• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.29-37
• /
• 2020

Conventional firewalls cannot cope with attacks immediately. It is because security professionals or administrators need to analyze them and enter relevant policies to the firewalls. In addition, those policies may often block even normal accesses. Even though the packet themselves are normal, there exist many attacks that cause denial of service due to the inflow of a large amount of those packets. In this paper, we propose a method to block attacks such as Flooding, Spoofing and Scanning while allowing normal accesses based on whitelist policies which are automatedly generated by learning normal access patterns.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.4C
• /
• pp.282-294
• /
• 2002

The modern telecommunication networks are composed of various network-type and are managed by various management technologies, such as TMN, SNMP, TINA etc. Furthermore, the network user's needs of real-time multimedia services are rapidly increasing. In order to guarantee the user-requested quality-of-service(QoS) and keep the network utilization at maximum, it is required to manage the network performance continuously after the network is deployed. The performance management function should provide the useful information for the network expansion and the capacity reallocation in the future. In this paper, we propose a DPE-based performance management architecture for the integrated management of the heterogeneous network elements with TMN and SNMP. We propose an approach to provide the Intranet traffic monitoring and analysis function using layered network management concept and distributed processing technology. The proposed architecture has been designed and implemented based on multiprocess and multithread structure to support concurrent processing. To manage the traffic according to the Intranet service categories, we implemented an ITMA(Intelligent Traffic Monitoring Agent) with packet capture library. With the proposed architecture, we could measure and analyze the real Intranet traffic of Yeungnam University.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.2
• /
• pp.83-91
• /
• 2018

With the development of IT (Information Technology) technology, embedded system and network technology are combined and used in various environments such as military environment as well as everyday life. In this paper, we propose a new airdropped distributed mobility model (ADMM) modeling the dispersion falling of the direct shot of a cluster bomb, and we compare and analyze some representative MANET routing protocols in ADMM in ns-3 simulator. As a result of the analysis, we show OLSR routing protocol is promising in ADMM environment in the view points of packet delivery ratio (PDR), end to end delay, and jitter. In addition, we propose a new adaptation scheme for OLSR, AND-OLSR (Average Node Distance based adaptive-OLSR) to improve the original OLSR in ADMM environment. The new protocol calculates the average node distance, adapts the period of the control message based on the average node distance increasing rate. Through the simulation study, we show that the proposed AND-OLSR outperforms the original OLSR in PDR and control message overhead.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.2
• /
• pp.366-368
• /
• 2015

This paper proposes a MAC protocol for sensor networks such as disaster detection system which generate the non-periodic packet. B-MAC has been used to solve delay problem for sensor networks, however, the power loss occurs due to excessive preamble and over-hearing. In contrast, S-MAC has a number of drawbacks in power consumption due to synchronization. In this paper, we propose H-MAC and analyze its performance which has improved power consumption compared to S-MAC and overhead and over-hearing compared to B-MAC.

• Journal of Advanced Navigation Technology
• /
• v.8 no.2
• /
• pp.163-168
• /
• 2004

In this paper, we propose a frequency synchronization algorithm using characteristic of CAZAC sequence for HDR-WPAN and analyze the performance by signal constellation and EVM(error vector magnitude). The proposed frequency offset technique estimated each sample phase error of two sequences among 12 CAZAC sequences which have excellent autocorrelated characteristic. Estimated phase error is multiplied to each sample of next sequence for compensating the frequency offset. The remaining frequency offset after compensating it with two sequences has maximum 0.002 offsest ranges at each sample. The computer simulation proved that the permission of EVM value had satisfied in the case of DQPSK at 20[dB].

