• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.637-645
• /
• 2022

Cloud computing has been gaining popularity over decades, and container, a technology that is primarily used in cloud native applications, is also drawing attention. Although container technologies are lighter and more capable than conventional VMs, there are several security threats, such as sharing kernels with host systems or uploading/downloading images from the image registry. one of which can refer to the integrity of container images. In addition, runtime security while the container application is running is very important, and monitoring the behavior of the container application at runtime can help detect abnormal behavior occurring in the container. Therefore, in this paper, first, we implement a signing checker that automatically checks the signature of an image based on the existing Docker Content Trust (DCT) technology to ensure the integrity of the container image. Next, based on falco, an open source project of Cloud Native Computing Foundation(CNCF), we introduce newly created image for the convenience of existing falco image, and propose implementation of docker-compose and package configuration that easily builds a monitoring system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.729-732
• /
• 2010

통신망의 발달로 다양한 인터넷 기반 기술들이 등장함에 따라 현재는 데이터뿐만 아닌 음성에 대한 부분도 IP 네트워크를 통해 전송하려는 움직임이 발판이 되어 VoIP(Voice Over Internet Protocol)라는 기술이 등장하였다. SIP(Session Initiation Protocol) 프로토콜 기반 VoIP 서비스는 통신 절감 효과가 큰 장점과 동시에 다양한 부가서비스를 제공하여 사용자 수가 급증하고 있다. VoIP 서비스는 호(Call)를 제어하기 위해 SIP 기반으로 구성이 되며, SIP 프로토콜은 IP 망을 이용하여 다양한 음성과 멀티미디어 서비스를 제공하게 되는데 IP 프로토콜에서 발생하는 인터넷 보안 취약점을 그대로 동반하기 때문에 DoS(Denial of Service) 및 DDoS(Distribute Denial of Service)에 취약한 성향을 가지고 있다. DDoS 공격은 단시간 내에 대량의 패킷을 타깃 호스트 또는 네트워크에 전송하여 네트워크 접속 및 서비스 기능을 정상적으로 작동하지 못하게 하거나 시스템의 고장을 유도하게 된다. 인터넷 기반 생활이 일상화 되어 있는 현 시점에서 안전한 네트워크 환경을 만들기 위해 DDoS 공격에 대한 대응 방안이 시급한 시점이다. DDoS 공격에 대한 탐지는 매우 어렵기 때문에 근본적인 대책 마련에 대한 연구가 필요하며, 정상적인 트래픽 및 악의적인 트래픽에 대한 탐지 시스템 개발이 절실히 요구되는 사항이다. 본 논문에서는 SIP 프로토콜 및 공격기법에 대해 조사하고, DoS와 DDoS 공격에 대한 특성 및 종류에 대해 조사하였으며, SIP를 이용한 VoIP 서비스에서 IP 분류와 메시지 중복 검열을 통한 DDoS 공격 탐지기법을 제안한다.

• Proceedings of the Korean Society for Agricultural Machinery Conference
• /
• 2017.04a
• /
• pp.162-162
• /
• 2017

