• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.217-224
• /
• 2008

EThis paper is study regarding banking institution and DoS attack regarding government organization which occurred in 2008. We used a tool aggressive actual DoS You install the N-IDS which used Snort in networks in order to detect a DoS attack. Storages of Winpcap and a packet to detect a packet and MySQL, HSC, to analyze. We install NET Framework etc. E-Watch etc. analyzes Packet regarding a DoS attack of a hacker and TCP, UDP etc. information, Port, MAC and IP information etc. through packet analysis tools. There is a meaning you analyze data regarding the cyber DoS, DDoS attack that is dysfunction of Ubiquitous Information Society, and it generates forensics data regarding an invader and back-tracking analysis data, and to ensure safe Internet information system through this paper study.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.2
• /
• pp.143-151
• /
• 2008

74% of Internet users use the UCC, and You Tube using firearms in a crime occurred. Internet crime occurred in the online, non-face transaction, anonymous, encapsulation. In this paper, we are studied a Network Forensic Way and a technique analyze an aspect criminal the Internet haying appeared at Internet UCC, and to chase. Study ID, IP back-tracking and position chase through corroborative facts collections of the UCC which used UCC search way study of the police and a public prosecutor and storage way and network forensic related to crimes of Internet UCC. Proof data encrypt, and store, and study through approach control and user authentication so that they are adopted to legal proof data through integrity verification after transmission and storages. This research via the Internet and criminal conspiracy to block the advance promotion, and for the criminal investigative agencies of the Internet will contribute to the advancement forensics research.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.280-282
• /
• 2004

본 논문은 현재 서비스 발견(SoNics Discovery) 기술로서 각광을 받고 있는 UPnP(Universal Plug and Play)기반의 서비스 활용 및 관리 기능을 적용하기 위한 센서 네트워크 구조를 제안한다. 이를 통해 센서 네트워크 사용자는 수동적인 설정 없이 센서 노드들을 바로 설치 할 수 있으며, 또한 각 센서들이 제공하는 서비스 및 센서 네트워크 전반에 사용될 수 있는 서비스(가령, 컨텍스트 정의 및 활용, 센서 위치 추적, 동기화, 전원 관리 등)를 쉽게 이용할 수 있고, 또한 이하 센서 네트워크 관리도 원활히 할 수 있게 된다. 그러나 TCP/IP 기반에서 동작하는 UPnP는 초소형의 센서 노드에는 적합지 않다. 이에 본 논문에서는 UPnP에 적합하지 않는 초소형의 센서 노드를 위한 브리지 역할 뿐만 아니라, 센서 네트워크 전반의 관리 서비스를 제공하는 BOSS(Brdige Of Sensors)라는 구조를 제안한다.

• Proceedings of the KAIS Fall Conference
• /
• 2006.11a
• /
• pp.180-185
• /
• 2006

자기 유사성(self-similarity)은 다양한 네트워크 환경에서 공통적으로 발생하는 현상인 것으로 정체 제어에서 자기 유사성 트래픽의 장거리 상관 구조를 활용할 가능성과 MTS(Multiple Time Scale) 정체 제어의 프레임워크를 발전시켜, 이 프레임워크가 전송 율 기반 피드백 제어의 성능을 향상시키는 데 시뮬레이션을 통해 트래픽 조건으로 다음과 같이 연구한다. 자기유사성 트래픽 조건에서 3가지 단계로 구성한다. 먼저 TCP의 모듈 형 확장에서 Tahoe, Reno, Vegas등 다양한 버전의 TCP에 적용되는 간단한 인터페이스를 통한 함수 호출을 정의하고, 이것이 성능을 크게 향상시는 것을 입증한다. 두 번째로, 광대역 WAN에서 지연-대역폭의 곱이 높을 경우 더욱 심각해지는 사후 제어의 불확실성 차이를 해소함으로써 MTS TCP가 기반 피드백 제어에 사전성을 부여한다는 것을 입증한다. 세번째는 트래픽 제어의 3가지 차원인, 즉 추적 능력, 연결 지속 기간, 공정성이 성능에 미치는 영향 등을 비교 분석하여 입증한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.633-636
• /
• 2008

