• The KIPS Transactions:PartA
• /
• v.11A no.2
• /
• pp.143-148
• /
• 2004

The session management overhead on the network systems like firewalls or intrusion detection systems is getting grown as the session table is glowing. In this paper. we propose the event-based timeout management policy to increase packet processing throughput on network systems by decreasing the system's timeout management overhead that is comparable to the existing time-based timeout management policies. Through some empirical studies using a session management system implemented in this paper we probed that the proposed policy provides better packet processing throughput than the existing policies.

• Journal of Information Processing Systems
• /
• v.7 no.4
• /
• pp.679-690
• /
• 2011

In this paper we consider a local area network (LAN) of dual mode service where one is a token bus and the other is a carrier sense multiple access with a collision detection (CSMA/CD) bus. The objective of the paper is to find the overall cell/packet dropping probability of a dual mode LAN for finite length queue M/G/1(m) traffic. Here, the offered traffic of the LAN is taken to be the equivalent carried traffic of a one-millisecond delay. The concept of a tabular solution for two-dimensional Poisson's traffic of circuit switching is adapted here to find the cell dropping probability of the dual mode packet service. Although the work is done for the traffic of similar bandwidth, it can be extended for the case of a dissimilar bandwidth of a circuit switched network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4977-4996
• /
• 2016

The existence of excessively large and too filled network buffers, known as bufferbloat, has recently gained attention as a major performance problem for delay-sensitive applications. Researchers have made three types of suggestions to solve the bufferbloat problem. One is End to End (E2E) congestion control, second is deployment of Active Queue Management (AQM) techniques and third is the combination of above two. However, these solutions either seem impractical or could not obtain good bandwidth utilization. In this paper, we propose a Transmission Control Protocol（TCP）delayed window update mechanism which uses a congestion detection approach to predict the congestion level of networks. When detecting the network congestion is coming, a delayed window update control strategy is adopted to maintain good protocol performance. If the network is non-congested, the mechanism stops work and congestion window is updated based on the original protocol. The simulation experiments are conducted on both high bandwidth and long delay scenario and low bandwidth and short delay scenario. Experiment results show that TCP delayed window update mechanism can effectively improve the performance of the original protocol, decreasing packet losses and queuing delay while guaranteeing transmission efficiency of the whole network. In addition, it can perform good fairness and TCP friendliness.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.4
• /
• pp.1866-1883
• /
• 2019

As the youngest branch of information hiding, network covert timing channels conceal the existence of secret messages by manipulating the timing information of the overt traffic. The popular model-based framework for constructing covert timing channels always utilizes cumulative distribution function (CDF) of the inter-packet delays (IPDs) to modulate secret messages, whereas discards high-order statistics of the IPDs completely. The consequence is the vulnerability to high-order statistical tests, e.g., entropy test. In this study, a rich security model of covert timing channels is established based on IPD chains, which can be used to measure the distortion of multi-order timing statistics of a covert timing channel. To achieve rich security, we propose two types of covert timing channels based on nested lattices. The CDF of the IPDs is used to construct dot-lattice and interval-lattice for quantization, which can ensure the cell density of the lattice consistent with the joint distribution of the IPDs. Furthermore, compensative quantization and guard band strategy are employed to eliminate the regularity and enhance the robustness, respectively. Experimental results on real traffic show that the proposed schemes are rich-secure, and robust to channel interference, whereas some state-of-the-art covert timing channels cannot evade detection under the rich security model.

• Journal of applied mathematics & informatics
• /
• v.41 no.1
• /
• pp.95-105
• /
• 2023

To make the network energy efficient and to protect the network from malignant user's energy efficient grid based secret key sharing scheme is proposed. The cost function is evaluated to select the optimal nodes for carrying out the data transaction process. The network is split into equal number of grids and each grid is placed with certain number of nodes. The node cost function is estimated for all the nodes present in the network. Once the optimal energy proficient nodes are selected then the data transaction process is carried out in a secured way using malicious nodes filtration process. Therefore, the message is transmitted in a secret sharing method to the end user and this process makes the network more efficient. The proposed work is evaluated in network simulated and the performance of the work are analysed in terms of energy, delay, packet delivery ratio, and false detection ratio. From the result, we observed that the work outperforms the other works and achieves better energy and reduced packet rate.

