• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.126-132
• /
• 2023

Web technology is evolving with the passage of time, from a single node server to high availability and then in the form of Kubernetes. In recent years, the research community have been trying to provide high availability in the form of multi master cluster with a solid election algorithm. This is helpful in increasing the resources in the form of pods inside the worker node. There are new impact of known DDoS attack, which is utilizing the resources at its peak, known as Yoyo attack. It is kind of burst attack that can utilize CPU and memory to its limit and provide legit visitors with a bad experience. In this research, we tried to mitigate the Yoyo attack by introducing a firewall at load-balancer level to prevent the attack from going to the cluster network.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2020.07a
• /
• pp.528-529
• /
• 2020

IoMT 표준은 미디어 관련 분석 기술에 대한 IoT 기술의 적용을 통하여 IoT 기반 프로토콜로 미디어 분석 기술에 대한 제어 및 IoT 기기간 연동을 제어할 수 있는 기술로써 ISO/IEC SC29 산하에서 이루어지고 있는 표준 기술이다. 2019년 국제 표준의 도출을 통하여 각종 미디어 관련 제어 기술을 분석 (Analyze), 입력 (Sensor), 표현 (Actuator), 저장 (Storage) 등의 기기 분류를 통하여 표준화하고 있으며, 다양한 유즈케이스에 대응하는 영상 분석 기술에 대한 인터페이스가 도출된 바 있다. 본 논문은 이러한 인터페이스를 가지는 IoMT 기술에 대하여 서비스를 구성 및 배포 관리하기 위한 기법을 제안한다. IoMT 기기 혹은 서비스를 조합하여 영상 입력으로부터 최종 결과까지의 서비스를 구성하기 위해서는 각각의 IoMT 기기에 대한 설정 및 기기, 서비스간 연결의 설정이 요구된다. 다만 IoMT 표준은 각 IoMT 서비스 기기에 대한 인터페이스만을 정의하고 있어 이러한 기기 및 서비스간 연결에 대한 구성이 포함되어 있지 않으며, 본 논문에서 제시하는 방법은 클라우드에서 사용되고 있는 자원 관리 및 배포 기술인 Kubernetes를 통하여 IoMT 기기들간의 연결을 설정하고 최종 서비스를 구성하는 방법을 포함한다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.2
• /
• pp.125-134
• /
• 2022

In this paper, we propose an extension method of the BR2K technique for enhancing the robustness of blockchain application services. The BR2K (Blockchain application, Replication & Recovery technique using Kubernetes) technique was recently developed to support the robustness of blockchain services through service replication and rapid restart. The proposed technique extends the existing BR2K technique to provide a state version, which is meta-information about the service state, and a method for safely managing it, and use the state version to determine the timing for service state recovery. Also, the technique provides systematic service state backup for service recovery and joining of new service nodes by utilizing the version information and the service registry which acts as a service recovery center in the BR2K technique. Based on this, it is possible to support new service nodes to join the replication service with consistency. As a result, new service nodes can be quickly added to the BR2K service in operation, enhancing the robustness of the BR2K service. In addition, the extended method is applied to the pilot blockchain application service and tested in a Kubernetes environment composed of virtual machines to confirm the validity of service replication consistency and rapid service recovery in the event of node failures.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.15 no.6
• /
• pp.299-305
• /
• 2020

We have developed a scheduler that additionally consider network performance by extending the Kubernetes developed to manage lots of containers in cloud computing nodes. The network delay adapt characteristics of the compute nodes were learned during server operation and the learned results were utilized to develop placement algorithm by considering the existing measurement units, CPU, memory, and volume together, and it was confirmed that the low delay network service was provided through placement algorithm.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2020.07a
• /
• pp.32-33
• /
• 2020

쿠버네티스는 컨테이너를 사용하는 분산 클라우드에서 컨테이너화를 쉽고 빠르게 배포/확장할 수 있어 유용한 플랫폼이다. 쿠버네티스에서 다양한 애플리케이션들이 동작하며 서비스를 제공하고 있다. 서비스의 원활한 제공을 위하여 고객과 서비스수준에 대한 약속인 SLA와 SLA의 기준이 되는 SLO에 필요한 지표를 확인하는 것은 중요하다. 본 논문은 쿠버네티스 클러스터로 구성된 분산 클라우드 DECENTER를 소개하고 DECENTER에서 분산 AI 애플리케이션의 효율적인 SLO를 지원하는 모니터링 시스템을 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.595-596
• /
• 2023

본 논문에서는 컨테이너 오케스트레이션 플랫폼에 대하여 분석하고자 한다. 공공 클라우드 전환 로드맵 검토에 따라 클라우드 네이티브 전환을 위한 기술로 컨테이너, 마이크로서비스, 컨테이너 오케스트레이션의 중요성이 강조되고 있다. 대표적인 컨테이너 오케스트레이션 도구인 Kubernetes, Docker Swarm, Mesos를 비교하며, 이들의 초기 설치 용이성, 볼륨 관리, 애플리케이션 배포, 장애 관리 등에 대해 분석하고, 이를 통해 각 도구의 장단점과 적용 상황에 따른 고려사항을 파악함으로써, 클라우드 네이티브 전환 로드맵 수립에 도움을 제공하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.828-829
• /
• 2023

현재 시험 중심의 역사 교육으로 인해 10 대 연령층에서 한국사에 대한 관심이 감소하는 추세라고 한다.[1] 이에 대한 해결 방안으로 역사적 인물의 MBTI 및 위치 기반 인증 서비스를 활용한 애플리케이션을 제안함으로써 한국사에 대한 관심을 높이고 문화재 접근성 또한 개선하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.10
• /
• pp.117-124
• /
• 2021

In this paper, we propose CANVAS (Creative ANalytics enVironment And System), an analytics system of the National Research Data Platform (DataON). CANVAS is a personalized analytics cloud service for researchers who need computing resources and tools for research data analysis. CANVAS is designed in consideration of scalability based on micro-services architecture and was built on top of open-source software such as eGovernment Standard framework (Spring framework), Kubernetes, and JupyterLab. The built system provides personalized analytics environments to multiple users, enabling high-speed and large-capacity analysis by utilizing high-performance cloud infrastructure (CPU/GPU). More specifically, modeling and processing data is possible in JupyterLab or GUI workflow environment. Since CANVAS shares data with DataON, the research data registered by users or downloaded data can be directly processed in the CANVAS. As a result, CANVAS enhances the convenience of data analysis for users in DataON and contributes to the sharing and utilization of research data.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.4
• /
• pp.105-112
• /
• 2022

Recently, many studies using reinforcement learning-based autoscaling have been performed to make autoscaling policies that are adaptive to changes in the environment and meet specific purposes. However, training the reinforcement learning-based Horizontal Pod Autoscaler(HPA) policy in a real environment requires a lot of money and time. And it is not practical to retrain the reinforcement learning-based HPA policy from scratch every time in a real environment. In this paper, we implement a reinforcement learning-based HPA in Kubernetes, and propose a transfer leanring technique using a queuing model-based simulation to accelerate the training of a reinforcement learning-based HPA policy. Pre-training using simulation enabled training the policy through simulation experience without consuming time and resources in the real environment, and by using the transfer learning technique, the cost was reduced by about 42.6% compared to the case without transfer learning technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.