• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.6B
• /
• pp.433-442
• /
• 2012

We have proposed a solution to multicast services and an advanced quality of service (QoS) mechanism on a packet transport system (PTS) based on PBB-TE. The point-to-multipoint (PtMP) connection in the PBB-TE system have been realized by grouping point-to-point (PtP) PTL trunks and mapping a BSI onto the PtP PTL trunks using a multicast backbone destination address. To provide end-to-end QoS of the PtMP services, the hierarchical QoS scheme for backbone service instances and connection-oriented paths has been implemented in the PTS. For providing different capabilities for service selection and priority selection, the PTS offers to customers three basic types of the port-based, C-tagged, and S-tagged service interface defined by the IEEE 802.1ah. To offer to customers different capabilities of the layer 3 applications and services, moreover, an IP-flow service interface have been added. In order to evaluate traffic performance for PtMP services in the PTS, the PtMP throughputs for the link capacity of 1 Gbps at the four service interfaces were measured in the leaves of the ingress edge node, the transit node, and the egress edge node. The throughputs were about 96 % because the B-MAC overhead of 22 bytes occupies 4% of the 512-byte packet. The QoS performance is ability to guarantee an application or a user a required bandwidth, and could be evaluated by the accuracy of policing or shaping. The accuracy of the policing scheme and the accuracy of the shaping scheme were 99% and 99.3% respectively.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.51-56
• /
• 2005

Service operating management to keep stable and effective environment according as user increase and network environment of the Internet become complex gradually and requirements of offered service and user become various is felt constraint gradually. To solve this problem, invasion confrontation system through proposed this log analysis can be consisted as search of log file that is XML's advantage storing log file by XML form is easy and fast, and can have advantage log files of system analyze unification and manages according to structure anger of data. Also, created log file by Internet Protocol Address sort by do log and by Port number sort do log, invasion type sort log file and comparative analysis created in other invasion feeler system because change sort to various form such as do log by do logarithm, feeler time possible.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.7B
• /
• pp.706-718
• /
• 2002

In bluetooth system, there are two kinds of interference. One is the frequency static interference, for example 802.11 direct sequence, the interferer uses fixed frequency band. Another is frequency dynamic interference, for example other piconets or 802.11 frequency hopping, the interferer uses dynamic frequency channel and cant be estimated. In this paper we introduce a novel solution of hybrid method of Listen-Before-Talk (LBT) and Adaptive Frequency Hopping (AFH) to address the coexistence of bluetooth and Direct Sequence of wireless local area network (WLAN). Before any bluetooth packet transmission, in the turn around time of the current slot, both the sender and receiver sense the channel whether there is any transmission going on or not. If the channel is busy, packet transmission is withdrawn until another chance. This is the LBT in Bluetooth. Because of asymmetry sense ability of WLAN and bluetooth, AFH is introduced to combat the left front-edge packet collisions. In monitor period of AFH, LBT is performed to label the channels with static interference. Then, all the labeled noisy channels are not used in the followed bluetooth frequency hopping. In this way, both the frequency dynamic and frequency static interference are effectively mitigated. We evaluate the solution through packet collision analysis and a detail realistic simulation with IP traffic. It turns out that the hybrid method can combat both the frequency dynamic and frequency static interference. The packet collision analysis shows it almost doubles the maximal system aggregate throughput. The realistic simulation shows it has the least packet loss.

• Journal of Communications and Networks
• /
• v.12 no.1
• /
• pp.74-85
• /
• 2010

For the purpose of compromising hosts, attackers including infected hosts initially perform a portscan using IP addresses in order to find vulnerable hosts. Considerable research related to portscan detection has been done and many algorithms have been proposed and implemented in the network intrusion detection system (NIDS). In order to distinguish portscanners from remote hosts, most portscan detection algorithms use a fixed threshold that is manually managed by the network manager. Because the threshold is a constant, even though the network environment or the characteristics of traffic can change, many false positives and false negatives are generated by NIDS. This reduces the efficiency of NIDS and imposes a high processing burden on a network management system (NMS). In this paper, in order to address this problem, we propose an automatic portscan detection system using an fast increase slow decrease (FISD) scheme, that will automatically and adaptively set the threshold based on statistical data for traffic during prior time periods. In particular, we focus on reducing false positives rather than false negatives, while the threshold is adaptively set within a range between minimum and maximum values. We also propose a new portscan detection algorithm, rate of increase in the number of failed connection request (RINF), which is much more suitable for our system and shows better performance than other existing algorithms. In terms of the implementation, we compare our scheme with other two simple threshold estimation methods for an adaptive threshold setting scheme. Also, we compare our detection algorithm with other three existing approaches for portscan detection using a real traffic trace. In summary, we show that FISD results in less false positives than other schemes and RINF can fast and accurately detect portscanners. We also show that the proposed system, including our scheme and algorithm, provides good performance in terms of the rate of false positives.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.2
• /
• pp.343-350
• /
• 2016