디지털 핑거프린팅(Digital Fingerprinting) 기술은 워터마킹(Watermarking)기술의 한 분야로 콘텐츠에 구매자의 정보를 인지할 수 없는 방법으로 삽입한다는 측면에서 저작권을 위한 판매자의 정보를 삽입하는 워터마킹과 구분된다. 핑거프린팅 기술에서는 주로 구매자의 정보를 삽입하기 때문에 콘텐츠를 처음으로 유포한 구매자를 역 추적할 수 있는 기능(trace traitor)을 제공하는데 본 논문에서는 저작권 보호에 주된 초점이 맞춰져 있는 워터마크 기술을 응용, 핑거프린팅 기법을 사용하여 웹 서버를 통하여 핑거프린팅 기술의 조건을 충족시키는 방법으로 정보를 삽입하여 보여 지는 웹 페이지의 변화없이 판매자가 아닌 구매자(사용자)의 IP정보를 전송할 수 있는 알고리즘을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.285-288
• /
• 2010

Chinese hackers hack the e-commerce site by bypass South Korea IP to connect to the third country, finance damaging a violation incident that fake account. 7.7.DDoS attack was the case of a hacker attack that paralyzed the country's main site. In this paper, the analysis is about vulnerabilities that breaches by hackers and DDoS attacks. Hacker's attacks and attacks on the sign of correlation analysis is share the risk rating for in real time, Red, Orange, Yellow, Green. Create a blacklist of hackers and real-time attack will be studied security and air conditioning systems that attacks and defend. By studying generate forensic data and confirmed in court as evidence of accountability through IP traceback and detection about packet after Incident, contribute to the national incident response and development of forensic techniques.

• The Journal of the Korea Contents Association
• /
• v.8 no.6
• /
• pp.54-65
• /
• 2008

When DDoS attack is achieved, malicious host discovering is more difficult on wireless network than existing wired network environment. Specially, because wireless network is weak on wireless user authentication attack and packet spoofing attack, advanced technology should be studied in reply. Integrated Access Device (IAD) that support VoIP communication facility etc with wireless routing function recently is developed and is distributed widely. IAD is alternating facility that is offered in existent AP. Therefore, advanced traffic classification function and real time attack detection function should be offered in IAD on wireless network environment. System that is presented in this research collects client information of wireless network that connect to IAD using AirSensor. And proposed mechanism also offers function that collects the wireless client's attack packet to monitoring its legality. Also the proposed mechanism classifies and detect the attack packet with W-TMS system that was received to IAD. As a result, it was possible for us to use IAD on wireless network service stably.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.6
• /
• pp.1056-1063
• /
• 2008

This paper describes an efficient design of a multi-standard Viterbi decoder that supports multiple constraint lengths and code rates. The Viterbi decoder is parameterized for the code rates 1/2, 1/3 and constraint lengths 7,9, thus it has four operation nodes. In order to achieve low hardware complexity and low power, an efficient architecture based on hardware sharing techniques is devised. Also, the optimization of ACCS (Accumulate-Subtract) circuit for the one-point trace-back algorithm reduces its area by about 35% compared to the full parallel ACCS circuit. The parameterized Viterbi decoder core has 79,818 gates and 25,600 bits memory, and the estimated throughput is about 105 Mbps at 70 MHz clock frequency. Also, the simulation results for BER (Bit Error Rate) performance show that the Viterbi decoder has BER of $10^{-4}$ at $E_b/N_o$ of 3.6 dB when it operates with code rate 1/3 and constraints 7.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.1
• /
• pp.65-75
• /
• 2005

Measurement of network traffic have shown that the self-similarity is a ubiquitous phenomenon spanning across diverse network environments. In previous work, we have explored the feasibility of exploiting the long-range correlation structure in a self-similar traffic for the congestion control. We have advanced the framework of the multiple time scale congestion control and showed its effectiveness at enhancing performance for the rate-based feedback control. Our contribution is threefold. First, we define a modular extension of the TCP-a function called with a simple interface-that applies to various flavours of the TCP-e.g., Tahoe, Reno, Vegas and show that it significantly improves performance. Second, we show that a multiple time scale TCP endows the underlying feedback control with proactivity by bridging the uncertainty gap associated with reactive controls which is exacerbated by the high delay-bandwidth product in broadband wide area networks. Third, we investigate the influence of the three traffic control dimensions-tracking ability, connection duration, and fairness-on performance.