• Proceedings of the Korean Institute of Communication Sciences Conference
• /
• 2004.07a
• /
• pp.62-62
• /
• 2004

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.81-87
• /
• 2023

Intrusion detection systems that learn metadata of network packets have been proposed recently. However these approaches require time to analyze packets to generate metadata for model learning, and time to pre-process metadata before learning. In addition, models that have learned specific metadata cannot detect intrusion by using original packets flowing into the network as they are. To address the problem, this paper propose a natural language processing-based intrusion detection system that detects intrusions by learning the packet payload as a single sentence without an additional conversion process. To verify the performance of our approach, we utilized the UNSW-NB15 and Transformer models. First, the PCAP files of the dataset were labeled, and then two Transformer (BERT, DistilBERT) models were trained directly in the form of sentences to analyze the detection performance. The experimental results showed that the binary classification accuracy was 99.03% and 99.05%, respectively, which is similar or superior to the detection performance of the techniques proposed in previous studies. Multi-class classification showed better performance with 86.63% and 86.36%, respectively.

• The KIPS Transactions:PartC
• /
• v.11C no.3
• /
• pp.319-326
• /
• 2004

To help network intrusion detection systems(NIDSs) keep up with the demands of today's networks, that we the increasing network throughput and amount of attacks, a radical new approach in hardware and software system architecture is required. In this paper, we propose a Network Processor(NP) based In-Line mode NIDS that supports the packet payload inspection detecting the malicious behaviors, as well as the packet filtering and the traffic metering. In particular, we separate the filtering and metering functions from the deep packet inspection function using two-level searching scheme, thus the complicated and time-consuming operation of the deep packet inspection function does not hinder or flop the basic operations of the In-line mode system. From a proto-type NP-based NIDS implemented at a PC platform with an x86 processor running Linux, two Gigabit Ethernet ports, and 2.5Gbps Agere PayloadPlus(APP) NP solution, the experiment results show that our proposed scheme can reliably filter and meter the full traffic of two gigabit ports at the first level even though it can inspect the packet payload up to 320 Mbps in real-time at the second level, which can be compared to the performance of general-purpose processor based Inspection. However, the simulation results show that the deep packet searching is also possible up to 2Gbps in wire speed when we adopt 10Gbps APP solution.

• ETRI Journal
• /
• v.33 no.3
• /
• pp.299-309
• /
• 2011

Energy consumption is a key issue in body sensor networks (BSNs) since energy-constrained sensors monitor the vital signs of human beings in healthcare applications. In this paper, packet size optimization for BSNs has been analyzed to improve the efficiency of energy consumption. Existing studies on packet size optimization in wireless sensor networks cannot be applied to BSNs because the different operational characteristics of nodes and the channel effects of in-body and on-body propagation cannot be captured. In this paper, automatic repeat request (ARQ), forward error correction (FEC) block codes, and FEC convolutional codes have been analyzed regarding their energy efficiency. The hop-length extension technique has been applied to improve this metric with FEC block codes. The theoretical analysis and the numerical evaluations reveal that exploiting FEC schemes improves the energy efficiency, increases the optimal payload packet size, and extends the hop length for all scenarios for in-body and on-body propagation.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.10
• /
• pp.79-88
• /
• 2003

We demonstrate a novel all-optical packet switching system that is suitable for optical ring networks. For the demonstration, video signals are encoded into optical packets which are composed of header and payload. The optical packets are all-optically processed at a switching node based on all-optical header processor, packet-level clock extraction, bit-level clock extraction, all-optical data format converter and so on.

• Journal of Broadcast Engineering
• /
• v.23 no.5
• /
• pp.682-692
• /
• 2018

In this paper, we propose an ARQ packet error control scheme using multiple threads in delivering massive capacity of multimedia based on MMT(MPEG Media Transport) protocol. On the sending side, each frame that constitutes an image is packetized into MMT packets based on MMT protocol. The header of the packet stores the sequence number of the frames contained in the packet and the time of presentation information. The payload of the packet stores the direct information that comprises the frame. The generated MMT packet is transmitted to the IP network. The receiving side checks if any error has occurred in the received packet. For any identified error, it controls the error through ARQ error control scheme and reconfigure the frame according to the information stored in the header of the received packet. At this point, a multi-threading based transport design is constructed so that each thread takes over a single frame, which increases the transmission efficiency of massive capacity multimedia. The efficiency of the multi-threading transport method is verified by solving the problems that might arise when using a single-thread approach if packets with errors are retransmitted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• Journal of Information Science Theory and Practice
• /
• v.10 no.spc
• /
• pp.143-153
• /
• 2022

With the development of networks and the increase in the number of network devices, the number of cyber attacks targeting them is also increasing. Since these cyber-attacks aim to steal important information and destroy systems, it is necessary to minimize social and economic damage through early detection and rapid response. Many studies using machine learning (ML) and artificial intelligence (AI) have been conducted, among which payload learning is one of the most intuitive and effective methods to detect malicious behavior. In this study, we propose a preprocessing method to maximize the performance of the model when learning the payload in term units. The proposed method constructs a high-quality learning data set by eliminating unnecessary noise (stopwords) and preserving important features in consideration of the machine language and natural language characteristics of the packet payload. Our method consists of three steps: Preserving significant special characters, Generating a stopword list, and Class label refinement. By processing packets of various and complex structures based on these three processes, it is possible to make high-quality training data that can be helpful to build high-performance ML/AI models for security monitoring. We prove the effectiveness of the proposed method by comparing the performance of the AI model to which the proposed method is applied and not. Forthermore, by evaluating the performance of the AI model applied proposed method in the real-world Security Operating Center (SOC) environment with live network traffic, we demonstrate the applicability of the our method to the real environment.

• Aerospace Engineering and Technology
• /
• v.6 no.1
• /
• pp.92-96
• /
• 2007

The conventional commands & telemetry system of Korean low-earth orbiting satellites has certain limitations in accommodating various missions. As the payload becomes complex, it requires very complicated operational concepts in terms of commands and telemetry. With the current design, commands and telemetry formats have to be rebuilt whenever new payloads or operation concepts are involved, and many constraints in operation shall be produced due to the lacks of its flexibility. In this paper, a new strategy for commands & telemetry development partially derived from PUS (Packet Utilization Standard) of European Space Agency, which provides enhanced features for the accommodation of payloads & operational requirements, is presented.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1076-1085
• /
• 2004

Recently, the demands for real-time service and multimedia data are rapidly increasing. There are significant redundancies between header fields both within the same packet header and in consecutive packets belonging to the same packet stream. And there are many overheads in using the current UDP/IP protocol. Header compression is considered to enhance the transmission efficiency for the payload of small size. By sending the static field information only once initially and by utilizing dependencies and predictability for other fields, the header size can be significantly reduced for most packets. This work describes an implementation for header compression of the headers of IP/UDP protocols to reduce the overhead on Ethernet network. Typical UDP/IP Header packets can be compressed down to 7 bytes and the header compression system is designed and implemented in Linux environment. Using the Header compression system designed between a server and clients provides have the advantage of effective data throughput in network. Since the minimum packet size in Ethernet is 64 bytes, the amount of reduction by header compression in practical chatting environment was 6.6 bytes.