• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2213-2216
• /
• 2003

단일 호스트 환경에 특화되어 설계되어온 기존 침입탐지 시스템(Intrusion Detection System: IDS)은 침입 시 도메인의 보호만을 그 목적으로 하는 수동적인 성격으로써, 새로운 공격 기법에 대한 탐지 및 대응, 그리고 보다 그 규모가 큰 네트워크로의 확장 면에서 구조적인 결함을 가지고 있다. 이러한 IDS의 구조적 문제점의 해결방안으로 액티브 네트워크 기반의 IDS 에 관한 연구가 진행되고 있다. 액티브 네트워크(Active network)란 패킷 스위칭 네트워크 상에 프로그램 가능한 라우터 등인 액티브 노드들을 배치하고, 사용자의 요구에 상응하는 적절한 연산을 위한 데이터와 프로그램으로 구성된 스마트 패킷(smart packet)에 대하여 수행 가능하게 하는 접근 방법이다. 본 논문에서는 이를 기반으로 자율적이며 지능적인 에이전트로 구성된 멀티 에이전트 기술을 액티브 노드에 적용함으로써 기존 IDS 보안메커니즘에서 보다 러 진보된 능동적이고 적극적인 대응을 위한 보안 메커니즘을 제공하여 네트워크 공격에 의한 피해 최소화와 신속한 대응이 가능한 멀티 에이전트 기반 공격 대응 메커니즘을 제시하고, 이를 적용 가능한 액티브 네트워크 기반 프레임 설계를 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.438-441
• /
• 2015

패킷 캡쳐는 IDS 및 IPS에서 가장 중요한 개념이다. 악성 패킷에 대한 시그니쳐를 탐지하여 사전에 차단할 수 있기 때문이다. OpenFlow를 이용하여 네트워크 패킷 요청 혹은 응답을 특화된 서버, 즉 인터넷검역소를 거친 후 종단 사용자에게 전달할 수 있다. SDN의 특성을 활용하여 종단 사용자는 어떤 프로그램도 설치하지 않고도 네트워크에 연결되어 있는 것만으로 가장 빠른 보안을 적용받을 수 있다. 본 논문에서는 SDN상에서 네트워크 검역을 위해 오픈 소스 Bro IDS를 이용하여 패킷을 캡쳐하는 방법과 발생한 문제와 그에 대한 해결법을 제안한다.

• Journal of Broadcast Engineering
• /
• v.16 no.3
• /
• pp.520-529
• /
• 2011

In this paper, we propose the extension of the MPEG-2 Transport Stream (TS) header for efficient adaptation of multi-layer coded video such as scalable video coding (SVC) and multiview video coding (MVC) in the HTTP streaming. First of all, the limit of the existing TS in terms of flexible adaptation of multi-layer video is investigated, and the signaling by extending TS header is proposed to provide efficient adaptation in a TS level. The proposed extension utilizes the private data field in the adaptation field of TS header to signal scalability and/or view information, which enable us to support diverse adaptation that suits underlying constraints of client capabilities, network conditions and user preferences. In short, the extension enables adaptation of scalable video with full scalability as well as view selection of multiview video in a TS level while keeping backward compatibility with the existing TS syntax/semantics. The performance of the proposed extension is compared with the existing adaptation using PID (packet ID) in terms of efficiency and complexity of adaptation. Furthermore, the increase of TS overhead caused by proposed extension is analyzed and an extension scheme to minimized the overhead is proposed.

• Journal of KIISE:Information Networking
• /
• v.36 no.5
• /
• pp.425-436
• /
• 2009

In recent years, the user demands have increased for multimedia service of high quality over the broadband convergence network. These rising demands for high quality multimedia service led the popularization of various user terminals and large scale display equipments, which needs a variety type of QoS (Quality of Service). In order to support demands for QoS, numerous research projects are in progress both from the perspective of network as well as end system; For example, at the network perspective, QoS guaranteeing by improving of internet performance such as Active Queue Management, while at the end system perspective, SVC (Scalable Video Coding) encoding scheme to guarantee media quality. However, existing AQM algorithms have problems which do not guarantee QoS, because they did not consider the essential characteristics of video encoding schemes. In this paper, it is proposed to solve this problem by deploying the TS- AQM (Temporal Scalability Active Queue Management) which employs the differentiated packet dropping for dependency of the temporal level among the frames, based on SVC encoding characteristics by exploiting the TID (Temporal ID) field of the SVC NAL unit header. The proposed TS-AQM guarantees multimedia service quality through video decoding reliability for SVC streaming service, by differentiated packet dropping when congestion exists.