• Nuclear Engineering and Technology
• /
• v.53 no.5
• /
• pp.1483-1490
• /
• 2021

Many studies are undertaken into nuclear power plants (NPPs) in preparation for accidents exceeding design standards. In this paper, we analyze the applicability of various wireless communication technologies as accident countermeasures in different NPP environments. In particular, a commercial wireless communication module (WCM) is investigated by measuring leakage current and packet error rate (PER), which vary depending on the intensity of incident radiation on the module, by testing at a Co-60 gamma-ray irradiation facility. The experimental results show that the WCMs continued to operate after total doses of 940 and 1097 Gy, with PERs of 3.6% and 0.8%, when exposed to irradiation dose rates of 185 and 486 Gy/h, respectively. In short, the lower irradiation dose rate decreased the performance of WCMs more than the higher dose rate. In experiments comparing the two communication protocols of request/response and one-way, the WCMs survived up to 997 and 1177 Gy, with PERs of 2% and 0%, respectively. Since the request/response protocol uses both the transmitter and the receiver, while the one-way protocol uses only the transmitter, then the electronic system on the side of the receiver is more vulnerable to radiation effects. From our experiments, the tested module is expected to be used for design-based accidents (DBAs) of "Category A" type, and has confirmed the possibility of using wireless communication systems in NPPs.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.821-828
• /
• 2004

To analyze the usage information of system and network resources to the each grid application by measuring the real time traffic and calculating the statistic information, we suggested the kernel-based monitoring methods by researching the efficient monitoring method. This method use small system resourcesand measure the monitoring information accurately with less delay than the usual packet capture methods such as tcpdump. Also we implemented the monitoring systems which can monitor the used resources of system and network for grid application using the suggested kernel-based monitoring method. This research can give the useful information to the development of grid application and to grid network scheduler which can assign the proper resources to the grid application to perform efficiently. Network administrator can decide whether the expansion of network is required or not using the monitoring information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.693-704
• /
• 2020

As a company's network structure is getting bigger and the number of security system is increasing, it is not easy to quickly detect abnormal traffic from huge amounts of security system events. In this paper, We propose traffic visualization analysis system(FDANT-PCSV) that can detect and analyze security events of information security systems such as firewalls in real time. FDANT-PCSV consists of Parallel Coordinates visualization using five factors(source IP, destination IP, destination port, packet length, processing status) and Sankey visualization using four factors(source IP, destination IP, number of events, data size) among security events. In addition, the use of big data-based SIEM enables real-time detection of network attacks and network failure traffic from the internet and intranet. FDANT-PCSV enables cyber security officers and network administrators to quickly and easily detect network abnormal traffic and respond quickly to network threats.

• Journal of KIISE:Information Networking
• /
• v.29 no.5
• /
• pp.553-561
• /
• 2002

We present a novel service discipline, called linear service discipline, to serve multiple QoS queues sharing a resource and analyze its properties. The linear server makes the output traffic and the queueing dynamics of individual queues as a linear function of its input traffic. In particular, if input traffic is Gaussian, the distributions of queue length and output traffic are also Gaussian with their mean and variance being a function of input mean and input power spectrum (equivalently, autocorrelation function of input). Important QoS measures including buffer overflow probability and queueing delay distribution are also expressed as a function of input mean and input power spectrum. This study explores a new direction for network-wide traffic management based on linear system theories by letting us view the queueing process at each node as a linear filter.

• The KIPS Transactions:PartA
• /
• v.12A no.2 s.92
• /
• pp.87-94
• /
• 2005

Pattern matching is one of critical parts of Network Intrusion Prevention Systems (NIPS) and computationally intensive. To handle a large number of attack signature fattens increasing everyday, a network intrusion prevention system requires a multi pattern matching method that can meet the line speed of packet transfer. In this paper, we analyze Snort, a widely used open source network intrusion prevention/detection system, and its pattern matching characteristics. A multi pattern matching method for NIPS should efficiently handle a large number of patterns with a wide range of pattern lengths and case insensitive patterns matches. It should also be able to process multiple input characters in parallel. We propose a multi pattern matching hardware accelerator based on Shift-OR pattern matching algorithm. We evaluate the performance of the pattern matching accelerator under various assumptions. The performance evaluation shows that the pattern matching accelerator can be more than 80 times faster than the fastest software multi-pattern matching method used in Snort.