구글에서 공개한 Tensorflow를 이용한 여러 학문 분야의 연구가 활발하다. 농업 시설환경을 대상으로 한 빅데이터의 축적이 증가함과 아울러 실효적인 정보 획득을 위한 각종 데이터 분석 및 마이닝 기법에 대한 연구 또한 활발한 상황이다. 한편, 타 분야의 성공적인 심층학습기법 응용사례에 비하여 농업 분야에서의 응용은 초기 성장 단계라 할 수 있다. 이는 농업 현장에서 취득한 정보의 난해성 및 완성도 높은 생육/환경 모델링 정보의 부재로 실효적인 전과정 처리 기술 도출에 소요되는 시간, 비용, 연구 환경이 상대적으로 부족하기 때문일 것이다. 특히, 센서 기반 데이터 취득 기술 증가에 따라 비약적으로 방대해진 수집 데이터를 시간 복잡도가 높은 심층 학습 모델링 연산에 기계적으로 단순 적용할 경우 시간 효율적인 측면에서 성공적인 결과 도출에 애로가 있을 것이다. 매우 높은 시간 복잡도를 해결하기 위하여 제시된 하드웨어 가속 기능의 경우 일부 개발환경에 국한이 되어 있다. 일례로, 구글의 Tensorflow는 오픈소스 기반 병렬 클러스터링 기술인 MPICH를 지원하는 알고리즘을 공개하지 않고 있다. 따라서, 본 연구에서는 심층학습 기법 연구에 있어서, 예상 가능한 다양한 자원을 활용하여 최대한 연산의 결과를 빨리 도출할 수 있는 하드웨어적인 접근 방법을 모색하였다. 호스트에서 수행하는 일방적인 학습 알고리즘과 달리 이기종간 심층 학습이 가능하기 위해선 우선, NFS(Network File System)를 이용하여 데이터 계층이 상호 연결이 되어야 한다. 이를 위해서 고속 네트워크를 기반으로 한 NFS의 이용이 필수적이다. 둘째로 제한된 자원의 한계를 극복하기 위한 메모 공유 라이브러리가 필요하다. 셋째로 이기종간 프로세서에 최적화된 병렬 처리용 컴파일러를 이용해야 한다. 가장 중요한 부분은 이기종간의 처리 능력에 따른 작업을 고르게 분배할 수 있는 작업 스케쥴링이 수행되어야 하며, 이는 처리하고자 하는 데이터의 형태에 따라 매우 가변적이므로 해당 데이터 도메인에 대한 엄밀한 사전 벤치마킹이 수행되어야 한다. 이러한 요구조건을 대부분 충족하는 Open-CL ver1.2(https://www.khronos.org/opencl/)를 이용하였다. 최신의 Open-CL 버전은 2.2이나 본 연구를 위하여 준비한 4가지 이기종 시스템에서 모두 공통적으로 지원하는 버전은 1.2이다. 실험적으로 선정된 4가지 이기종 시스템은 1) Windows 10 Pro, 2) Linux-Ubuntu 16.04.4 LTS-x86_64, 3) MAC OS X 10.11 4) Linux-Ubuntu 16.04.4 LTS-ARM Cortext-A15 이다. 비교 분석을 위하여 NVIDIA 사에서 제공하는 Pascal Titan X 2식을 SLI로 구성한 시스템을 준비하였다. 개별 시스템에서 별도로 컴파일 된 바이너리의 이름을 통일하고, 개별 시스템의 코어수를 동일하게 균등 배분하여 100 Hz의 데이터로 입력이 되는 온도 정보와 조도 정보를 입력으로 하고 이를 습도정보에 Linear Gradient Descent Optimizer를 이용하여 Epoch 10,000회의 학습을 수행하였다. 4종의 이기종에서 총 32개의 코어를 이용한 학습에서 17초 내외로 연산 수행을 마쳤으나, 비교 시스템에서는 11초 내외로 연산을 마치는 결과가 나왔다. 기보유 하드웨어의 적절한 활용이 가능한 심층학습 기법에 대한 연구를 지속할 것이다

• The KIPS Transactions:PartA
• /
• v.19A no.1
• /
• pp.1-8
• /
• 2012

Network-based intelligent robot is connected with network system, provides interactions with humans, and carries out its own roles on ubiquitous computing environments. URC (Ubiquitous Robot Companion) robot has been proposed to develop network-based robot by applying distributed computing techniques. On URC robot, it is possible to save the computing power of robot client by environments, has been proposed to develop robot software using service-oriented architecture on server-client computing environments. The SOMAR client robot consists of two layers - device service layer and robot service layer. The device service controls physical devices, and the robot service abstracts robot's services, which are newly defined and generated by combining many device services. RSEL (Robot Service Executing Language) is defined in this paper to represent relations and connections between device services and robot services. A RESL document, including robot services by combining several device services, is translated to a programming language for robot client system using RSEL translator, then the translated source program is compiled and uploaded to robot client system with RPC (Remote Procedure Call) command. A SOMAR client system is easy to be applied to embedded systems of host/target architecture. Moreover it is possible to produce a light-weight URC client robot by reducing workload of RSEL processing engine.

• KIISE Transactions on Computing Practices
• /
• v.22 no.8
• /
• pp.369-374
• /
• 2016

The growing demand of virtual computing and storage resources in the cloud computing environment has led to deduplication of storage system for effective reduction and utilization of storage space. In particular, large reduction in the storage space is made possible by preventing data with identical content as the virtual desktop images from being stored on the virtual desktop infrastructure. However, in order to provide reliable support of virtual desktop services, the storage system must address a variety of workloads by virtual desktop, such as performance overhead due to deduplication, periodic data I/O storms and frequent random I/O operations. In this paper, we designed and implemented a clustered file system to support virtual desktop and storage services in cloud computing environment. The proposed clustered file system provides low storage consumption by means of inline deduplication on virtual desktop images. In addition, it reduces performance overhead by deduplication process in the data server and not the virtual host on which virtual desktops are running.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.11
• /
• pp.51-56
• /
• 2016

