• Journal of Korea Multimedia Society
• /
• v.17 no.8
• /
• pp.988-994
• /
• 2014

Software Defined Network (SDN) is a new technology in computer network area which enables user to centralize control plane. The security issue is important in computer network to protect system from attackers. SYN flooding attack is one of Distributed Denial of Service attack methods which are popular to degrade availability of targeted service on Internet. There are many methods to protect system from attackers, i.e. firewall and IDS. Even though firewall is designed to protect network system, but it cannot mitigate DDoS attack well because it is not designed to do so. To improve performance of DDOS mitigation we utilize another mechanism by using SDN technology such as OpenFlow and sFlow. The methodology of sFlow to detect attacker is by capturing and sum cumulative traffic from each agent to send to sFlow collector to analyze. When sFlow collector detect some traffics as attacker, OpenFlow controller will modify the rule in OpenFlow table to mitigate attacks by blocking attack traffic. Hence, by combining sum cumulative traffic use sFlow and blocking traffic use OpenFlow we can detect and mitigate SYN flooding attack quickly and cheaply.

• Journal of Computing Science and Engineering
• /
• v.1 no.1
• /
• pp.31-55
• /
• 2007

Contemporary end-servers and network-routers rely on traffic shaping to deal with server overload and network congestion. Although such traffic shaping provides a means to mitigate the effects of server overload and network congestion, the lack of cooperation between end-servers and network-routers results in waste of network resources. To remedy this problem, we design, implement, and evaluate NetDraino, a novel mechanism that extends the existing queue-management schemes at routers to exploit the link congestion information at downstream end-servers. Specifically, NetDraino distributes the servers' traffic-shaping rules to the congested routers. The routers can then selectively discard those packets-as early as possible-that overloaded downstream servers will eventually drop, thus saving network resources for forwarding in-transit packets destined for non-overloaded servers. The functionality necessary for servers to distribute these filtering rules to routers is implemented within the Linux iptables and iproute2 architectures. Both of our simulation and experimentation results show that NetDraino significantly improves the overall network throughput with minimal overhead.

• Journal of Korea Multimedia Society
• /
• v.7 no.5
• /
• pp.698-712
• /
• 2004

DiffServ network architecture does not define a call admission control procedure explicitly. In this paper, a new DiffServ QoS control mechanism is suggested which, after the call admission control, can execute packet process according to the class while, at the same time, executing on the flow based call admission control in the DiffServ network. Routers on the path from the source to the destination estimate the aggregated class traffic of the existing flows and the new incoming flow and then, perform a call admission control in accordance with the type of classes efficiently based on the required bandwidth per each class that can meet the user's QoS requirements. In order to facilitate the packet process according to the class after the flow based call admission control, a mechanism is suggested that can adjust the network resources to classes dynamically. The performance analysis on this mechanism is carried out through a simulation.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.679-686
• /
• 2005

Because EPON access network shares a medium and aggregates the traffic from EPON subscribers, scheduling media access control on EPON bandwidth allocation is very important. Furthermore DBA mechanism of EPON based on TDMA is out of specification and up to implementation. This paper deals with a DBA method to guarantee the QoS of the delay sensitive traffic on the base of best-effort service and delay priority queue management. The proposed method performs virtual scheduling algorithm for the integrated traffic. It uses the same MAC messages and tries to guarantee the QoS of higher priority traffic first with a simple DBA architecture. We evaluate the algorithm for traffic delay according to polling interval and traffic load of upstream and downstream. The results show that the proposed method can guarantee the QoS of the delay sensitive traffic with priority of the service classes.

• Journal of Institute of Control, Robotics and Systems
• /
• v.6 no.8
• /
• pp.629-637
• /
• 2000

Unbalance between user requirements and insufficient network resources makes a congestion. In the future since the communication networks will have very heavy traffic congestion will be more serious. The ATM networks was recommended to support the B-ISDN service for the future multimedia communication. In thie sense of congestion avoidance and recovery the ABR service category in ATM networks allows the feedback flow control mechanism to dynamically allocate the idle bandwidth of the network to users fairly and to control the network congestion rapidly In this paper we introduce a congestion control scheme using systematical approach to confirm robust stability with respect to unknown round trip delay for the network which has both unicast and multicast connections.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.360-363
• /
• 2007

