• Title/Summary/Keyword: Packet Inspection

Search Result 44, Processing Time 0.024 seconds

An Open DPI Platform Architecture using OpenFlow (오픈플로우를 이용한 Open DPI 플랫폼 구조)

  • Lee, Wangbong;Park, Sang-Kil;Kim, Sang-Wan;Lee, Joon-Kyung;Kim, Sang-Ha
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2014.04a
    • /
    • pp.180-181
    • /
    • 2014
  • 서버 하드웨어 성능 향상과 가상화 소프트웨어 기술의 발달로 클라우드 컴퓨팅 환경은 꾸준히 확산되고 있으며, 이에 따라 인터넷 트래픽 또한 대용량화와 집중화가 진행 중이다. 이와 함께, 지속적인 DDoS 공격 및 사이버테러는 전자정부, 금융, 등 모든 조직을 대상으로 꾸준하게 일어나고 있다. 다양한 사이버테러 공격에 대응하고, 대용량 클라우드 서비스 트래픽을 정밀 분석 하는 정책서버 기반의 서비스별/사용자별/그룹별 트래픽 모니터링 및 제어 관리가 필요하다. 본 논문에서 이를 위한 오픈플로우 기반의 고성능 Open DPI(Deep Packet Inspection) 플랫폼 구조를 제안한다.

The Solution of User Privacy Issues in DPI technology (DPI 기술 적용에 따른 사용자 개인정보 문제 해결방안)

  • Oh, Ji-Soo;Lee, Seung-Hyun;Park, Min-Woo;Chung, Tai-Myoung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2012.11a
    • /
    • pp.1060-1063
    • /
    • 2012
  • 기존의 네트워크 관문에서 트래픽을 검사하는 장치들은 Application 계층의 데이터를 검사할 수 없어 보안에 한계가 있다. 이를 보완하기 위해 Application 계층까지 패킷을 분석할 수 있는 Deep Packet Inspection (DPI)기술이 개발되어 보안 강화에 사용되고 있다. 하지만 기업에서 DPI 기술을 이용하여 고객의 개인정보를 무단으로 수집 및 이용하면서 DPI 기술에 따른 개인정보 침해가 우려된다, 본 논문에서는 DPI 기술을 통한 사용자 정보 수집 시 개별 사용자의 동의를 받을 수 있는 방안을 제안하며, 이를 통해 DPI 기술에 따른 사용자 개인정보 문제를 해결하고자 한다.

An Algorithm to Detect P2P Heavy Traffic based on Flow Transport Characteristics (플로우 전달 특성 기반의 P2P 헤비 트래픽 검출 알고리즘)

  • Choi, Byeong-Geol;Lee, Si-Young;Seo, Yeong-Il;Yu, Zhibin;Jun, Jae-Hyun;Kim, Sung-Ho
    • Journal of KIISE:Information Networking
    • /
    • v.37 no.5
    • /
    • pp.317-326
    • /
    • 2010
  • Nowadays, transmission bandwidth for network traffic is increasing and the type is varied such as peer-to-peer (PZP), real-time video, and so on, because distributed computing environment is spread and various network-based applications are developed. However, as PZP traffic occupies much volume among Internet backbone traffics, transmission bandwidth and quality of service(QoS) of other network applications such as web, ftp, and real-time video cannot be guaranteed. In previous research, the port-based technique which checks well-known port number and the Deep Packet Inspection(DPI) technique which checks the payload of packets were suggested for solving the problem of the P2P traffics, however there were difficulties to apply those methods to detection of P2P traffics because P2P applications are not used well-known port number and payload of packets may be encrypted. A proposed algorithm for identifying P2P heavy traffics based on flow transport parameters and behavioral characteristics can solve the problem of the port-based technique and the DPI technique. The focus of this paper is to identify P2P heavy traffic flows rather than all P2P traffics. P2P traffics are consist of two steps i)searching the opposite peer which have some contents ii) downloading the contents from one or more peers. We define P2P flow patterns on these P2P applications' features and then implement the system to classify P2P heavy traffics.

The Study on matrix based high performance pattern matching by independence partial match (독립 부분 매칭에 의한 행렬 기반 고성능 패턴 매칭 방법에 관한 연구)

  • Jung, Woo-Sug;Kwon, Taeck-Geun
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.9B
    • /
    • pp.914-922
    • /
    • 2009
  • In this paper, we propose a matrix based real-time pattern matching method, called MDPI, for real-time intrusion detection on several Gbps network traffic. Particularly, in order to minimize a kind of overhead caused by buffering, reordering, and reassembling under the circumstance where the incoming packet sequence is disrupted, MDPI adopts independent partial matching in the case dealing with pattern matching matrix. Consequently, we achieved the performance improvement of the amount of 61% and 50% with respect to TCAM method efficiency through several experiments where the average length of the Snort rule set was maintained as 9 bytes, and w=4 bytes and w=8bytes were assigned, respectively, Moreover, we observed the pattern scan speed of MDPI was 10.941Gbps and the consumption of hardware resource was 5.79LC/Char in the pattern classification of MDPI. This means that MDPI provides the optimal performance compared to hardware complexity. Therefore, by decreasing the hardware cost came from the increased TCAM memory efficiency, MDPI is proven the cost effective high performance intrusion detection technique.

