• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.1
• /
• pp.38-45
• /
• 2017

Attacking of computer and network is increasing as information processing technology heavily depends on computer and network. To prevent the attack of system and network, host and network based intrusion detection system has developed. But previous rule based system has a lot of difficulties. For this reason demand for developing a intrusion detection system which detects and cope with the attack of system and network resource in real time. In this paper we develop a real time intrusion detection system which is combination of APEX and LS-SVM classifier. Proposed system is for nonlinear data and guarantees convergence. While real time processing system has its advantages, such as memory efficiency and allowing a new training data, it also has its disadvantages of inaccuracy compared to batch way. Therefore proposed real time intrusion detection system shows similar performance in accuracy compared to batch way intrusion detection system, it can be deployed on a commercial scale.

• Journal of the Korean Institute of Telematics and Electronics C
• /
• v.35C no.6
• /
• pp.9-19
• /
• 1998

RAID technology that provides the disk I/O system with high performance and high availability is essential for OLTP server. This paper describes the design and implementation of the HIPSS RAID system that has been developed for the SPAX OLTP server. HIPSS has the following design objectives: high performance, high availability, standardization and modularization of external interface, and ease of maintenance. It guarantees high performance by providing 10 independent I/O channels, large data cache, and parity calculation engine. Hardware modularization of the host interface makes it easy to replace host interface hardware module. By providing dual power supply, dual array controller, and disk hot swapping, it provides the system with high availability Implementation of HIPSS and integration test on SPAX has been completed and performance measurement on HIPSS is now going on. In this paper, we provide the detail description for HIPSS system architecture and the implementation results.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.4
• /
• pp.319-324
• /
• 2018

In this paper, we designed and implemented a code conversion method between ISO/IEC 10646 and the multi-byte code set. The Universal Multiple-Octet Coded Character Set(UCS) provides codes for more than 65,000 characters, huge increase over ASCII's code capacity of 128 characters. It is applicable to the representation, transmission, interchange, processing, storage, input and presentation of the written form of the language throughout the world. Therefore, it is so important to guide on code conversion methods to their customers during customer systems are migrated to the environment which the UCS code system is used and/or the current code systems, i.e., ASCII PC code and EBCDIC host code, are used with the UCS together. Code conversion utility including the mapping table between the UCS and IBM new host code is shown for the purpose of the explanation of code conversion algorithm and its implementation in the system. The programs are successfully executed in the real system environments and so can be delivered to the customer during its migration stage from the UCS to the current IBM code system and vice versa.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.71-79
• /
• 2009

Currently much research is being done on host based intrusion detection using system calls which is a portion of kernel based data. Sequence based and frequency based preprocessing methods are mostly used in research for intrusion detection using system calls. Due to the large amount of data and system call types, it requires a significant amount of preprocessing time. Therefore, it is difficult to implement real-time intrusion detection systems. Despite this disadvantage, the frequency based method which requires a relatively small amount of preprocessing time is usually used. This paper proposes an effective method for detecting denial of service attacks using the frequency based method. Principal Component Analysis(PCA) will be used to select the principle system calls and a bayesian network will be composed and the bayesian classifier will be used for the classification.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.7
• /
• pp.462-475
• /
• 2007

The Embedded system provides human-centric services in many fields of education, information, industry and service, and monitoring programs have been variously developed for managing, controlling and testing for these embedded systems. Currently, many kernel trace toolkits are being used for monitoring. These trace toolkits are so complicate that we present $ETT^{plus}$, our simple and explicit embedded kernel trace toolkit, for embedded systems and describe the transmission method for trace data between the embedded target system and the host system. $ETT^{plus}$ provides the solution to solve the problems such as the difficult kernel patch and file system dependency in existing kernel trace toolkits like LTT. Furthermore, we present the experimental results about embedded system performance evaluations such as system call execute time or network data transmission time by using $ETT^{plus}$.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• The KIPS Transactions:PartA
• /
• v.12A no.3 s.93
• /
• pp.253-262
• /
• 2005

Local accounting system used by UNIX-like operating system provides the accounting information of processes that are in single host. But it is impossible for this local accounting system to record the total resource consumption data of all processes for doing the same job simultaneously. In this paper, we implement accounting system to measure and manage resource usage for MPI(Message Passing Interface) job in the clustering environment. We designed and implemented the accounting system which measure resource usage of each process runs on a cluster node and record the interconnection information of the entire set of processes across network. Also we implemented accounting system which collect the resource usage data of process in the local accounting system and generate the job-level accounting information. Finally, to evaluate the resource consumption data measured by this accounting system we compare with the data collected by local scheduler that widely used in large scale clustering environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.11
• /
• pp.2341-2348
• /
• 2009

An intrusion detection technique based on host consider system call sequence or system call arguments. These two ways are suitable when system call sequence or order and length of system call arguments are out of order. However, there are two disadvantages which a false positive rate and a false negative rate are high. In this paper we propose the T-N2SCD detection model based on Time Window in order to reduce false positive rate and false negative rate. Data for using this experiment is provided from DARPA. As experimental results, the proposed model showed that the false positive rate and the false negative rate are lowest at an interval of 1000ms than at different intervals.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4B
• /
• pp.403-410
• /
• 2004

In general communication system is composed of processor subsystems, I/O processor subsystems and data storage device subsystems those are classified as their functions. In order to improve the data reliability, all subsystems are redundant. Storage device keeps the operational information such as system related information and charging information, and such informations must be stored in non-volatile memory. Flash memory and battery backup memory are commonly used as the non-volatile storage devices. But such kind of memories are expensive per unit capacity and data can't be restored when lost while not being backed up. In this paper we develop a redundant storage device to store a lot of data safely and reliably in communication system. The device consists of micro-controller, FPGA and hard disk It provides many functions those are rebuilding, automatic remapping, host service and remote host service. Also it is designed to provide host service while rebuilding is being done in order not to interrupt the communication services. The developed device can be used instead of expensive storage device like flash memory in various communication systems.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.865-874
• /
• 2005

The information stored in the computer system needs to be protected from unauthorized access, malicious destruction or alteration and accidental inconsistency. In this paper, we propose an intrusion detection system based on sensor concept for defecting and preventing malicious attacks We use software sensor objects which consist of sensor file for each important directory and sensor data for each secret file. Every sensor object is a sort of trap against the attack and it's touch tan be considered as an intrusion. The proposed system is a new challenge of setting up traps against most interception threats that try to copy or read illicitly programs or data. We have implemented the proposed system on the Linux operating system using loadable kernel module technique. The proposed system combines host~based detection approach and network-based one to achieve reasonably complete coverage, which makes it possible to detect unknown interception threats.