• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2895-2921
• /
• 2018

Security has become one of the major concerns in mobile adhoc networks (MANETs). Data and voice communication amongst roaming battlefield entities (such as platoon of soldiers, inter-battlefield tanks and military aircrafts) served by MANETs throw several challenges. It requires complex securing strategy to address threats such as unauthorized network access, man in the middle attacks, denial of service etc., to provide highly reliable communication amongst the nodes. Intrusion Detection and Prevention System (IDPS) undoubtedly is a crucial ingredient to address these threats. IDPS in MANET is managed by Command Control Communication and Intelligence (C3I) system. It consists of networked computers in the tactical battle area that facilitates comprehensive situation awareness by the commanders for timely and optimum decision-making. Key issue in such IDPS mechanism is lack of Smart Learning Engine. We propose a novel behavioral based "Smart Multi-Instance Multi-Label Intrusion Detection and Prevention System (MIML-IDPS)" that follows a distributed and centralized architecture to support a Robust C3I System. This protocol is deployed in a virtually clustered non-uniform network topology with dynamic election of several virtual head nodes acting as a client Intrusion Detection agent connected to a centralized server IDPS located at Command and Control Center. Distributed virtual client nodes serve as the intelligent decision processing unit and centralized IDPS server act as a Smart MIML decision making unit. Simulation and experimental analysis shows the proposed protocol exhibits computational intelligence with counter attacks, efficient memory utilization, classification accuracy and decision convergence in securing C3I System in a Tactical Battlefield environment.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.5
• /
• pp.19-28
• /
• 2017

Various methods for reducing the load on the server have been implemented in performing face recognition remotely by the spread of IP security cameras. In this paper, IP surveillance cameras at remote sites are input through a DSP board equipped with face detection function, and then face detection is performed. Then, the facial region image is transmitted to the server, and the face recognition processing is performed through face recognition distributed processing. As a result, the overall server system load and significantly reduce processing and real-time face recognition has the advantage that you can perform while linked up to 256 cameras. The technology that can accomplish this is to perform 64-channel face recognition per server using distributed processing server technology and to process face search results through 250 camera channels when operating four distributed processing servers there was.

• Journal of Institute of Control, Robotics and Systems
• /
• v.14 no.10
• /
• pp.983-990
• /
• 2008

This paper presents the fault detection and diagnosis(FDD) algorithm to enhance reliability of a longitudinal controller for an autonomous All-Terrain Vehicle(ATV). The FDD is designed to monitor and identify faults which may occur in distributed hardware used for longitudinal control, e.g., DSPs, CAN, sensors, and actuators. The proposed FDD is an integrated approach of decentralized and centralized FDD. While the former is processed in a DSP and suitable to detect faults in a single hardware, it is sensitive to noise and disturbance. On the other hand, the latter is performed via communication and it detects and diagnoses faults through analyzing concurrent performances of multiple hardware modules, but it is limited to isolate faults specifically in terms of components in the single hardware. To compensate for disadvantages of each FDD approach, two layered structure including both decentralized and centralized FDD is proposed and it allows us to make more robust fault detection and more specific fault isolation. The effectiveness of the proposed method will be validated experimentally.

• KEPCO Journal on Electric Power and Energy
• /
• v.1 no.1
• /
• pp.55-59
• /
• 2015

Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.8
• /
• pp.41-48
• /
• 2016

In this paper, we propose an election protocol based on mobile ad-hoc network. In distributed systems, a group of computer should continue to do cooperation in order to finish some jobs. In such a system, an election protocol is especially practical and important elements to provide processes in a group with a consistent common knowledge about the membership of the group. Whenever a membership change occurs, processes should agree on which of them should do to accomplish an unfinished job or begins a new job. The problem of electing a leader is very same with the agreeing common predicate in a distributed system such as the consensus problem. Based on the termination detection protocol that is traditional one in asynchronous distributed systems, we present the new election protocol in distributed systems that are based on MANET, i.e. mobile ad hoc network.

• 제어로봇시스템학회:학술대회논문집
• /
• 2001.10a
• /
• pp.59.1-59
• /
• 2001

The attackers on Internet-connected systems we are seeing today are more serious and more technically complex than those in the past. Computer security incidents are different from many other types of crimes because detection is unusually difficult. So, network security managers need a IDS and Firewall. IDS (Intrusion Detection System) monitors system activities to identify unauthorized use, misuse or abuse of computer and network system. It accomplishes these by collecting information from a variety of systems and network resources and then analyzing the information for symptoms of security problems. A Firewall is a way to restrict access between the Internet and internal network. Usually, the input ...

• Database Research
• /
• v.34 no.3
• /
• pp.58-68
• /
• 2018

Distributed computing helps to efficiently store and process large data on a cluster of multiple machines. The performance of distributed computing is greatly influenced depending on the state of the servers constituting the distributed system. In this paper, we propose a self-diagnosis system that collects log data in a distributed system, detects anomalies and visualizes the results in real time. First, we divide the self-diagnosis process into five stages: collecting, delivering, analyzing, storing, and visualizing stages. Next, we design a real-time self-diagnosis system that meets the goals of real-time, scalability, and high availability. The proposed system is based on Apache Flume, Apache Kafka, and Apache Storm, which are representative real-time distributed techniques. In addition, we use simple but effective moving average and 3-sigma based anomaly detection technique to minimize the delay of log data processing during the self-diagnosis process. Through the results of this paper, we can construct a distributed real-time self-diagnosis solution that can diagnose server status in real time in a complicated distributed system.

• Journal of the Korea Society for Simulation
• /
• v.17 no.2
• /
• pp.83-90
• /
• 2008

We introduce the coordination among the intrusion detection agents by BBA(BlackBoard Architecture) that belongs to the field of distributed artificial intelligence. The system which uses BBA for the coordination can be easily expanded by adding new agents and increasing the number of BB(BlackBoard) levels. Several simulation tests performed on the targer network will illustrate our techniques. And this paper applies PBN(Policy-Based Network) to reduce the false positives that is one of the main problems of IDS. The performance obtained from the coordination of intrusion detection agent with PBN is compared against the corresponding non PBN type intrusion detection agent. The application of the research results lies in the experimentation of the various security policies according to the network types in selecting the best security policy that is most suitable for a given network.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.346-354
• /
• 2022

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.827-838
• /
• 2005

DDoS (Distributed Denial of Service) attack is a critical threat to current Internet. To solve the detection and response of DDoS attack on BcN, we have investigated detection algorithms of DDoS and Implemented anomaly detection modules. Recently too many technologies of the detection and prevention have developed, but it is difficult that the IDS distinguishes normal traffic from the DDoS attack Therefore, when the DDoS attack is detected by the IDS, the firewall just discards all over-bounded traffic for a victim or absolutely decreases the threshold of the router. That is just only a method for preventing the DDoS attack. This paper proposed the mechanism of response for the legitimated clients to be protected Then, we have designed and implemented the statistic based system that has the automated detection and response functionality against DDoS on Linux Zebra router environment.