• Journal of KIISE:Information Networking
• /
• v.37 no.4
• /
• pp.255-262
• /
• 2010

Recently, automated signature generation systems(ASGSs) have been developed in order to cope with zero-day attacks with malicious codes exploiting vulnerabilities which are not yet publically noticed. To enhance the usefulness of the signatures generated by (ASGSs) it is essential to identify signatures only with the high accuracy of intrusion detection among a number of generated signatures and to provide them to target security systems in a timely manner. This automated signature exchange, distribution, and update operations have to be performed in a secure and universal manner beyond the border of network administrations, and also should be able to eliminate the noise in a signature set which causes performance degradation of the security systems. In this paper, we present a system architecture to support the identification of high quality signatures and to share them among security systems through a scheme which can evaluate the detection accuracy of individual signatures, and also propose a set of algorithms dealing with exchanging, distributing and updating signatures. Though the experiment on a test-bed, we have confirmed that the high quality signatures are automatically saved at the level that the noise rate of a signature set is reduced. The system architecture and the algorithm proposed in the paper can be adopted to a automated signature sharing framework.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.615-622
• /
• 2013

Fast and accurate signature extraction is essential to improve the performance of the payload signature-based traffic analysis methods. However the slow manual process in extracting signatures make difficult to deal with the rapidly changing application in current Internet environment. Therefore, in this paper we propose a system automatically generating signatures from ground-truth traffic data. In addition, we improve the efficiency of signature extraction by recognizing the application protocol using a protocol filters and generating signatures automatically according to the application-specific protocol contents. In order to verify the validity of the system proposed in this paper, we compared the signatures automatically generated from our system with the signatures manually created for a few popular applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1572-1593
• /
• 2018

The diversity and fast growth of Internet traffic volume are highly influenced by mobile and computer applications being developed. Moreover, the developed applications are too dynamic to be identified and monitored by network administrators. Several approaches have been proposed to identify network applications, however, are still not robust enough to identify modern applications. This paper proposes both, TSA (Traffic collection, Signature generation and Applications identification) system and a derived algorithm so called CSP (Contiguous Sequential Patterns) to identify applications for management and security in IP networks. The major focus of this paper is the CSP algorithm which is automated in two modules (Signature generation and Applications identification) of the proposed system. The proposed CSP algorithm generates DNA-like unique signatures capable of identifying applications and their individual services. In this paper, we show that the algorithm is suitable for generating efficient signatures to identify applications and application services in high accuracy.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.98-107
• /
• 2017

In these days, the increase of applications that highly use network resources has revealed the limitations of the current research phase from the traffic classification for network management. Various researches have been conducted to solutions for such limitations. The representative study is automatic finding of the common pattern of traffic. However, since the study of automatic signature generation is a semi-automatic system, users should collect the traffic. Therefore, these limitations cause problems in the traffic collection step leading to untrusted accuracy of the signature verification process because it does not contain any of the generated signature. In this paper, we propose an automated traffic collection, signature management, signature generation and signature verification process to overcome the limitations of the automatic signature update system. By applying the proposed method in the campus network, actual traffic signatures maintained the completeness with no false-positive.

• Journal of Internet of Things and Convergence
• /
• v.7 no.2
• /
• pp.7-12
• /
• 2021

Wisdom Contents are created with experiences and ideas of multiple authors, and consumed in Internet based Social Network Services that are not subjected to regional restrictions. Existing copyright management systems are designed for the protection of professional authors' rights, and effective in domestic area. On the contrary, the blockchain protocol is subjected to the service and the block is added by the consensus of participating nodes. If the data is stored to the blockchain, it cannot be modified or deleted. In this paper, we propose the blockchain based undeniable multi-signature scheme for the protection of multiple authorship on Wizdom Contents. The proposed scheme is consisted of co-authors' common public key generation, multi-signature generation and verification protocols. In the undeniable signature scheme, the signature cannot be verified without help of the signer. The proposed scheme is best suited to the contents purchase protocol. All co-authors cannot deny the fairness of the automated profit distribution through the verification of multiple authorship on Wizdom Contents.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.7
• /
• pp.1821-1841
• /
• 1997

This paper presents an automated protocol conformance test sequence generation based on formal methods for LOTOS specification by using and applying many existing related algorithms and technique, such as the testing framework, Rural Chinese Postman tour concepts. We use the state-transition graphs obtained from LOTOS specifications by means of the CAESAR tool. This tool compiles a specification written in LOTOS into an extended Petri net, from which a transition graph of a event finite-state machine(EvFSM) including data is generated. A new characterizing sequence(CS), called Unique Event sequence(UE sequence) is defined. An UE sequence for a state is a sequence of accepted gate events that is unique for this state. Some experiences about UE sequence, partial UE sequence and signature are also explained. These sequences are combined with the concept of the Rural Chinese Postman Tour to obtain an optimal test sequence which is a minimum cost tour of the reference transition graph of the EvFSM. This paper also presents a fault coverage estimation experience of an automated method for optimized test sequences generation and the translation of the test sequence obtained by using our tool to TTCN notation are also given. A prototype of the proposed framework has been built with special attention to real application in order to generated the executable test cases in an automatic way. This formal method on conformance testing can be applied to the protocols related to IN, PCS and ATM for the purpose of verifying the correctness of implementation with respect to the given specification.