• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.325-326
• /
• 2020

최근 5G의 영향으로 인터넷에 연결되는 사람과 기기가 더욱 증가하고 있고 새로운 사물인터넷(Internet of Things) 애플리케이션이 가능해짐에 따라 트래픽 양이 급증하고 있다. 그러나 국내의 많은 기업은 이러한 트래픽을 분석하기 위해 고비용의 외산 제품을 이용하고 있다. 그러나 이러한 제품은 네트워크상에서 처리되는 트래픽에 대한 통계 데이터를 저장하고 보여주는 것을 주된 목적으로 사용하고 있을 뿐 패킷을 자세하게 분석하기 어렵다는 단점이 있다. 따라서 본 논문에서는 대용량 트래픽 처리를 위한 효율적인 패킷 처리 엔진을 제안한다. 이 패킷 처리 엔진은 다수의 Core Process를 활용하여 시스템 자원을 최대한 활용할 수 있도록 하고, 멀티 프로세싱을 통하여 각 노드의 작업부하를 균등하게 유지함으로써 작업의 대기시간을 줄이고, 각 작업의 수행 시간을 최소화한다. 본 논문에서 제안하는 대용량 트래픽 처리를 위한 패킷 처리 엔진은 기존의 트래픽 처리를 수행하는 패킷 처리 엔진보다 고성능 컴퓨팅 시스템의 성능 향상 면에서 우수함을 보인다.

• Journal of KIISE:Information Networking
• /
• v.31 no.4
• /
• pp.363-374
• /
• 2004

In this paper, we propose an in-line mode NIDS using network processors(NPs) that achieve performance comparable to ASIC and flexibility comparable to general-purpose processors. Even if many networking applications using NPs have been proposed, we cannot find any NP applications to NIDS in the literature. The proposed NIDS supports packet payload inspection detecting attacks, as well as packet filtering and traffic metering. In particular, we separate the filtering and metering functions from the complicated and time-consuming operations of the deep packet inspection function using two-level searching scheme, thus we can improve the performance, stability, and scalability of In-line mode system. We also implement a proto-type based on a PC platform and the Agere PayloadPlus (APP) 2.5G NP solution, and present a payload inspection algorithm to apply APP NP.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.4
• /
• pp.11-18
• /
• 2012

Deep packet inspection which perform pattern matching to search for malicious patterns in the packet is most computationally intensive task. Hardware-based pattern matching is required for real-time packet inspection in high-speed network. In this paper, we have designed and implemented network intrusion detection hardware as a Microblaze-based SoC using Virtex-6 FPGA, which capture the network input packet, perform hardware-based pattern matching for patterns in the Snort rule, and provide the matching result to the software. We verify the operation of the implemented system using traffic generator and real network traffic. The implemented hardware can be used in network intrusion detection system operated in wire-speed.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.133-141
• /
• 2014

An efficient method for reducing power consumption in pipelined deep packet inspection systems is proposed. It is based on the observation that the number of memory accesses is dominant for the power consumption and the number of accesses drops drastically as the input goes through stages of the pipelined AC-DFA. A DPI system is implemented where the operating frequency of the stages that are not frequently used in the pipeline is reduced to eliminate the waste of power consumption. The power consumption of the proposed DPI system is measured upon various input character set and up to 25% of reduction of total power consumption is obtained, compared to those of the recent DPI systems. The method can be easily applied to other pipelined architecture and string searching applications.

• ETRI Journal
• /
• v.30 no.2
• /
• pp.183-193
• /
• 2008

In this paper, we propose quality of service mechanisms for flow-based routers which have to handle several million flows at wire speed in high-speed networks. Traffic management mechanisms are proposed for guaranteed traffic and non-guaranteed traffic separately, and then the effective harmonization of the two mechanisms is introduced for real networks in which both traffic types are mixed together. A simple non-work-conserving fair queuing algorithm is proposed for guaranteed traffic, and an adaptive flow-based random early drop algorithm is proposed for non-guaranteed traffic. Based on that basic architecture, we propose a dynamic traffic identification method to dynamically prioritize traffic according to the traffic characteristics of applications. In a high-speed router system, the dynamic traffic identification method could be a good alternative to deep packet inspection, which requires handling of the IP packet header and payload. Through numerical analysis, simulation, and a real system experiment, we demonstrate the performance of the proposed mechanisms.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.10
• /
• pp.1994-2005
• /
• 2015

