• KNOM Review
• /
• v.24 no.2
• /
• pp.13-23
• /
• 2021

Recently, as networks become more complex due to the activation of IoT devices, research on long-term traffic prediction beyond short-term traffic prediction is being activated to predict and prepare for network congestion in advance. The recursive strategy, which reuses short-term traffic prediction results as an input, has been extended to multi-step traffic prediction, but as the steps progress, errors accumulate and cause deterioration in prediction performance. In this paper, an LSTM-based multi-step traffic prediction method using a multi-output strategy is introduced and its performance is evaluated. As a result of experiments based on actual DNS request traffic, it was confirmed that the proposed LSTM-based multiple output strategy technique can reduce MAPE of traffic prediction performance for non-stationary traffic by 6% than the recursive strategy technique.

• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.53-59
• /
• 2019

As the number of harmful sites increases, many social problems are occurring. Therefore, in order to solve this problem, the government is carrying out activities to block access to web sites to harmful sites based on the law. However, due to the change from HTTP to HTTPS protocol, it has become difficult to block the harmful sites in the existing method. In the existing HTTP protocol, a method of blocking the site corresponding to the harmful site domain list by utilizing the DNS information was used. However, due to the generalization of HTTPS, it is difficult to block the harmful sites in the existing method. Therefore, the ISP uses the method of blocking the website using the SNI field in the TLS (Transport Layer Security) Handshake protocol used for HTTPS. However, since the method using SNI field raises the concern of monitoring Internet users or exposing information about connected sites, in this paper, we proposed method which can support anonymity to Internet users while blocking harmful sites. The suggested method also can support integrity and source authentication to the transmitted data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.11
• /
• pp.4310-4330
• /
• 2020

With the continuous emergence of new applications and cyberattacks and their frequent updates, the need for automatic protocol reverse engineering is gaining recognition. Although several methods for automatic protocol reverse engineering have been proposed, each method still faces major limitations in extracting clear specifications and in its universal application. In order to overcome such limitations, we propose an automatic protocol reverse engineering method using a two-pathway model based on a contiguous sequential pattern (CSP) algorithm. By using this model, the method can infer both command-oriented protocols and non-command-oriented protocols clearly and in detail. The proposed method infers all the key elements of the protocol, which are syntax, semantics, and finite state machine (FSM), and extracts clear syntax by defining fine-grained field types and three types of format: field format, message format, and flow format. We evaluated the efficacy of the proposed method over two non-command-oriented protocols and three command-oriented protocols: the former are HTTP and DNS, and the latter are FTP, SMTP, and POP3. The experimental results show that this method can reverse engineer with high coverage and correctness rates, more than 98.5% and 99.1% respectively, and be general for both command-oriented and non-command-oriented protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.20 no.1
• /
• pp.37-50
• /
• 2016

A large eddy simulation (LES) of a turbulent channel flow is performed by using the third order low-storage Runge-Kutta method in time and second order finite difference formulation in space with staggered grid at a Reynolds number, $Re_{\tau}=590$ based on the channel half width, ${\delta}$ and wall shear velocity, $u_{\tau}$. To reduce the calculation cost of LES, algebraic wall model (AWM) is applied to approximate the near-wall region. The computation is performed in a domain of $2{\pi}{\delta}{\times}2{\delta}{\times}{\pi}{\delta}$ with $32{\times}20{\times}32$ grid points. Standard Smagorinsky model is used for subgrid-scale (SGS) modeling. Essential turbulence statistics of the flow field are computed and compared with Direct Numerical Simulation (DNS) data and LES data using no wall model. Agreements as well as discrepancies are discussed. The flow structures in the computed flow field have also been discussed and compared with LES data using no wall model.

• 한국전산유체공학회:학술대회논문집
• /
• 2004.03a
• /
• pp.166-171
• /
• 2004

Direct numerical simulations are peformed to investigate the physics of a spatially developing turbulent boundary layer flow suddenly subjected to spanwise oscillating electro-magnetic forces in the near-wall region. The Reynolds number based on the inlet momentum thickness and free-stream velocity is $Re_\theta=300$. A fully-implicit fractional step method is employed to simulate the flow. The mean flow properties and the Reynolds stresses are obtained to analyze the near-wall turbulent structure. It is found that skin-friction and turbulent kinetic energy can be reduced by the electro-magnetic forces. Instantaneous flow visualization techniques are used to observe the response of streamwise vortices to spanwise oscillating forces. The near-wall vortical structures are clearly affected by spanwise oscillating electro-magnetic forces.

• International Journal of Safety
• /
• v.1 no.1
• /
• pp.18-23
• /
• 2002

A mixture fraction formulation is used to numerically simulate the structure of diluted axisymmetric methane-air nonpremixed counterflow flames. The effects of global strain rate and gravity wert! investigated and results were compared. Fuel of a mixture of 20% methane and 80% nitrogen by volume and oxidizer of pure air at low and moderate global strain rates $a_g= 20, 40, 80 s^{-1}$ in normal and zero gravity were computed. It is shown that the numerical method is capable of predicting the structure of counterflow flames in normal and microgravity environments at low and moderate global strain rates.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.811-813
• /
• 2004

IPv6는 IPv4 기반의 인터넷의 주소고갈과 새로운 부가 기능 등의 필요성 때문에 IETF에서 IPv4를 대체하기 위해 채택 된 프로토콜이다. 하지만 IPv4를 어느 한순간에 IPv6로 대체하는 것은 불가능하기 때문에 기존 IPv4와의 호환 및 연동을 위한 여러 메커니즘이 연구되었다. 그 중 NAT-PT(Network Address Translation-Protocol Translation)는 IPv4/IPv6 헤더 변환기술을 적용한 대표적인 변환 메커니즘이며, IP 패킷을 통과하는 망의 IP버전에 맞게 변환 시켜서 전송하는 방식이다. 그러나 모든 패킷들이 하나의 NAT-PT 노드로 집중되므로 병목현상이 발생하며, 이로 인해 성능저하가 발생한다. 본 논문은 NAT-PT 병목현상을 줄이기 위한 방안으로 DNS-ALG 기반된 서버를 이용하여 다중 NAT-PT를 사용한 방법을 제안한다.

• International Journal of Aeronautical and Space Sciences
• /
• v.7 no.2
• /
• pp.155-174
• /
• 2006

Parabolized stability equations for compressible flows in general curvilinear coordinate system are derived to deal with a broad range of transition prediction problems on complex geometry. A highly accurate finite difference PSE code has been developed using an implicit marching procedure. Compressible and incompressible flat plate flow stability under two-dimensional and three¬dimensional disturbances has been investigated to test the present code. Results of the present computation are found to be in good agreement with the multiple scale analysis and DNS data. Stability calculation results by the present PSE code for compressible boundary layer at Mach numbers ranging from 0.02 to 1.5 are also presented and are again seen to be as accurate as the spectral method.