shared wireless media. These problems induce MANET to be weak from security attacks from eavesdropping to DoS. To guarantee secure authentication is the main part of security service In MANET because networks without secure authentication are exposed to exterior attacks. In this paper, a multistage authentication strategy based on CGSR is proposed to guarantee that only genuine and veritable nodes participate in communications. The proposed authentication model is composed of key manager, cluster head and common nodes. The cluster head is elected from secure nodes, and key manager is elected from cluster heads. The cluster head will verify other common nodes within its cluster range in MANET. Especially, ID of each node is used on communication, which allows digital signature and blocks non repudiation. For performance evaluation, attacks against node authentication are analyzed. Based on security parameters, strategies to resolve these attacks are drawn up.

• Journal of the Institute of Convergence Signal Processing
• /
• v.12 no.4
• /
• pp.274-280
• /
• 2011

Due to their rapid growth and new paradigm applications, wireless sensor networks(WSNs) are morphing into low power personal area networks(LoWPANs), which are envisioned to grow radically. The fragmentation and reassembly of IP data packet is one of the most important function in the 6LoWPAN based communication between Internet and wireless sensor network. However, since the 6LoWPAN data unit size is 102 byte for IPv6 MTU size is 1200 byte, it increases the number of fragmentation and reassembly. In order to reduce the number of fragmentation and reassembly, this paper presents a new scheme that can be applicable to 6LoWPAN. When a fragmented packet header is constructed, we can have more space for data. This is because we use 8-bits routing table ill instead of 16-bits or 54-bits MAC address to decide the destination node. Analysis shows that our design has roughly 7% or 22% less transmission number of fragmented packets, depending on MAC address size(16-bits or 54-bits), compared with the previously proposed scheme in RFC4944. The reduced fragmented packet transmission means a low power consumption since the packet transmission is the very high power function in wireless sensor networks. Therefore the presented fragmented transmission scheme is well suited for low-power wireless sensor networks.

• Journal of Internet of Things and Convergence
• /
• v.2 no.2
• /
• pp.37-49
• /
• 2016

An IP address is used as a host identifier and a locator to bind hosts and applications to their location in existing Internet. Several protocols are proposed to eliminate this binding. Most of these protocols use IPv6-based host identifiers to maintain compatibility with existing Internet, but these identifiers cannot be handled by standard IPv6 routers because such identifiers are unroutable. Therefore, host identifiers need to be usually converted to locators at hosts, and the standard IPv6 protocol should be modified to interoperate with these protocols. In this paper, we propose a network-based host identifier locator separating scheme in software-defined networking. The proposed scheme separates the underlying network into Host Identity and IP domains in order to directly forward unroutable identifiers. The Host Identity domain operates as an overlaid network over IP domain, and it makes the unroutable identifiers to be routable using distributed hash table based routing strategy. For the evaluation, we compared the proposed scheme with the previous scheme using signaling costs and packet delivery costs. The result shows that the proposed scheme is more suitable in the recent mobile-based environments.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.71-84
• /
• 2005

Recently, the expert call center solution has become the center of interest, since finance and tele-marketing system, which is focused on a communication industry, have been increasing, Specially, the call center market is growing up with a supporting Caller-ID for a cellular phone in Korea, In the present, although large size companies are developing expensive solutions and instruments to service only for the big companies, there little solutions for SOHO markets, Therefore, in this paper we have shown a design and an implementation of a CTI system which is capable of in/outbound call processing by using CTI, and providing stable services by linking the customer's DB. And these functionalities have become possible by integrating functions of PBX and the computer control of the PBX. First, we have constructed call flows and analyzed packets for the standard communication through the PBX in call. Then, we have designed and implemented a middleware which linked a call between a client and a customer. Finally, we have constructed a database module for applying the CRM technology to the management of customer's contents.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.23 no.10
• /
• pp.29-35
• /
• 2009

This paper handles, implementation of multiple access bidirectional serial communications protocol using DC power lines. The normal voltage of the power communication line maintains 24[V] corresponding to level 1 and the host drops the voltage to 12[V] on sending level 0 signal, also the clients normally keeps the line voltage to 24[V] use pull-down circuit to drop the voltage to 12[V] on sending level 1 signal. Host senses the voltage level of the power communication lines and the hosts switches power source from 24[V] to 12[V]. Experimental circuit is designed with one hosts and four clients and verified the power line voltage switching operation depending on the data signal levels on the power line.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.4
• /
• pp.101-110
• /
• 2011

A smart grid networks delivers electricity from suppliers to consumers using digital technology with two-way communications to control appliances at consumers' homes to save energy, reduce cost and increase reliability and transparency. Security is critically important for smart grid networks that are usually used for the electric power network and IT environments that are opened to attacks, such as, eavesdroping, replay attacks of abnormal messages, forgery of the messages to name a few. ZigBee has emerged as a strong contender for smart grid networks. ZigBee is used for low data rate and low power wireless network applications. To deploy smart grid networks, the collected information requires protection from an adversary over the network in many cases. The security mechanism should be provided for collecting the information over the network. However, the ZigBee protocol has some security weaknesses. In this paper, these weaknesses are discussed and a method to improve security aspect of the ZigBee protocol is presented along with a comparison of the message complexity of the proposed security protocol with that of the current ZigBee protocol.