In this paper, we propose an Arduino-based plant monitoring system. The proposed system is based on the Arduino platform, using an environmental sensor and a pressure sensor for measuring temperature, humidity and illuminance in order to monitor the state of the environment and the facilities of the plant. Monitoring data are transmitted to a ZigBee coordinator connected to a server through a radio frequency transceiver. When using a pressure sensor and the environment sensor data stored on the host server, checking the pressure in the environment of the plant and equipment is intended to report any alarm status to the administrator. Using a grid line-based key distribution scheme, the authentication node dynamically generates a data key to protect the monitoring information. Applying a ZigBee wireless sensor network does not require additional wiring for the actual implementation of a plant monitoring system. Possible working-environment monitoring of an efficient plant can help analyze the cause of any failure by backtracking the working environment when a failure occurs. In addition, it is easy to expand or add a sensor function using the Arduino platform and an expansion board.

• Journal of KIISE:Databases
• /
• v.27 no.1
• /
• pp.64-78
• /
• 2000

In this paper, we design and implement a system for managing domain specific thesauri, where object-oriented paradigm is applied to thesaurus construction, concept browsing and query-based reference. This system provides an objected-oriented mechanism to assist domain experts in constructing thesauri; it determines a considerable part of relationship degrees between terms by inheritance and supplies domain experts with information available from a thesaurus being constructed This information is especially useful to enforce consistency between the hierarchies of a thesaurus, each constructed by different experts in different sites through cooperation. It may minimize the burden of domain eIn this paper, we design and implement a system for managing domain specific thesauri, where object oriented paradigm is applied to thesaurus construction, concept browsing and query based reference. This system provides an objected mechanism to assist domain experts in constructing thesauri: it determines a considerable part of relationship degrees between terms by inheritance and supplies domain experts with information available from a thesaurus being constructed. This information is especially useful to enforce consistency between the hierarchies of a thesaurus, each constructed by different experts in different sites through cooperation. It may minimize the burden of domain experts caused from the exhaustive specification of individual relationship. This system also provides an abstracted browsing and a query based reference, which allow users to easily verify thesaurus terms before they are used in usual boolean queries. The verification is made by actively searching for them in the thesaurus. Reference queries and abstracted browsing views facilitate this searching. The facility is indispensable especially when precision counts for much.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.1
• /
• pp.124-132
• /
• 2002

In this paper, we present a vision algorithm and method for input image improvement and preprocessing of dented and raised characters on the sidewall of tires. we define optical condition between reflect coefficient and reflectance by the physical vector calculate. On the contrary this work will recognize the engraved characters using the computer vision technique. Tire input images have all most same grey levels between the characters and backgrounds. The reflectance is little from a tire surface. therefore, it's very difficult segment the characters from the background. Moreover, one side of the character string is raised and the other is dented. So, the captured images are varied with the angle of camera and illumination. For optimum Input images, the angle between camera and illumination was found out to be with in 90$^{\circ}$. In addition, We used complex filtering with low-pass and high-pass band filters to improve input images, for clear input images. Finally we define equation reflect coefficient and reflectance. By doing this, we obtained good images of tires for pattern recognition.

• Journal of KIISE:Software and Applications
• /
• v.29 no.7
• /
• pp.436-449
• /
• 2002

This paper describes on our experience of developing the Database Connector as an interconnection method between multimedia database, and the streaming framework. It is possible to support diverse and mature multimedia database services such as retrieval and join operation during the streaming if an interconnection method is provided in between streaming system and multimedia databases. The currently available interconnection schemes, however have mainly used the file systems or the relational databases that are Implemented with separated form of meta data, which deafs with information of multimedia contents, and streaming data which deals with multimedia data itself. Consequently, existing interconnection mechanisms could not come up with many virtues of multimedia database services during the streaming operation. In order to resolve these drawbacks, we propose a novel scheme for an interconnection between streaming framework and multimedia database, called the Inter-Process Communication (IPC) based Database connector, under the assumption that two systems are located in a same host. We define four transaction primitives; Read, Write, Find, Play, as well as define the interface for transactions that are implemented based on the plug-in, which in consequence can extend to other multimedia databases that will come for some later years. Our simulation study show that performance of the proposed IPC based interconnection scheme is not much far behind compared with that of file systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.83-93
• /
• 2009

In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spamming. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this study, we suggest an architecture to detect and regulate botnets using cooperative design which includes modules of gathering network traffics and sharing botnet information between ISPs or nations. Proposed architecture is effective to reveal evasive and world-wide botnets, because it does not depend on specific systems or hardwares, and has broadband cooperative framework.