• The KIPS Transactions:PartD
• /
• v.10D no.1
• /
• pp.153-160
• /
• 2003

Recently, deployments of firewalls and NATs ire increasing to provide network security features or to solve the problem of public IP shortage. But, in these environments, peers in different firewall or NAT environments may get limited services because they cannot open direct communicate channels. This can be a significant problem in pure P2P environments where the peers should get or provide services by opening direct channels among themselves. In this paper, we propose a scheme for dynamically selecting a peer that fan be used as a proxy server. The proxy server supports the communication between the peers in different firewall or NAT environments. The proposed scheme is operating system independent and supports bidirectional communication among the peers in P2P environments. Additionally, the proposed scheme can distribute network traffic by dynamically allocating proxy servers to the peers that is not located in the firewall or NAT environments.

• The Journal of the Korea Contents Association
• /
• v.6 no.12
• /
• pp.169-176
• /
• 2006

Since home network system is usually set up based on the built-in system inside home at the time of construction, it has a difficulty in being compatible with new devices after construction. In this paper, we propose DBS(Dynamic Binding System) that can make links effectively among the devices located in inside and outside of home networks. Implementation of the DBS is based on the ZigBee's binding in WPAN(Wireless Personal Area Network). For this research, we constructed the system consisting of home server that contains proxy server and location server, devices inside home in which tinyOS is embedded, and mobile device that is an emulator. The communication inside home is done by IEEE 802.15.4 protocol and the communication between servers and mobile devices outside home is done by TCP/IP protocol. Regardless of device's address format, the DBS facilitates a link among the devices located inside and outside of home networks. And, introducing a new device into home network can be recognized easily by exchanging messages between devices.

• Journal of KIISE:Computing Practices and Letters
• /
• v.5 no.4
• /
• pp.479-488
• /
• 1999

인터넷의 성장과 더불어 수많은 응용시스템들이 인터넷 기반 시스템으로 바뀌고 있다. 특히, 인터넷 기반 전문가시스템은 다양한 구조와 방법으로 설계될 수 있고 이미 제작되었던 수많은 인터넷 기반 전문가시스템들은 그 나름대로의 장단점을 가지고 있다. 본 연구는 특정 전문가시스템의 개발이 아니라 WWW(World Wide Web)을 사용자 인터페이스로 이용할 수 있는 전문가시스템 쉘에 관한 연구이다. 본 시스템은 WWW 하부구조에 대한 의존성을 제거, 클라이언트와 네크워크에 부담 격감, HTML과 부합하는 텍스트에 기초한 통신과 같은 장점 외에 중앙 집중적 다중 사용자 접근 관리 기능을 제공한다. 본 시스템은 다중사용자를 위한 서버/클라이언트 환경 구축을 위해 소켓을 이용하여 큐잉(queueing)과 직렬화(serialization)를 해결하고 비연결 지향적인 WWW의 특성으로 인한 사용자 관리의 어려움은 사용자의 IP 주소와 Timer를 이용한 휴무기간 검사를 이용하여 해결한다.Abstract The growth of internet drives many applications into internet-based systems. Internet-based expert systems can be designed with various concepts and methodologies, and they have their own merits and demerits. This papers is a study on a development of not expert system itself but expert system shell which is able to use WWW(World Wide Web) as user interface. The suggested system supports functions on multiuser management controlled by a server system as well as independence on development environments, minimization of the load for clients and network, and text-based communications such as HTML. The system uses socket, which solves problems of queuing and serialization, in order to construct multiuser server/client environmen and also the system solves the non-connective property of WWW which makes it difficult to control users and processes by using IP address and idle time which is supported by the timer.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2B
• /
• pp.91-97
• /
• 2006

As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1409-1415
• /
• 2013

With the development of Internet communication and the use of a variety of online services has been greatly expanded. Therefore, the importance of authentication techniques for users of online services has increased. The most commonly used methods for user authentication is a technique that utilizes a prearranged password. However, the existing password scheme for authentication must use the same password every time. Therefore, the password being leaked by attackers, it can be used maliciously. In this paper, we proposed the Variable Password Generation Method in Internet Authentication System that generates a new password using information such as the access date, time, and IP address when user logs in. The method proposed in this paper prevents disclosure of personal information due to password exposure and improves the reliability and competitiveness in the field of security systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.25-32
• /
• 2019

In this paper, we propose a method to apply the attack surface expansion through decoy traps to a protected server network. The network consists of a large number of decoys and protected servers. In the network, each protected server dynamically mutates its IP address and port numbers based on Hidden Tunnel Networking that is a network-based moving target defense scheme. The moving target defense is a new approach to cyber security and continuously changes system's attack surface to prevent attacks. And, the attack surface expansion is an approach that uses decoys and decoy groups to protect attacks. The proposed method modifies the NAT table of the protected server with a custom chain and a RETURN target in order to make attackers waste all their time and effort in the decoy traps. We theoretically analyze the attacker success rate for the protected server network before and after applying the proposed method. The proposed method is expected to significantly reduce the probability that a protected server will be identified and compromised by attackers.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.14 no.5
• /
• pp.60-70
• /
• 2018

A software defined storage (SDS) is being deployed in cloud environment to allow multiple users to virtualize physical servers, but a solution for optimizing space efficiency with limited physical resources is needed. In the conventional data deduplication system, it is difficult to deduplicate redundant data uploaded to distributed storages. In this paper, we propose a distributed deduplication method using similarity-based clustering and multi-layer bloom filter. Rabin hash is applied to determine the degree of similarity between virtual machine servers and cluster similar virtual machines. Therefore, it improves the performance compared to deduplication efficiency for individual storage nodes. In addition, a multi-layer bloom filter incorporated into the deduplication process to shorten processing time by reducing the number of the false positives. Experimental results show that the proposed method improves the deduplication ratio by 9% compared to deduplication method using IP address based clusters without any difference in processing time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.15-24
• /
• 2006

Many computer security systems use the signatures of well-known attacks to respond to hackers. For these systems, it is very important to get the accurate signatures of new attacks as soon as possible. For this reason, honeypots and honeypot farms have been actively researched. However, they can only collect a small amount of information because hackers have a strong tendency to directly attack servers of which IP addresses are allocated. In this paper, we propose an unused ports-based decoy system to redirect hackers toward honeypots. This system opens unused ports to lure hackers. All interactions with the unused ports are considered as suspect, because the ports aren't those for real service. Accordingly, every request sent to the unused ports is redirected to a honeypot. Consequently, this system enables honeypots to collect information about hackers attacking real servers other than themselves.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1315-1324
• /
• 2012

Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.