• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2B
• /
• pp.91-97
• /
• 2006

As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.41-48
• /
• 2009

Distributed denial of service attack detection for more development and research is underway. The method of using statistical techniques, the normal packets and abnormal packets to identify efficient. In this paper several statistical techniques, using a mix of various offers a way to detect the attack. To verify the effectiveness of the proposed technique, it set packet filtering on router and the proposed DDoS attacks detection method on a Linux router. In result, the proposed technique was detect various attacks and provide normal service mostly.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.23-28
• /
• 2007

In this research, we suggest the unknown intrusion detection system with SVM(Support Vector Machines). At the system, at first, collected training-packets are processed through packet image creating module. And then, it is studied by the SVM module. Finally, the studied SVM module classifies the test-data unsing test-packet-image. This system's stability and efficient characteristic of security is far superior than the existing it.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.81-87
• /
• 2023

Intrusion detection systems that learn metadata of network packets have been proposed recently. However these approaches require time to analyze packets to generate metadata for model learning, and time to pre-process metadata before learning. In addition, models that have learned specific metadata cannot detect intrusion by using original packets flowing into the network as they are. To address the problem, this paper propose a natural language processing-based intrusion detection system that detects intrusions by learning the packet payload as a single sentence without an additional conversion process. To verify the performance of our approach, we utilized the UNSW-NB15 and Transformer models. First, the PCAP files of the dataset were labeled, and then two Transformer (BERT, DistilBERT) models were trained directly in the form of sentences to analyze the detection performance. The experimental results showed that the binary classification accuracy was 99.03% and 99.05%, respectively, which is similar or superior to the detection performance of the techniques proposed in previous studies. Multi-class classification showed better performance with 86.63% and 86.36%, respectively.

• Journal of Communications and Networks
• /
• v.7 no.3
• /
• pp.367-376
• /
• 2005

The smooth handoff supported by the route optimization extension to the mobile IP standard protocol should support a packet buffering mechanism at the base station (BS), in order to reduce the degradation in TCP performance caused by packet losses within mobile network environments. The purpose of packet buffering at the BS is to recover the packets dropped during intersubnetwork handoff by forwarding the packets buffered at the previous BS to the new BS. However, when the mobile host moves to a congested BS within a new foreign subnetwork, the buffered packets forwarded by the previous BS are likely to be dropped. This subsequently causes global synchronization to occur, resulting in the degradation of the wireless link in the congested BS, due to the increased congestion caused by the forwarded burst packets. Thus, in this paper, we propose an implicit priority forwarding (IPF) packet buffering scheme as a solution to this problem within mobile IP based networks. In the proposed IPF method, the previous BS implicitly marks the priority packets being used for inter-subnetwork handoff. Moreover, the proposed modified random early detection (M-RED) buffer at the new congested BS guarantees some degree of reliability to the priority packets. The simulation results show that the proposed IPF packet buffering scheme increases the wireless link utilization and, thus, it enhances the TCP throughput performance in the context of various intersubnetwork handoff cases.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.2
• /
• pp.81-88
• /
• 2018

Spectrum sensing, the key technology of the cognitive radio networks, is used by a secondary user to determine the frequency state of a primary user. The energy detection in the spectrum sensing determines the presence or absence of a primary user according to the intensity of the allocated channel signal. Since this technique simply uses the strength of the signal for spectrum sensing, it is difficult to detect the signal of a primary user in the low SNR band. In this paper, we propose a way to combine spectrum sensing and support vector machine using wavelet packet decomposition to overcome performance degradation in low SNR band. In our proposed scheme, the sensing signals were extracted by wavelet packet decomposition and then used as training data and test data for support vector machine. The simulation results of the proposed scheme are compared with the energy detection using the AUC of the ROC curve and the accuracy according to the SNR band. With simulation results, we demonstrate that the proposed scheme show better determining performance than one of energy detection in the low SNR band.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.19 no.1
• /
• pp.47-55
• /
• 1994

This paper investigates the performance analysis of the packet DS/SS receiver with a PJED(phase-jump error detector) using the block signal processing(BSP) methods. The conventional packet DS/SS block receiver has a high probability of mistaking the phase-jump detection, which causes the frequency estimation error. The conventional receiver uses a Matched-Pulse Timing Extractor which has a complicated structure. The proposed packet DS/SS block receiver with the PJED which uses libearity of the phase has little probability of mistaking the phase-jump detection. The proposed Matched Pulse Timing Extractor gas the more simple structure but obtains the same performance on the exact matched-pluse timing as the conventional one does. The simulation results show that the proposed receiver gives about 2dB improvement in the BER compared with the conventional receiver.

• The Journal of the Acoustical Society of Korea
• /
• v.34 no.4
• /
• pp.310-315
• /
• 2015

A single channel VAD (Voice Activity Detection) algorithm for nonstationary noise environment is proposed in this paper. Threshold values of the feature parameter for VAD decision are updated adaptively based on estimates of means and standard deviations of past non-speech frames. The feature parameter, SPD-TE (Spectral Power Difference-Teager Energy), is obtained by applying the Teager energy to the WPD (Wavelet Packet Decomposition) coefficients. It was reported previously that the SPD-TE is robust to noise as a feature for VAD. Experimental results by using TIMIT speech and NOISEX-92 noise databases show that decision accuracy of the proposed algorithm is comparable to several typical VAD algorithms including standards for SNR values ranging from 10 to -10 dB.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1225-1233
• /
• 2009

ISPs and Enterprises are equipping their networks with sufficiently high speed facilities and provide large bandwidths members. However the high speed enterprise network does not have satisfying end-to-end network performance within the network in spite of under utilization. The root cause of this performance degradation is a micro-congestion, which is a short-live event of traffic congestion. A micro-congestion causes packet loss, delay and packet reodering, and finally results in end-to-end network performance degradation. In this paper, we propose a micro-congestion detection method and find out the characteristics of performance degradation by analyzing traffic archives which is collected from a network link when a micro-congestion occurs.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.2
• /
• pp.289-296
• /
• 2015

Wireless multimedia sensor network senses and transfers mass multimedia data. Also, it is sensitive to latency. This thesis proposes a routing technique based on traffic priority in order to improve the network efficiency by minimizing latency. In addition, it proposes a congestion control mechanism that uses packet service time, packet inter-arrival time, buffer usage, etc. In this thesis, we verified the reduction of packet latency in accordance with the quality level of packet as a result of the performance analysis through the simulation method. Also, we verified that the proposed mechanism maintained a reliable network state by preventing packet loss due to network overload.