Voice over IP (VoIP) is a technology for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks. Instead of being transmitted over a circuit-switched network, however, the digital information is packetized, and transmission occurs in the form of IP packets over a packet-switched network which consist of several layers of computers. VoIP Service that used the various techniques has many advantages such as a voice Service, multimedia and additional service with cheap cost and so on. But the various frauds arises using VoIP because VoIP has the existing vulnerabilities at the Internet and based on complex technologies, which in turn, involve different components, protocols, and interfaces. According to research results, during in 2012, 46 % of fraud calls being made in VoIP. The revenue loss is considerable by fraud call. Among we will analyze for Toll Bypass Fraud by the SIM Box that occurs mainly on the international call, and propose the measures that can detect. Typically, proposed solutions to detect Toll Bypass fraud used DPI(Deep Packet Inspection) based on a variety of detection methods that using the Signature or statistical information, but Fraudster has used a number of countermeasures to avoid it as well. Particularly a Fraudster used countermeasure that encrypt VoIP Call Setup/Termination of SIP Signal or voice and both. This paper proposes the solution that is identifying equipment of Toll Bypass fraud using those countermeasures. Through feature of Voice traffic analysis, to detect involved equipment, and those behavior analysis to identifying SIM Box or Service Sever of VoIP Service Providers.

• Journal of the Korean Society of Systems Engineering
• /
• v.12 no.2
• /
• pp.101-114
• /
• 2016

A model-based systems engineering (MBSE) approach to implementing hardware-based network cybersecurity controls for APR1400 non-safety data network is presented in this work. The proposed design was developed by implementing packet filtering and deep packet inspection functions to control the unauthorized traffic and malicious contents. Denial-of-Service (DoS) attack was considered as a potential cybersecurity issue that may threaten the data availability and integrity of DCS gateway servers. Logical design architecture was developed to simulate the behavior of functions flow. HDL-based physical architecture was modelled and simulated using Xilinx ISE software to verify the design functionality. For effective modelling process, enhanced function flow block diagrams (EFFBDs) and schematic design based on FPGA technology were together developed and simulated to verify the performance and functional requirements of network security controls. Both logical and physical design architectures verified that hardware-based cybersecurity controls are capable to maintain the data availability and integrity. Further works focus on implementing the schematic design to an FPGA platform to accomplish the design verification and validation processes.

• Journal of Internet Computing and Services
• /
• v.22 no.5
• /
• pp.27-33
• /
• 2021

With the broad adoption of the Internet of Things (IoT) in a variety of scenarios and application services, management and orchestration entities require upgrading the traditional architecture and develop intelligent models with ultra-reliable methods. In a heterogeneous network environment, mission-critical IoT applications are significant to consider. With erroneous priorities and high failure rates, catastrophic losses in terms of human lives, great business assets, and privacy leakage will occur in emergent scenarios. In this paper, an efficient resource slicing scheme for optimizing federated learning in software-defined IoT (SDIoT) is proposed. The decentralized support vector regression (SVR) based controllers predict the IoT slices via packet inspection data during peak hour central congestion to achieve a time-sensitive condition. In off-peak hour intervals, a centralized deep neural networks (DNN) model is used within computation-intensive aspects on fine-grained slicing and remodified decentralized controller outputs. With known slice and prioritization, federated learning communications iteratively process through the adjusted resources by virtual network functions forwarding graph (VNFFG) descriptor set up in software-defined networking (SDN) and network functions virtualization (NFV) enabled architecture. To demonstrate the theoretical approach, Mininet emulator was conducted to evaluate between reference and proposed schemes by capturing the key Quality of Service (QoS) performance metrics.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.180-181
• /
• 2014

서버 하드웨어 성능 향상과 가상화 소프트웨어 기술의 발달로 클라우드 컴퓨팅 환경은 꾸준히 확산되고 있으며, 이에 따라 인터넷 트래픽 또한 대용량화와 집중화가 진행 중이다. 이와 함께, 지속적인 DDoS 공격 및 사이버테러는 전자정부, 금융, 등 모든 조직을 대상으로 꾸준하게 일어나고 있다. 다양한 사이버테러 공격에 대응하고, 대용량 클라우드 서비스 트래픽을 정밀 분석 하는 정책서버 기반의 서비스별/사용자별/그룹별 트래픽 모니터링 및 제어 관리가 필요하다. 본 논문에서 이를 위한 오픈플로우 기반의 고성능 Open DPI(Deep Packet Inspection) 플랫폼 구조를 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1060-1063
• /
• 2012

기존의 네트워크 관문에서 트래픽을 검사하는 장치들은 Application 계층의 데이터를 검사할 수 없어 보안에 한계가 있다. 이를 보완하기 위해 Application 계층까지 패킷을 분석할 수 있는 Deep Packet Inspection (DPI)기술이 개발되어 보안 강화에 사용되고 있다. 하지만 기업에서 DPI 기술을 이용하여 고객의 개인정보를 무단으로 수집 및 이용하면서 DPI 기술에 따른 개인정보 침해가 우려된다, 본 논문에서는 DPI 기술을 통한 사용자 정보 수집 시 개별 사용자의 동의를 받을 수 있는 방안을 제안하며, 이를 통해 DPI 기술에 따른 사용자 개인정보 문제를 해결하고자 한다.