• Journal of Internet Computing and Services
• /
• v.5 no.4
• /
• pp.23-33
• /
• 2004

In this paper, we propose a novel traffic measurement based detection of network attack symptoms on high speed Internet backbone links. In order to do so, we characterize the traffic patterns from the normal and the network attacks appeared on Internet backbone links, and we derive two efficient measures for representing the network attack symptoms at aggregate traffic level. The two measures are the power spectrum and the ratio of packet counts to traffic volume of the aggregate traffic. And, we propose a new methodology to detect networks attack symptoms by measuring those traffic measures. Experimental results show that the proposed scheme can detect the network attack symptoms very exactly and quickly. Unlike existing methods based on Individual packets or flows, since the proposed method is operated on the aggregate traffic level. the computational complexity can be significantly reduced and applicable to high speed Internet backbone links.

• Journal of KIISE:Information Networking
• /
• v.37 no.4
• /
• pp.263-271
• /
• 2010

SIP/RTP-based VoIP services are being popular. Recently, however, VoIP anomaly traffic such as delay, interference and termination of call establishment, and degradation of voice quality has been reported. An attacker could intercept a packet, and obtain user and header information so as to generate an anomaly traffic, because most Korean VoIP applications do not use standard security protocols. In this paper, we propose three VoIP anomaly traffic generation methods for CANCEL;BYE DoS and RTP flooding, and a detection method through flow-based traffic measurement. From our experiments, we showed that 97% of anomaly traffic could be detected in real commercial VoIP networks in Korea.

• Journal of Communications and Networks
• /
• v.7 no.3
• /
• pp.337-352
• /
• 2005

In this paper, a fuzzy logic implementation of the random early detection (RED) mechanism [1] is presented. The main objective of the proposed fuzzy controller is to reduce the loss probability of the RED mechanism without any change in channel utilization. Based on previous studies, it is clear that the performance of RED algorithm is extremely related to the traffic load as well as to its parameters setting. Using fuzzy logic capabilities, we try to dynamically tune the loss probability of the RED gateway. To achieve this goal, a two-input-single-output fuzzy controller is used. To achieve a low packet loss probability, the proposed fuzzy controller is responsible to control the $max_{p}$ parameter of the RED gateway. The inputs of the proposed fuzzy controller are 1) the difference between average queue size and a target point, and 2) the difference between the estimated value of incoming data rate and the target link capacity. To evaluate the performance of the proposed fuzzy mechanism, several trials with file transfer protocol (FTP) and burst traffic were performed. In this study, the ns-2 simulator [2] has been used to generate the experimental data. All simulation results indicate that the proposed fuzzy mechanism out performs remarkably both the traditional RED and Adaptive RED (ARED) mechanisms [3]-[5].

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.189-198
• /
• 2015

Despite the fact that traffic engineering techniques have been comprehensively utilized in the past to enhance the performance of communication networks, the distinctive characteristics of Software Defined Networking (SDN) demand new traffic engineering techniques for better traffic control and management. Considering the behavior of traffic, large flows normally carry out transfers of large blocks of data and are naturally packet latency insensitive. However, small flows are often latency-sensitive. Without intelligent traffic engineering, these small flows may be blocked in the same queue behind megabytes of file transfer traffic. So it is very important to identify large flows for different applications. In the scope of this paper, we present an approach to detect large flows in real-time without even a short delay. After the detection of large flows, the next problem is how to control these large flows effectively and prevent network jam. In order to address this issue, we propose an approach in which when the controller is enabled, the large flow is mitigated the moment it hits the predefined threshold value in the control application. This real-time detection, marking, and controlling of large flows will assure an optimize usage of an overall network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.11
• /
• pp.4644-4661
• /
• 2015

Wireless sensor networks are often organized in the form of clusters leading to the new framework of WSN called cluster or hierarchical WSN where each cluster head is responsible for its own cluster and its members. These hierarchical WSN are prone to various routing layer attacks such as Black hole, Gray hole, Sybil, Wormhole, Flooding etc. These routing layer attacks try to spoof, falsify or drop the packets during the packet routing process. They may even flood the network with unwanted data packets. If one cluster head is captured and made malicious, the entire cluster member nodes beneath the cluster get affected. On the other hand if the cluster member nodes are malicious, due to the broadcast wireless communication between all the source nodes it can disrupt the entire cluster functions. Thereby a scheme which can detect both the malicious cluster member and cluster head is the current need. Abnormal energy consumption of nodes is used to identify the malicious activity. To serve this purpose a learning based energy prediction algorithm is proposed. Thus a two level energy prediction based intrusion detection scheme to detect the malicious cluster head and cluster member is proposed and simulations were carried out using NS2-Mannasim framework. Simulation results achieved good detection ratio and less false positive.