• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.5
• /
• pp.1390-1411
• /
• 2024

Underwater Wireless Sensors Networks (UWSNs) are deployed in remotely monitored environment such as water level monitoring, ocean current identification, oil detection, habitat monitoring and numerous military applications. Providing scalable and efficient routing is very challenging in UWSNs due to the harsh underwater environment. The biggest difficulties are the nodes inherent movement due to water current, long delay in data transmission, low bandwidth of the acoustic signal, high error rate and energy scarcity in battery powered nodes. Many routing protocols have been proposed to solve the aforementioned problems. There are three broad categories of routing protocols namely depth based, energy based and vector-based routing. Vector Based Forwarding protocols perform routing through virtual pipeline by defining their radius which give proper direction to packets communication. We proposed a routing protocol termed as Path-Oriented Energy Scaled Expanded Vector Based Forwarding (PESEVBF). PESEVBF takes into account all parameters; holding time, the source nodes packets routing path and void holes creation on the second hop; PESEVBF not only considers the packet upward advancement but also focus on density of the forwarded nodes in terms of number of potential forwarding and suppressed nodes for path selection. Node selection in resultant holding time is based on minimum Path Factor (PF) value. Moreover, the suppressed node will be selected for packet forwarding to avoid the void holes occurrences on the second hop. Performance of PESEVBF is compared with other routing protocols using matrices such as energy consumption, packet delivery ratio, packets dropping ratio and duplicate packets creation indicating considerable performance improvement.

• Journal of KIISE:Databases
• /
• v.34 no.6
• /
• pp.473-482
• /
• 2007

Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. They raise alarm when possible intrusion happens. But they often output a large amount of low-level of incomplete alert information. Consequently, a large amount of incomplete alert information that can be unmanageable and also be mixed with false alerts can prevent intrusion response systems and security administrator from adequately understanding and analyzing the state of network security, and initiating appropriate response in a timely fashion. So it is important for the security administrator to reduce the redundancy of alerts, integrate and correlate security alerts, construct attack scenarios and present high-level aggregated information. False alarm rate is the ratio between the number of normal connections that are incorrectly misclassified as attacks and the total number of normal connections. In this paper we propose a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The proposed model can classify the alarms from the intrusion detection systems into false alert or true attack. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems.

• Journal of the Korea Computer Industry Society
• /
• v.6 no.5
• /
• pp.715-724
• /
• 2005

Recently many important systems that used to be operated in a closed environment are now providing web services and these kinds of web-based services are often an easy and common target of attacks. In addition, the great variety of web content and applications cause the development of new various intrusion technologies, while the misuse-based intrusion detection technology cannot keep the peace with the attacks and it seems to lack the capability to deal with such various new security threats, As a result it is necessary to research and develop new types of detection technologies that can detect newly developed attacks and intrusions as well as to be able to deal with previous types of exploits. In this paper, a HTTP traffic model is tested for its anomaly by using a HTTP request traffic pattern analysis and the field information analysis of the HTTP packet. Consequently, the HTTP traffic models by applying anomaly tests is designed and established.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.391-394
• /
• 2004

Change of paradigm of network attack technique was begun by fast extension of the latest Internet and new attack form is appearing. But, Most intrusion detection systems detect informed attack type because is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, visibilitys to apply human immunity mechanism are appearing. In this paper, we create self-file from normal behavior profile about network packet and embody self recognition algorithm to use self-nonself discrimination in the human immune system to detect anomaly behavior. Sense change because monitors self-file creating anomaly detector based on Negative Selection Algorithm that is self recognition algorithm's one and detects anomaly behavior. And we achieve simulation to use DARPA Network Dataset and verify effectiveness of algorithm through the anomaly detection rate.

• Smart Structures and Systems
• /
• v.31 no.1
• /
• pp.13-27
• /
• 2023

Fatigue crack is a fatal problem for steel structures. Early detection and maintenance can help extend the service life and prevent hazards. This paper presents the ultrasonic guided waves-based (UGWs-based) fatigue crack detection of a steel I-beam. The semi-analytical finite element model has been built to obtain the wave propagation characteristics. Damage indices in both time and frequency domains were analyzed by considering the characteristic variations of UGWs including the amplitude, phase angle, and wave packet energy. The pulse-echo and pitch-catch methods were combined in the detection scheme. Lab-scale experiments were conducted on welded steel I-beams to verify the proposed method. Results show that the damage indices based on the characteristic variations in the time domain can identify and localize the fatigue crack before it enters the rapid growth stage. The damage severity can be reasonably evaluated by analyzing the time-domain damage indices. Two nonlinear damage indices in the frequency domain give earlier warnings of the fatigue crack than the time-domain damage indices do. The identification results based on the above two nonlinear indices are found to be less consistent under various excitation frequencies. More robust nonlinear techniques needed to be searched and tested for early crack detection in steel I-beams in further study.

