• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.688-690
• /
• 1999

오늘날 통신 환경에서 널리 사용되고 있는 TCP는 유선망과 고정된 호스트로 이루어진 전통적인 네트워크에 적합하여 유선망의 특성을 적용한 것이기 때문에, 무선 구간의 제한된 대역폭, 높은 지연, 산발적인 비트 에러, 일시적인 연결 두절 및 핸드오프 등과 같은 특징을 가진 특성상 유선망과는 상이한 무선망에 이를 그대로 적용하게 되면 오히려 불필요한 메커니즘의 호출로 인해 End-to-End Throughput의 성능 저하를 가져온다. 이러한 무선망에서 발생되는 핸드오프로 인해 TCP 성능이 저하되는 것을 방지하기 위한 방안으로 핸드오프 과정 동안 무선 구간에서 발생되는 패킷 손실로 인한 고정 호스트 재전송 타이머의 타임아웃과 불필요한 혼잡제어 절차의 수행에 따른 성능감소를 미연에 방지하기 위한 방안으로 핸드오프가 발생했을 때 핸드오프를 가장 먼저 알게 되는 이동 호스트가 ICMP(Internet Control Message Protocol) 형태의 EHN(Explicit Handoff Notification) 패킷을 고정 호스트에 전송하여 새로운 기지국과 고정 호스트에 핸드오프의 시작을 명시적으로 알림으로써 핸드오프 과정 동안에 발생되는 고정 호스트 재전송 타이머의 타임아웃과 혼잡제어 절차를 강제로 일어나지 않게 하여 기지국에서의 부하를 감소하게 할 수 있는 새로운 방식의 EHN 알고리즘을 제안한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.2
• /
• pp.59-65
• /
• 2012

Emergency medical information center performs role of medical direction about disease consult and pre-hospital emergency handling scheme work to people. Emergency medical information system plays a major role to be decreased mortality and disability of emergency patient by providing information of medical institution especially when emergency patient has appeared. But, various attacks as a hacking have been happened in Emergency medical information system recently. In this paper, we proposed security structure which can protect the system securely by detecting attacks from outside effectively. Intrusion detection was performed using rule based detection technique according to protocol for every packet to detect attack and intrusion was reported to control center if intrusion was detected also. Intrusion detection was performed again using decision tree for packet which intrusion detection was not done. We experimented effectiveness using attacks as TCP-SYN, UDP flooding and ICMP flooding for proposed security structure in this paper.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.170-178
• /
• 2024

Through the growth of the fifth-generation networks and artificial intelligence technologies, new threats and challenges have appeared to wireless communication system, especially in cybersecurity. And IoT networks are gradually attractive stages for introduction of DDoS attacks due to integral frailer security and resource-constrained nature of IoT devices. This paper emphases on detecting DDoS attack in wireless networks by categorizing inward network packets on the transport layer as either "abnormal" or "normal" using the integration of machine learning algorithms knowledge-based system. In this paper, deep learning algorithms and CNN were autonomously trained for mitigating DDoS attacks. This paper lays importance on misuse based DDOS attacks which comprise TCP SYN-Flood and ICMP flood. The researcher uses CICIDS2017 and NSL-KDD dataset in training and testing the algorithms (model) while the experimentation phase. accuracy score is used to measure the classification performance of the four algorithms. the results display that the 99.93 performance is recorded.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.253-264
• /
• 2003

This paper presents the analytic model of Distributed Denial-of-Service (DDoS) attacks in two settings: the normal Web server without any attack and the Web server with DDoS attacks. In these settings, we measure TCP flag rate, which is expressed in terms of the ratio of the number of TCP flags, i.e., SYN, ACK, RST, etc., packets over the total number of TCP packets, and Protocol rate, which is defined by the ratio of the number of TCP (UDP or ICMP) packets over the total number of W packets. The experimental results show a distinctive and predictive pattern of DDoS attacks. We wish our approach can be used to detect and prevent DDoS attacks.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2004.10a
• /
• pp.619-622
• /
• 2004

For recent years, hacking is in the trends of making excessive traffic unnecessarily to obstruct the service by getting a system's performance down. And we can also see systems paralyzed in service ability due to the flash crowds of normal traffic to a popular website. This is an important problem certainly solved in the point of QoS guarantee for the clients. It is known that the former is DDoS(Distributed Denial of Service) attack and the latter is FE(Flash Event). These two are samely anomalous traffic because these make excessive congestion on the network or system and downgrade the system's service ability. In this paper, we propose a scheme for protecting the system against anomalous traffic and for guaranteeing the QoS. For this, a server records and maintains the information of clients accessed more than one time before when it is in normal condition. When it falls into the congestion, the records are used for filtering the spoofed IP. We send and receive the ICMP request/reply packet to know whether the IP is spoofed. And we also propose for applying the object spliting of CDN to guarantee the QoS in the initial FE situation.