A secure and effective on-chip bus for detecting and preventing malicious attacks by infected IPs is presented in this paper. Most system inter-connects (on-chip bus) are vulnerable to hardware Trojan (Malware) attack because all data and control signals are routed. A proposed secure bus with modifications in arbitration, address decoding, and wrapping for bus master and slaves is designed using the Advanced High-Performance and Advance Peripheral Bus (AHB and APB Bus). It is implemented with the concept that arbiter checks share of masters and manage infected masters and slaves in every transaction. The proposed hardware is designed with the Xilinx 14.7 ISE and verified using the HBE-SoC-IPD test board equipped with Virtex4 XC4VLX80 FPGA device. The design has a total gate count of 39K at an operating frequency of 313MHz using the $0.13{\mu}m$ TSMC process.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.885-888
• /
• 2015

A secure and effective on-chip bus for detecting and preventing malicious attacks by infected IPs is presented in this paper. Most system inter-connect (on-chip bus) are vulnerable to hardware Trojan (Malware) attack because all data and control signals are routed. A proposed secure bus with modifications in arbitration, address decoding, and wrapping for bus master and slaves is designed using the Advanced High-Performance and Advance Peripheral Bus (AHB and APB Bus). It is implemented with the concept that arbiter checks share of masters and manage infected masters and slaves in every transaction. The proposed hardware is designed with the Xilinx 14.7 ISE and verified using the HBE-SoC-IPD test board equipped with Virtex4 XC4VLX80 FPGA device. The design has a total gate count of 40K at an operating frequency of 250MHz using the $0.13{\mu}m$ TSMC process.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.317-320
• /
• 2016

The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and Classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on December in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attack thus far. Therefore, we will use big data analytics to analyze whether or not APT attack has occurred in order to defend against the manipulative attackers. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean defense system. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attack and evaluate the models' accuracy and other results. Lastly, we will present an effective response method to address a detected APT attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.237-240
• /
• 2011

Voice over Internet Protocol calls using administrative agency to build a national information and communication service, 'C' group, providers, the KT, SK Broadband, LG U+, Samsung SDS, as there are four operators. To prepare for an attack on Voice over Internet Protocol for administrative agency, security is a need for research to support the model. In this paper, the Internet telephone business of Administrative Agency to investigate and analyze the specific security measures to respond. Should set priorities around confidentiality about five security threats from NIS to Study of Voice over Internet Protocol Security Response Model for Administrative Agency. (1) Illegal wiretapping, (2) call interception, (3) service misuse, (4) denial of service attacks, (5) spam attacks, write about and analyze attack scenarios. In this paper, an analysis of protection by security threats and security breaches through a step-by-step system to address the research study is a step-by-step development of the corresponding model.

• Industrial Engineering and Management Systems
• /
• v.11 no.1
• /
• pp.82-86
• /
• 2012

In For the past few years, query log data has been collected to find user's behavior in using the site. Many researches have studied on the usage of query logs to extract user's preference, recommend personalization, improve caching and pre-fetching of Web objects, build better adaptive user interfaces, and also to improve Web search for a search engine application. A query log contain data such as the client's IP address, time and date of request, the resources or page requested, status of request HTTP method used and the type of browser and operating system. A query log can offer valuable insight into web site usage. A proper compilation and interpretation of query log can provide a baseline of statistics that indicate the usage levels of website and can be used as tool to assist decision making in management activities. In this paper we want to discuss on the tasks performed of query logs in pre-processing of web usage mining. We will use query logs from an online newspaper company. The query logs will undergo pre-processing stage, in which the clickstream data is cleaned and partitioned into a set of user interactions which will represent the activities of each user during their visits to the site. The query logs will undergo essential task in pre-processing which are data cleaning and user identification.

• Journal of Navigation and Port Research
• /
• v.41 no.5
• /
• pp.353-358
• /
• 2017

This study aims to propose an assessment tool of port service quality (PSQ) in the context of container transport logistics (CTLs), by taking the perspectives from port users. The CTLs defined in this study are the relevant activities of serving the physical flows of a container box from a point of origin via a container port to a point of destination. To address the ports' role in collaboration between its channel members in CTLs, the PSQ measures for all port user groups (i.e. common PSQ measures) are selected based on the relevant CTLs activities involved by port, and its users within terminal/port area as well as throughout the CTLs chain. An importance-performance analysis (IPA) is applied as a diagnostic tool to analyse the status quo of Busan Port in CTLs contexts, by comparing the importance and performance (IP ) scores against each individual CTLs criterion. The findings from the IPA reveal that port managers and policy makers at the Busan Port should concentrate on six PSQ measures (i.e. SR1, SR4, ITS1, VAS1, VAS4, ICI3) to enhance PSQ in CTLs. However, four measures (i.e. ITS2, ITS3, ITS4, VAS2) are identified as a possible overkill, indicating an area of inefficiency where a remedial action of the cost-cutting decision is necessary. On the other hand, the Busan port shows an outstanding performance on four measures such as SR2, SR3, ICI1 and ICI2. The measures are not only important but also high performance. The study findings provide managerial guidance to port managers in Busan Port, in view of searching for managerial and operational strategies for sustainable port growth.