• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.2
• /
• pp.254-259
• /
• 2008

Mesh WLANs, which consist of wireless mesh routers connecting each other in a mesh topology and self-operate after their autoconfiguration, have several advantages in convenience, swiftness and flexibility of deployment and operation over existing WLANs the expansions of which are done by connecting the APs with wires. However, many technical issues still remain to be solved. Among them, network performance degradations due to the interference between the adjacent hops in multi-hop mesh WLANs, and the reusability of the existing wireless network protocols are critical problems to be answered. This work evaluates the VoIP support performance of IEEE 802.11a/g-based mesh WLANs with multiple wireless interfaces with simulations. The results show that there exit an unfairness in VoIP packet delay performances among mobile routers located at different hops, and that although the capacity of the admitted calls can be increased by increasing the size of voice packet payload it is far less than the expected one. This suggests that the existing 802.11 MAC protocols have their limitation when applied in mesh networks and their enhancement or even a newer one nay be required.

• Journal of the Korean Society of Propulsion Engineers
• /
• v.22 no.4
• /
• pp.1-11
• /
• 2018

A system design and integrated design process for a space launch vehicle were established based on system engineering. With the mission design results for a given payload weight and trajectory, it is possible to perform optimal design by integrating each unit such as propulsion, weight estimation, and aerodynamic force after analysis, during in the system design process. The program is finally configured to verify that the designed vehicle can perform its mission through 3-DOF trajectory optimization simulation. Genetic algorithms are used as the optimization method, and the optimal design results of the variables and parameters to be considered during design are presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1045-1054
• /
• 2021

As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

• Smart Media Journal
• /
• v.8 no.1
• /
• pp.19-26
• /
• 2019

At the opening ceremony of 2018 Winter Olympics in PyeongChang, an unknown cyber-attack occurred. The malicious code used in the attack is based on in-memory malware, which differs from other malicious code in its concealed location and is spreading rapidly to be found in more than 140 banks, telecommunications and government agencies. In-memory malware accounts for more than 15% of all malicious codes, and it does not store its own information in a non-volatile storage device such as a disk but resides in a RAM, a volatile storage device and penetrates into well-known processes (explorer.exe, iexplore.exe, javaw.exe). Such characteristics make it difficult to analyze it. The most recently released in-memory malicious code bypasses the endpoint protection and detection tools and hides from the user recognition. In this paper, we propose a method to efficiently extract the payload by unpacking injection through IDA Pro debugger for Dorkbot and Erger, which are in-memory malicious codes.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.57-66
• /
• 2021

As the detection performance using deep learning and machine learning of the intrusion detection field has been verified, the cases of using it are increasing day by day. However, it is difficult to collect the data required for learning, and it is difficult to apply the machine learning performance to reality due to the imbalance of the collected data. Therefore, in this paper, A mixed sampling technique using t-SNE visualization for imbalanced data processing is proposed as a solution to this problem. To do this, separate fields according to characteristics for intrusion detection events, including payload. Extracts TF-IDF-based features for separated fields. After applying the mixed sampling technique based on the extracted features, a data set optimized for intrusion detection with imbalanced data is obtained through data visualization using t-SNE. Nine sampling techniques were applied through the open intrusion detection dataset CSIC2012, and it was verified that the proposed sampling technique improves detection performance through F-score and G-mean evaluation indicators.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.97-105
• /
• 2008

The various mutations of the malicious codes are fast generated on the network. Also the behaviors of them become intelligent and the damage becomes larger step by step. In this paper, we suggest the method to select the useful measures for the detection of the codes. The method has the advantage of shortening the detection time by using header data without payloads and uses connection data that are composed of TCP/IP packets, and much information of each connection makes use of the measures. A naive estimator is applied to the probability distribution that are calculated by the histogram estimator to select the specific measures among 80 measures for the useful detection. The useful measures are then selected by using relative entropy. This method solves the problem that is to misclassify the measure values. We present the usefulness of the proposed method through the result of the detection experiment using the detection patterns based on the selected measures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.27-37
• /
• 2011

The IDS/IPS(Intrusion Detection/Prevention System) has been widely deployed to protect the internal network against internet attacks. Reducing the packet inspection time is one of the most important challenges of improving the performance of the IDS/IPS. Since the IDS/IPS needs to match multiple patterns for the incoming traffic, we may have to apply the multiple pattern matching schemes, some of which use finite automata, while the others use the shift table. In this paper, we first show that the performance of those schemes would degrade with various kinds of pattern sets and payload, and then propose a hybrid multiple pattern matching scheme which combines those two schemes. The proposed scheme is organized to guarantee an appropriate level of performance in any cases. The experimental results using real traffic show that the time required to do multiple pattern matching could be reduced effectively.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.2
• /
• pp.8-15
• /
• 2009