In sensor network, the importance of transporting data with reliability is growing gradually to support communications. Data flow from sink to nodes needs reliability for the control or management, that is very sensitive and intolerable, however relatively, data flow from nodes to sink is tolerable. In this paper, with emphasis of the data flow from sink to nodes, we proposed the mechanism that establishes confidence interval for transport. Establishing confidence interval hop-by-hop, not end to end, if errors happen or there's missing data, this mechanism recovers them with selective acknowledgement using fixed window. In addition, this mechanism supports traffic congestion control depending on the buffer condition. Through the simulation, we showed that this mechanism has an excellent performance for error recovery in sensor network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.24 no.9A
• /
• pp.1285-1294
• /
• 1999

In this paper we consider the performance of TCP video traffic over ABR with Long-Range Dependent VBR traffic. As compressed coded video traffics are increasing rapidly over Internet, lots of studies are being done for transmitting those traffics efficiently using limited network resources. We consider here the transmitting video service over ABR service in ATM networks, especially satellite networks. CBR or VBR services are suggested in transmitting the video traffic in ATM Forum TM 4.0. But ABR service connection, which is considered as appropriate service for data traffic, can be established with a small amount of bandwidth, MCR (Minimum cell rate). Furthermore ABR service can control the source's transmitting rate using feedback mechanism. Using this feature ABR service can be used in some applications which can control their quality of services corresponding to network loads. Compressed video sources with MPEG-2 are used for Long-Range Dependent VBR traffic here. We model the compressed video source to resemble the MPEG-2 transport streams. These compressed video traffic streams are consisted of three different frames, I-frame, P-frame, and B-frame. So when a network are overloaded, we can control the quality of service using this traffic features. TCP Traffics over ABR need large buffers in ATM switch to satisfy their QoS with background VBR traffics, which have high deviations in bandwidth. Furthermore satellite ATM networks with large feedback delay need large buffers corresponding RTT delay. The performance comparisons among EFCI and ER switch (ERICA+) switches in the network circumstances described above were shown in this paper. We also considered the case with ON-OFF VBR traffics.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.6
• /
• pp.333-351
• /
• 2008

Transmission control protocols have to overcome common problems in wireless networks. TCP employing both packet loss discrimination mechanism and available bandwidth estimation algorithm, known as the good existing solution, shows significant performance enhancement in wireless networks. For instance, TCP New Jersey which exhibits high throughput in wireless networks intends to improve TCP performance by using available bandwidth estimation and congestion warning. Even though it achieves 17% and 85% improvements in terms of goodput over TCP Westwood and TCP Reno, respectively, we further improve it by exploring maximized available bandwidth estimation, handling bit-error-rate error recovery, and effective adjustment of sending rate for retransmission timeout. Hence, we propose TCP NJ+, showing that for up to 5% packet loss rate, it outperforms other TCP variants by 19% to 104% in terms of goodput when the network is in bi-directional background traffic.

• Wind and Structures
• /
• v.28 no.2
• /
• pp.99-110
• /
• 2019

Vortex-Induced-Vibration (VIV) is one kind of the wind-induced vibrations, which may occur in the construction and operation period of bridges. This phenomenon can bring negative effects to the traffic safety or can cause bridge fatigue damage and should be eliminated or controlled within safe amplitudes.In the current VIV studies, one available mitigation countermeasure, the horizontal flow-isolating plate, shows satisfactory performance particularly in PI shaped bridge deck type. Details of the wind tunnel test are firstly presented to give an overall description of this appendage and its control effect. Then, the computational-fluid-dynamics(CFD) method is introduced to investigate the control mechanism, using two-dimensional Large-Eddy-Simulation to reproduce the VIV process. The Reynolds number of the cases involved in this paper ranges from $1{\times}10^5$ to $3{\times}10^5$, using the width of bridge deck as reference length. A field-filter technique and detailed analysis on wall pressure are used to give an intuitive demonstration of the changes brought by the horizontal flow-isolating plate. Results show that this aerodynamic appendage is equally effective in suppressing vertical and torsional VIV, indicating inspiring application prospect in similar PI shaped bridge decks.

• Journal of Korea Multimedia Society
• /
• v.7 no.8
• /
• pp.1120-1130
• /
• 2004

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing proactive tracing scheme(such as packet marking and messaging) prepares information for tracing when packets are in transit. But, these scheme require additional network overhead. In this paper, we propose a "advanced Traceback" mechanism, which is based on the modified Pushback system with secure router mechanism. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance Traceback performance.