• Research in Plant Disease
• /
• v.27 no.2
• /
• pp.70-75
• /
• 2021

The abnormal brown sunken lesions were observed on cv. RubyS apple fruits in an orchard located in Gunwi, Gyeongbuk province, Korea. The primary observed symptoms such as small round sunken lesions and small black dots on the symptomatic area were different from the reported apple diseases. The affected apple fruits were sampled and subjected to isolation of the causal agent. Cultural and morphological characteristics of isolated fungal strain, designated KNUF-20GWA4, were similar to that of Colletotrichum spp. Based on multilocus sequence analyses using internal transcribed spacer regions and partial sequences of β-tubulin, glyceraldehyde-3-phosphate dehydrogenase, chitin synthase, and actin genes, strain KNUF-20GWA4 showed 99.2-100% similarities with C. aenigma ICMP 18608 and the isolate clustered together with several other strains of this species in the phylogenetic tree. To our knowledge, this is the first report of bitter rot on apple fruits caused by C. aenigma.

• Journal of Applied Biological Chemistry
• /
• v.65 no.3
• /
• pp.159-166
• /
• 2022

Epicoccum nigrum produces epipyrone A (orevactaene), a yellow polyketide pigment. Its biosynthetic gene cluster was previously characterized in E. nigrum KACC 40642. The YES liquid culture of this strain revealed high-level production of epicoccamide (EPC), with an identity that was determined using liquid chromatography-mass spectrometry analysis and molecular mass search using the SuperNatural database V2 webserver. The production of EPC was further confirmed by compound isolation and nuclear magnetic resonance spectroscopy. EPC is a highly reduced polyketide with tetramic acid and mannosyl moieties. The EPC structure guided us to localize the hypothetical EPC biosynthetic gene cluster (BGC) in E. nigrum ICMP 19927 genome sequence. The BGC contains genes encoding highly reducing (HR)-fungal polyketide synthase (fPKS)-nonribosomal peptide synthetase (NRPS), glycosyltransferase (GT), enoylreductase, cytochrome P450, and N-methyltrasnferase. Targeted inactivation of the HR-fPKS-NRPS and GT genes abolished EPC production, supporting the successful localization of EPC BGC. This study provides a platform to explore the hidden biological activities of EPC, a bolaamphiphilic compound.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.161-164
• /
• 2005

As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.35-45
• /
• 2004

In explosively increasing internet environments, information security is one of the most important consideration. Nowadays, various security solutions are used as such problems countermeasure; IDS, Firewall and VPN. However, basically internet has much vulnerability of protocol itself. Specially, it is possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledge number, timestamp and so on. In this Paper, we focus cm the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, we used Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using Support Vector Machine.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.10
• /
• pp.101-110
• /
• 2009

The 6LoWPAN(IPv6 Low-power Wireless Personal Area Network) performs IPv6 header compression, TCP/UDP/IGMP header compression, packet fragmentation and re-assemble to transmit IPv6 packet over IEEE 802,15.4 MAC/PHY. However, from the point of view of security. It has the existing security threats issued by IP packet fragmenting and reassembling, and new security threats issued by 6LoWPAN packet fragmenting and reassembling would be introduced additionally. If fragmented packets are retransmitted by replay attacks frequently, sensor nodes will be confronted with the communication disruption. This paper analysis security threats introduced by 6LoWPAN fragmenting and reassembling, and proposes a re-transmission mechanism that could minimize re-transmission to be issued by replay attacks. Re-transmission procedure and fragmented packet structure based on the 6LoWPAN standard(RFC4944) are designed. We estimate also re-transmission delay of the proposed mechanism. The mechanism utilizes timestamp, nonce, and checksum to protect replay attacks. It could minimize reassemble buffer overflow, waste of computing resource, node rebooting etc., by removing packet fragmentation and reassemble unnecessary.