The need for ASP(Application Service Provider) has evolved from the increasing costs of specialized software that have far exceeded the price rage of small to medium sized businesses. There are a lot of technologies that make ASP possible, and software streaming service is one of them Software streaming is a method for overlapping transmission and execution of stream-enabled software. The stream-enabled software is able to run on a device even while the transmission/streaming of the software may still be in progress. Thus, a user does not have to wait for the completion of the software's download prior to starting to execute the software. In this paper, we suggest the new concept of software streaming system implement using the PageFault Interrupt Routine Hooking. As it is able to efficiently manage application, we do not have to install the entire software. In addition, we can save hardware resources by using it because we load basic binaries without occupying the storage space of the hardware.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.82-84
• /
• 2022

In recent years, research has been actively conducted to solve overhead problems caused by the increase in the number of IoT devices. MQTT, one of the IoT lightweight protocols for resolving performance degradation in IoT environments, is standardized to enable efficient operation in many-to-many communication environments, but there is a security vulnerability as it does not provide encryption by default. Although TLS communication technology can be applied to solve these problems, it is difficult to meet IoT's lightweight power-saving requirements. This paper introduces the latest MQTT communication encryption trends and analyzes IoT applicability by comparing TLS encryption and payload encryption methods.

• Proceedings of the Korean Vacuum Society Conference
• /
• 2014.02a
• /
• pp.436-436
• /
• 2014

본 연구에서는 전 세계적으로 활발히 연구되고 있는 나노바이오센서 분야 중 가장 주목을 받고 있는 LSPR 원리를 이용한 바이오센서를 제작하였다. 금속 나노입자의 국소 표면 플라즈몬 공명현상에 의한 주위환경에 민감하게 반응하는 특성은 고감도 광학형 바이오센서, 화학물질 검출 센서등에 응용된다. 특히 금 나노막대와 같은 1차 나노구조물은 나노막대의 주변 환경 변화에 따라 뚜렷한 플라즈몬 흡수 밴드 변화를 나타냄으로 센서로 적용 했을 때 고감도의 측정이 가능하다. 본 연구에서는 다공성인 알루미늄 양극산화 박막 주형틀을 이용하여 다양한 종횡비를 가지는 금 나노막대를 합성하고, 나노막대 어레이 형태의 박막을 제작하였다. 금 나노막대의 합성은 알루미늄 양극산화막을 사용한 주형제조 방법(template method)을 사용하는 전기화학 증착법을 사용하였다. 우선 부도체인 알루미늄 양극 산화막의 한쪽면을 열증착 장비를 사용하여 금을 증착하여 작업 전극(working electrode)을 형성하였다. 백금 선(platinum wire)을 보조 전극(counter electrode)으로 사용하고 Ag/AgCl 전극을 기준 전극(reference electrode)으로 사용하여 삼전극계(three-electrode system)를 형성하였으며, 금 도금 용액(orotemp 24 gold plating solution, TECHNIC INC.)을 사용하여, 800 mV 전압에서 금 나노 막대를 합성하였다. 금 나노막대의 길이는 테플론 챔버를 통과한 전하량 또는 전기 증착 시간에 비례하여 결정된다. 금 나노막대를 성장시킨 알루미늄 양극산화막을 실리콘 웨이퍼에 은 페이스트를 사용하여 고정시킨 후 수산화나트륨 (NaOH)용액을 사용하여 알루미늄 양극산화막을 녹여내어 수직방향으로 정렬되어 있는 나노 막대 어레이 박막을 제조 하였다. 또한 제작된 금 나노막대 어레이의 광학적 특성을 평가하였다. 본 연구에서와 같이 나노막대를 직경방향으로 측정할 경우, 직경방향의 transverse mode만 측정된다. 금 나노 막대가 알루미늄 양극산화막 안에 포함된 상태로 측정된 금 나노로드 어레이 박막의 광 스펙트럼 분포는 금 나노막대의 가시광영역에서의 흡수 스펙트럼을 측정하였을시 직경 및 길이에 따라 transverse mode의 ${\lambda}$ max (최대 흡광)의 위치가 변화됨을 나타낸다. 실험 결과를 바탕으로 나노막대의 종횡비가 증가함에 따라 흡수 스펙트럼의 transverse mode ${\lambda}$ max가 미약하게 단파장 영역으로 이동하는 것을 확인할 수 있다. 이러한 결과는 원기둥 형태의 금 나노막대의 흡수 스펙트럼에 대한 이론적인 예측과 부합한다. 바이오센서로의 적용 가능성을 확인하기 위하여 자기조립단분자막을 형성하여 항체를 고정하고 CRP에 대한 응답특성을 평가하였다. CRP 항원-항체의 면역반응에 대한 실험 결과 CRP 항원의 농도가 증가함에 따라 넓은 측정범위에서 선형적으로 흡광도가 증가하는 결과를 나타내었으며, CRP 10 fg/ml의 농도까지 검출할 수 있었다. 센서의 선택성을 확인하기 위하여 감지하고자하는 대상물질이 아닌 Tn T 항원을 감지막에 반응시켜 흡광도 변화를 분석하였다. 결과적으로 제작된 센서칩은 선택성을 가지고 측정하고자하는 물질에만 반응함을 확인하였다. 이러한 결과는 다양한 직경을 사용한 부가적인 LSPR현상의 연구에 활용될 수 있을 것이다.