• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.299-302
• /
• 2010

Recently, the malicious code is not easily detectable in the vaccine for the virus, malicious code as a compressed file by modulation pattern is the tendency to delay. Among the many antivirus engines on the market a compressed file that can be modulated by malicious code, and test whether the pattern will need to know. We cover a multi-compressed files, malicious code modulated secreted by examining patterns of test engine is being detected is through a computer simulation. Analysis of secreted activities of malicious code and infect the host file tampering with the system driver files and registry, it gets registered is analyzed. this study will contribute hidden malicious code inspection and enhance vaccine efficacy in reducing the damage caused by malicious code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.69-78
• /
• 2004

The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.1
• /
• pp.33-49
• /
• 2003

Recently, there have been large storage demands for manipulating multimedia data. To solve the tremendous storage demands, one of the major researches is the SAN(Storage Area Network) that provides the local file requests directly from shared-disk storage and also eliminates the server bottlenecks to performance and availability. SAN also improve the network latency and bandwidth through new channel interface like FC(Fibre Channel). But to manipulate the efficient storage network like SAN, traditional local file system and distributed file system are not adaptable and also are lack of researches in terms of a metadata structure for large-scale inode object such as file and directory. In this paper, we describe the architecture and design issues of our shared-disk file system and provide the efficient bitmap for providing the well-formed block allocation in each host, extent-based semi flat structure for storing large-scale file data, and two-phase directory structure of using Extendible Hashing. Also we describe a detailed algorithm for implementing the file system's device driver in Linux Kernel and compare our file system with the general file system like EXT2 and shard disk file system like GFS in terms of file creation, directory creation and I/O rate.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.9
• /
• pp.425-434
• /
• 2007

Even though Internet backbone speeds have increased in the last few years due to projects like Internet 2 and NGI, many high performance distributed applications are able to achieve only a small fraction of the available bandwidth. The cause of such problem is due to a character of TCP/IP. The primary goal of this protocol is reliable data transmission. Therefore high speed data transmission didn't be considered when TCP/IP is designed. Hence several researchers have been studied in order to solve the problem of TCP/IP. One of these research results, parallel transfer technique, solves this problem to use parallel TCP connections on application level. Additionally, this technique is compatibility. Recently, these researchers have been studied a mechanism to decide the number of parallel TCP connections. However, some researchers reported the number of parallel TCP connection base on only empirical results. Although hardware performance of host affects transmission rate, the hardware performance didn't be considered in their works. Hence, we collect all data related to transmission rate, such as hardware state information (cpu utilization, interrupt, context switch). Then, we analyzed collected data. And, we suggest a new mechanism determining number of parallel TCP connections for maximization of performance based on our analysis.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.9
• /
• pp.459-466
• /
• 2007

TCP/IP processing imposes a heavy load on the host CPU when it is processed by the host CPU on a very high-speed network. Recently the TCP/IP Offload Engine (TOE), which processes TCP/IP on a network adapter instead of the host CPU, has become an attractive solution to reduce the load in the host CPU. There have been two approaches to implement TOE. One is the software TOE in which TCP/IP is processed by an embedded processor and the other is the hardware TOE in which TCP/IP is processed by a dedicated ASIC. The software TOE has poor performance and the hardware TOE is neither flexible nor expandable enough to add new features. In this paper we designed and implemented a hybrid TOE architecture, in which TCP/IP is processed by cooperation of hardware and software, based on an FPGA that has two embedded processor cores. The hybrid TOE can have high performance by processing time-critical operations such as making and processing data packets in hardware. The software based on the embedded Linux performs operations that are not time-critical such as connection establishment, flow control and congestions, thus the hybrid TOE can have enough flexibility and expandability. To improve the performance of the hybrid TOE, we developed a hardware-based transmission/reception accelerator that processes important operations such as creating data packets. In the experiments the hybrid TOE shows the minimum latency of about $19{\mu}s$. The CPU utilization of the hybrid TOE is below 6 % and the maximum bandwidth of the hybrid TOE is about 675 Mbps.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.39 no.11
• /
• pp.24-32
• /
• 2002