Comparison of Sampling Techniques for Passive Internet Measurement: An Inspection using An Empirical Study (수동적 인터넷 측정을 위한 샘플링 기법 비교: 사례 연구를 통한 검증)

  • Kim, Jung-Hyun;Won, You-Jip;Ahn, Soo-Han
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.45 no.6
    • /
    • pp.34-51
    • /
    • 2008
  • Today, the Internet is a part of our life. For that reason, we regard revealing characteristics of Internet traffic as an important research theme. However, Internet traffic cannot be easily manipulated because it usually occupy huge capacity. This problem is a serious obstacle to analyze Internet traffic. Many researchers use various sampling techniques to reduce capacity of Internet traffic. In this paper, we compare several famous sampling techniques, and propose efficient sampling scheme. We chose some sampling techniques such as Systematic Sampling, Simple Random Sampling and Stratified Sampling with some sampling intensities such as 1/10, 1/100 and 1/1000. Our observation focused on Traffic Volume, Entropy Analysis and Packet Size Analysis. Both the simple random sampling and the count-based systematic sampling is proper to general case. On the other hand, time-based systematic sampling exhibits relatively bad results. The stratified sampling on Transport Layer Protocols, e.g.. TCP, UDP and so on, shows superior results. Our analysis results suggest that efficient sampling techniques satisfactorily maintain variation of traffic stream according to time change. The entropy analysis endures various sampling techniques well and fits detecting anomalous traffic. We found that a traffic volume diminishment caused by bottleneck could induce wrong results on the entropy analysis. We discovered that Packet Size Distribution perfectly tolerate any packet sampling techniques and intensities.

A Designing Method of Digital Forensic Snort Application Model (Snort 침입탐지 구조를 활용한 디지털 Forensic 응용모델 설계방법)

  • Noh, Si-Choon
    • Convergence Security Journal
    • /
    • v.10 no.2
    • /
    • pp.1-9
    • /
    • 2010
  • Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

Design and Implementation of Remote Control System for Measuring Instrument using Smart Network Card (스마트 네트워크 카드를 이용한 계측기 원격 제어 시스템 설계 및 구현)

  • Park, Jin-Ho;Jung, Min-Soo
    • Journal of Korea Multimedia Society
    • /
    • v.11 no.10
    • /
    • pp.1366-1375
    • /
    • 2008
  • To verify correct operation of measuring instruments, we request the verification of measuring instrument to the agency that holds inspection devices. This works requires time and cost to the company. For this reason. We proposed "Smart Network Interface Card Model" for remote control of measuring instruments. Our model based on Web adapter, can add, delete and change the program to an existing web adapter from remote system. Furthermore, more than one program can be loaded, and can be updated from the remote system of internet. And also we can change the verification requirement of measuring instrument, hence it makes more good quality and competitive power of instruments.

  • PDF

SDN-Based Intrusion Prevention System for Science DMZ (Science DMZ 적용을 위한 SDN 기반의 네트워크 침입 방지 시스템)

  • Jo, Jinyong;Jang, Heejin;Lee, Kyungmin;Kong, JongUk
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.40 no.6
    • /
    • pp.1070-1080
    • /
    • 2015
  • In this paper, we introduce an SDN-based intrusion prevention system for more secure Science DMZ with no performance limits. The proposed system is structured with intrusion-prevention, intrusion-detection, and prevention-decision subsystems which are physically distributed but informationally connected by an SDN interface. The functional distribution and the application of SDN technology increase the flexibility and extensibility of the proposed system and prevent performance degradation possibly caused by network security equipments on Science DMZ. We verified the feasibility and performance of the proposed system over a testbed set up at KREONET.

Video Quality Representation Classification of Encrypted HTTP Adaptive Video Streaming

  • Dubin, Ran;Hadar, Ofer;Dvir, Amit;Pele, Ofir
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.8
    • /
    • pp.3804-3819
    • /
    • 2018
  • The increasing popularity of HTTP adaptive video streaming services has dramatically increased bandwidth requirements on operator networks, which attempt to shape their traffic through Deep Packet inspection (DPI). However, Google and certain content providers have started to encrypt their video services. As a result, operators often encounter difficulties in shaping their encrypted video traffic via DPI. This highlights the need for new traffic classification methods for encrypted HTTP adaptive video streaming to enable smart traffic shaping. These new methods will have to effectively estimate the quality representation layer and playout buffer. We present a new machine learning method and show for the first time that video quality representation classification for (YouTube) encrypted HTTP adaptive streaming is possible. The crawler codes and the datasets are provided in [43,44,51]. An extensive empirical evaluation shows that our method is able to independently classify every video segment into one of the quality representation layers with 97% accuracy if the browser is Safari with a Flash Player and 77% accuracy if the browser is Chrome, Explorer, Firefox or Safari with an HTML5 player.

A Study on Response Technique of Routing Attack under Wireless Ad Hoc Network. Environment (Wireless Ad Hoc Network환경에서의 라우팅 공격 대응 기법에 관한 연구)

  • Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.1
    • /
    • pp.105-112
    • /
    • 2014
  • The utilization of Wireless Ad Hoc Network which can build easily network using wireless device in difficult situation to build network is very good. However, it has security threat element because it transfers data by only forwarding of wireless devices. The measures against this should be prepared because damage by especially routing attack can affect the entire network. It is hard to distinguish malicious node and normal node among nodes composing network and it is not easy also to detect routing attack and respond to this. In this paper, we propose new method which detect routing attack and can respond to this. The amount of traffic in all nodes is measured periodically to judge the presence or absence of attack node on the path set. The technique that hides inspection packet to suspected node and transmits is used in order to detect accurately attack node in the path occurred attack. The experiment is performed by comparing SRAODA and SEAODV technique to evaluate performance of the proposed technique and the excellent performance can be confirmed.