• Journal of the Institute of Convergence Signal Processing
• /
• v.12 no.4
• /
• pp.274-280
• /
• 2011

Due to their rapid growth and new paradigm applications, wireless sensor networks(WSNs) are morphing into low power personal area networks(LoWPANs), which are envisioned to grow radically. The fragmentation and reassembly of IP data packet is one of the most important function in the 6LoWPAN based communication between Internet and wireless sensor network. However, since the 6LoWPAN data unit size is 102 byte for IPv6 MTU size is 1200 byte, it increases the number of fragmentation and reassembly. In order to reduce the number of fragmentation and reassembly, this paper presents a new scheme that can be applicable to 6LoWPAN. When a fragmented packet header is constructed, we can have more space for data. This is because we use 8-bits routing table ill instead of 16-bits or 54-bits MAC address to decide the destination node. Analysis shows that our design has roughly 7% or 22% less transmission number of fragmented packets, depending on MAC address size(16-bits or 54-bits), compared with the previously proposed scheme in RFC4944. The reduced fragmented packet transmission means a low power consumption since the packet transmission is the very high power function in wireless sensor networks. Therefore the presented fragmented transmission scheme is well suited for low-power wireless sensor networks.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.4
• /
• pp.547-552
• /
• 2003

In this thesis, interference phenomena of bluetooth networks requiring Security were minimized; strengthened security of piconet by assigning an identical PIN code to bluetooth devices, which was establishing a specific piconet during authentication stage. To establish a bluetooth piconet system. an unique ID was assigned to each bluetooth device, communication algorithms having different data formats between devices was designed, and an embedded hardware module using ARM processor and uCOS-II RTOS was implemented. About 30% of CPU efficiency in the module was increased by modifying functions including block parameters to work as nonblocking; by the increased efficiency of total piconet, the module could be used as an access point. The module could transmit maximum 10 frames of image and also audio signal by switching the packet effectively according to channel condition. By above-mentioned process, video, audio, and data could be well transmitted by the bluetooth managing program and the possibility of a commercial remote control system using bluetooth technology was suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1181-1190
• /
• 2013

The GOOSE(Generic Object Oriented Substation Event) is used as a network protocol to communicate between IEDs(Intelligent Electronic Devices) in international standard IEC 61850 of substation automation system. Nevertheless, the GOOSE protocol is facing many similar threats used in TCP/IP protocol due to ethernet-based operation. In this paper, we develop a IDS(Intrusion Detection System) for secure GOOSE Protocol using open software-based IDS Snort. In this IDS, two security functions for keyword search and DoS attack detection are implemented through improvement of decoding and preprocessing component modules. And we also implement the GOOSE IDS and verify its accuracy using GOOSE packet generation and communication experiment.

• Journal of the Korea Society for Simulation
• /
• v.15 no.1
• /
• pp.87-95
• /
• 2006

We need to check into when a security system is newly developed, we against cyber attack which is expected in real network. However it is impossible to check it under the environment of a large-scale distributive network. So it is need to simulate it under the virtual network environment. SSFNet is a event-driven simulator which can be represent a large-scale network. Unfortunately, it doesn't have the module to simulate security functions. In this paper, we added the IDS module to SSFNet. We implement the IDS module by modeling a key functions of Snort. In addition, we developed some useful functions using Java language which can manipulate easily a packet for network simulation. Finally, we performed the simulation to verify the function if our developed IDS and Packets Manipulation. The simulation shows that our expanded SSFNet can be used to further large-scale security system simulator.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.617-622
• /
• 2005

Lately, the MANET research has focused on providing routing services with security and previous schemes have been proposed for detecting malicious nodes in a MANET. However, they still include some problems which malicious nodes cannot be found when they falsely report other nodes as malicious. Accordingly, we propose a novel and efficient scheme for detecting malicious nodes using report messages and a report table which is consisted of node ID both for suspecting and reporting when the malicious nodes behave normally during the route discovery, but the other hand they drop and modify packets, or falsely report other nodes as malicious during the data transmission. Our proposed scheme is applicable to not only DSR but aiso AODV. And we provide some simulation results of our proposed scheme by comparing general AODV with our proposed scheme. Simulation results show that our Proposed scheme outperforms general AODV in terms of average packet loss ratio and packet delivery ratio.

• Journal of Institute of Control, Robotics and Systems
• /
• v.15 no.11
• /
• pp.1150-1156
• /
• 2009

The spread of wireless Internet technology development and applications with location information in the form of location-based services are more varied. In particular, where you recognize the location of objects such as people and things, and to provide valuable services based on ubiquitous, location-based services (Ubiquitous Location Based Services: u-LBS) is emerging as an important service. In this paper precise location data to the car crash through the location and offers related service system. In this paper the precise location tracking proposed by the concept of the Rail, road, to extract the location Data Matching Data and the current location is obtained. System used in GPS Packet and information about the location of the vehicle collision and the collision time, the vehicle consists of NodeID is about. Using these data, a packet is to be created when the conflict between vehicles in the vehicle will be sent to Gateway. Gateway to the packets that were sent from the Server to determine whether the conflict is that in an emergency situation, Emergency Center for location information and let me know whether or not the conflict will be measured. Also, for those on the outside of an emergency such as a family related to the wireless terminal wireless (PDA, cell phone) is to let me know. Server get into the conflict that was configured to store information on the Database. Additionally, the proposed u-LBS system to verify the validity of the experiment was performed.