In this paper we implemented various image processing filtering using the format converter. This design method is based on realized the large processor-per-pixel array by integrated circuit technology. These two types of integrated structure are can be classify associative parallel processor and parallel process DRAM(or SRAM) cell. Layout pitch of one-bit-wide logic is identical memory cell pitch to array high density PEs in integrate structure. This format converter design has control path implementation efficiently, and can be utilize the high technology without complicated controller hardware. Sequence of array instruction are generated by host computer before process start, and instructions are saved on unit controller. Host computer is executed the pixel-parallel operation starting at saved instructions after processing start. As a result, we obtained three result that 1)simple smoothing suppresses higher spatial frequencies, reducing noise but also blurring edges, 2) a smoothing and segmentation process reduces noise while preserving sharp edges, and 3) median filtering, like smoothing and segmentation, may be applied to reduce image noise. Median filtering eliminates spikes while maintaining sharp edges and preserving monotonic variations in pixel values.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.5
• /
• pp.257-266
• /
• 2006

Recently TCP/IP Offload Engine (TOE) technology, which processes TCP/IP on a network adapter instead of the host CPU, has become an important approach to reduce TCP/IP processing overhead in the host CPU. There have been two approaches to implementing TOE: software TOE, in which TCP/IP is processed by an embedded processor on a network adapter; and hardware TOE, in which all TCP/IP functions are implemented by hardware. This paper proposes a hybrid TOE that combines software and hardware functions in the TOE. In the hybrid TOE, functions that cannot have guaranteed performance on an embedded processor because of heavy load are implemented by hardware. Other functions that do not impose as much load are implemented by software on embedded processors. The hybrid TOE guarantees network performance near that of hardware TOE and it has the advantage of flexibility, because it is easy to add new functions or offload upper-level protocols of TCP/IP. In this paper, we developed a prototype board with an FPGA and an ARM processor to implement a hybrid TOE prototype. We implemented the hardware modules on the FPGA and the software modules on the ARM processor. We also developed a coprocessing mechanism between the hardware and software modules. Experimental results proved that the hybrid TOE prototype can greatly reduce the load on a host CPU and we analyzed the effects of the coprocessing mechanism. Finally, we analyzed important features that are required to implement a complete hybrid TOE and we predict its performance.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.3
• /
• pp.515-520
• /
• 2022

In context awareness using multiple sensors, when using sensor data detected and sent by each sensor, it is necessary to give different weights for each sensor. Even if the same type of sensor is configured for the same situation, sometimes it is necessary to assign different weights due to other secondary factors. It is inevitable to assign weights to events in the real world, and it can be said that a weighting method that can be used in a context awareness system using multiple sensors is necessary. In this study, we propose a weighting method for each sensor that reports to the host while the sensors continue to detect over time. In most IoT environments, the sensor continues the detection activity, and when the detected value shows a change pattern beyond a predetermined range, it is basically reported to the host. This can be called a kind of data stream environment. A weighting method was proposed for sensing data from multiple sensors in a data stream environment, and the new weighting method was to select and assign weights to data that indicates a context change in the stream.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.5
• /
• pp.133-138
• /
• 2022

Recently, as GPU performance has improved in HPC and artificial intelligence, its use is becoming more common, but GPU programming is still a big obstacle in terms of productivity. In particular, due to the difficulty of managing host memory and GPU memory separately, research is being actively conducted in terms of convenience and performance, and various CPU-GPU memory transfer programming methods are suggested. Meanwhile, recently many SoC (System on a Chip) products such as Apple M1 and NVIDIA Tegra that bundle CPU, GPU, and integrated memory into one large silicon package are emerging. In this study, data between CPU and GPU devices are used in such an integrated memory device and performance-related research is conducted during transmission. It shows different characteristics from the existing environment in which the host memory and GPU memory in the CPU are separated. Here, we want to compare performance by CPU-GPU data transmission method in NVIDIA SoC chips, which are integrated memory devices, and NVIDIA SMX-based V100 GPU devices. For the experimental workload for performance comparison, a two-dimensional matrix transposition example frequently used in HPC applications was used. We analyzed the following performance factors: the difference in GPU kernel performance according to the CPU-GPU memory transfer method for each GPU device, the transfer performance difference between page-locked memory and pageable memory, overall performance comparison, and performance comparison by workload size. Through this experiment, it was confirmed that the NVIDIA Xavier can maximize the benefits of integrated memory in the SoC chip by supporting I/O cache consistency.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.303-314
• /
• 2018

In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.