• Journal of Internet Computing and Services
• /
• v.22 no.2
• /
• pp.29-39
• /
• 2021

As damages to individuals, private sectors, and businesses increase due to newly occurring cyber attacks, the underlying network security problem has emerged as a major problem in computer systems. Therefore, NIDS using machine learning and deep learning is being studied to improve the limitations that occur in the existing Network Intrusion Detection System. In this study, a deep learning-based NIDS model study is conducted using the Convolution Neural Network (CNN) algorithm. For the image classification-based CNN algorithm learning, a discrete algorithm for continuity variables was added in the preprocessing stage used previously, and the predicted variables were expressed in a linear relationship and converted into easy-to-interpret data. Finally, the network packet processed through the above process is mapped to a square matrix structure and converted into a pixel image. For the performance evaluation of the proposed model, NSL-KDD, a representative network packet data, was used, and accuracy, precision, recall, and f1-score were used as performance indicators. As a result of the experiment, the proposed model showed the highest performance with an accuracy of 85%, and the harmonic mean (F1-Score) of the R2L class with a small number of training samples was 71%, showing very good performance compared to other models.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.55-61
• /
• 2012

Owing to the development of wireless infrastructure and mobile communication technology, There is growing interest in smart phone using it. The resulting popularity of smart phone has increased the Mobile Malicious AP-related security threat and the access to the wireless AP(Access Point) using Wi-Fi. mobile AP mechanism is the use of a mobile device with Internet access such as 3G cellular service to serve as an Internet gateway or access point for other devices. Within the enterprise, the use of mobile AP mechanism made corporate information management difficult owing to use wireless system that is impossible to wire packet monitoring. In this thesis, we propose mobile AP mechanism-based mobile malicious AP detection and prevention mechanism in radius authentication server network. Detection approach detects mobile AP mechanism-based mobile malicious AP by sniffing the beacon frame and analyzing the difference between an authorized AP and a mobile AP mechanism-based mobile malicious AP detection.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.12
• /
• pp.2259-2266
• /
• 2016

Recently dense wireless local area networks (WLANs) emerge as the number of WLAN cells and stations increases. In such dense WLAN environment, this paper proposes a new distributed medium access control (MAC) protocol. The proposed MAC protocol extends the previous CSMA with collision resolution (CSMA/CR) that uses a single collision detection (CD) phase and employs multiple CD phases to resolve more collisions. It checks the collision detection in each CD phase and stops the CD phase if consecutive non-detected CD phases occur more than the threshold. Therefore, the proposed protocol can control the number of CD phases adaptively according to the number of accessing stations and increase the probability of collision resolution while decreasing the packet overhead. The simulation results show that the proposed adaptive CSMA/CR protocol employs a variable number of CD phases according to the number of stations and achieves a greater throughput than the previous CSMA/CR protocol using the fixed number of CD phases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1181-1190
• /
• 2013

The GOOSE(Generic Object Oriented Substation Event) is used as a network protocol to communicate between IEDs(Intelligent Electronic Devices) in international standard IEC 61850 of substation automation system. Nevertheless, the GOOSE protocol is facing many similar threats used in TCP/IP protocol due to ethernet-based operation. In this paper, we develop a IDS(Intrusion Detection System) for secure GOOSE Protocol using open software-based IDS Snort. In this IDS, two security functions for keyword search and DoS attack detection are implemented through improvement of decoding and preprocessing component modules. And we also implement the GOOSE IDS and verify its accuracy using GOOSE packet generation and communication experiment.

• Journal of Internet Computing and Services
• /
• v.2 no.4
• /
• pp.41-53
• /
• 2001

Multi-distributed web cluster model built for high availability E-Business model exposes internal system nodes on its structural characteristics and has a potential that normal job performance is impossible due to the intentional prevention and attack by an illegal third party. Therefore, the security system which protects the structured system nodes and can correspond to the outflow of information from illegal users and unfair service requirements effectively is needed. Therefore the suggested distributed invasion detection system is the technology which detects the illegal requirement or resource access of system node distributed on open network through organic control between SC-Agents based on the shared memory of SC-Server. Distributed invasion detection system performs the examination of job requirement packet using Detection Agent primarily for detecting illegal invasion, observes the job process through monitoring agent when job is progressed and then judges the invasion through close cooperative works with other system nodes when there is access or demand of resource not permitted.