• Journal of KIISE:Information Networking
• /
• v.34 no.4
• /
• pp.246-255
• /
• 2007

Due to the bandwidth-consuming characteristics of the heavy-hitter P2P applications, it has become critical to have the capability of pinpointing and mitigating P2P traffic. Traditional port-based classification scheme is no more adequate for this purpose because of newer P2P applications, which incorporating port-hopping techniques or disguising themselves as HTTP-based Internet disk services. Alternatively, packet filtering scheme based on payload signatures suggests more practical and accurate solution for this problem. Moreover, it can be easily deployed on existing IDSes. However, it is significantly difficult to maintain up-to-date signatures of P2P applications. Hence, the automatic signature generation method is essential and will be useful for successful signature-based traffic identification. In this paper, we suggest an automatic signature generation method for Internet disk P2P applications and provide an experimental results on CNU campus network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.4
• /
• pp.800-806
• /
• 2015

WAVE(Wireless Access in Vehicular Environments) system is wireless communication technology that vehicle sends and receives packets between vehicles or between vehicles and infrastructure in a high-speed mobile environment. In this study, we have designed and implemented a CRL(Certificate Revocation List) download protocol that is used to verify certificate revocation status of the other party when the vehicles communicate with WAVE system. This protocol operates over UDP. And to support security features, also, ECDSA(Elliptic Curve Digital Signature Algorithm) is used for mutual authentication and ECIES(Elliptic Curve Integrated Encryption Scheme) is used to ensure the confidentiality. Moreover, this protocol ensures the integrity of data by adding MAC(Message Authentication Code) to the end of packet and support the error and flow control mechanisms.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.4
• /
• pp.387-393
• /
• 2013

In shipyard site, a ship is constructed by integrating lots of modules that are made in several sites with different capabilities and specifications. Recently, it needs to make a shipyard to be smart with wired and wireless broadband networks between hierarchical shipyards. In this paper, we propose an installation of LTE femtocell local gateway at a remote shipyard, an information exchange method between hierarchical shipyards, and an offload method to separate the general traffic. We define the mode change in a femtocell gateway for supporting the offload of the general traffic between the headquarter and a remote shipyard, the offload data management and trigger message, and cache entry fields. To show the operation of our proposed off-loading function, we consider the transcipient message flow at the femtocell gateway with its state transition diagram. Hence, it is expected to increase the productivity of shipyard industry with mobile communications and broadband Internet technologies.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.9
• /
• pp.675-684
• /
• 2009

Internet worm can cause a traffic problem through DDoS(Distributed Denial of Services) or other kind of attacks. In those manners, it can compromise the internet infrastructure. In addition to this, it can intrude to important server and expose personal information to attacker. However, current detection and response mechanisms to worm have many vulnerabilities, because they only use local characteristic of worm or can treat known worms. In this paper, we propose a new framework to detect unknown worms. It uses macroscopic characteristic of worm to detect unknown worm early. In proposed idea, we define the macroscopic behavior of worm, propose a worm detection method to detect worm flow directly in IP packet networks, and show the performance of our system with simulations. In IP based method, we implement the proposed system and measure the time overhead to execute our system. The measurement shows our system is not too heavy to normal host users.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.6
• /
• pp.336-342
• /
• 2017

Traffic can be localized by reducing the traffic load on the physical network by causing traffic to be generated at the end of the packet network. By localizing traffic, the IoT-based sensitive data-related security issues can be supported effectively. In addition, it can be applied effectively to the next-generation smart network environment without changing the existing network infrastructure. In this paper, a content priority scheme was applied to smart network-based IoT data. The IoT contents were localized to efficiently pinpoint the flow of traffic on the network to enable smart forwarding. In addition, research was conducted to determine the effective network traffic routes through content localization. Through this study, the network load was reduced. In addition, it is a network structure that can guarantee user quality. In addition, it proved that the IoT service can be accommodated effectively in a smart network-based environment.

• Journal of IKEEE
• /
• v.10 no.1 s.18
• /
• pp.30-39
• /
• 2006

The TCP protocol can provide some reliability using sliding window mechanism for data transmission, flow control, and congestion control. However, TCP has some limitations in that it has basically been designed solely for wired communication environments. If traditional TCP protocol is used also in wireless networks, the end-to-end data transmission performance degrades dramatically due to frequent packet losses caused by transmission errors and hand-offs. While there have been some research efforts on TCP enhancements considering the mobility of wireless communication devices, in this paper we propose a new method to improve the TCP performance by combining the Snoop and the Freeze-TCP methods. In the proposed scheme, the TCP end-to-end semantics is maintained and no changes of existing protocols in sending systems or in routers are required. It has the advantage of simple implementation because TCP code changes are limited to mobile devices for applying the Freeze-TCP and it requires only to add Snoop modules in base stations. Accordingly, the proposed scheme can operate well in the existing networks. Finally, in this study, we compared the performance of the proposed scheme with traditional TCP, other approaches through simulations using ns-2.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.3
• /
• pp.45-54
• /
• 2014

In this paper, an improved two-step P2P traffic classification scheme is proposed to overcome the limitations of the existing methods. The first step is a signature-based classifier at the packet-level. The second step consists of pattern heuristic rules and a statistics-based classifier at the flow-level. With pattern heuristic rules, the accuracy can be improved and the amount of traffic to be classified by statistics-based classifier can be reduced. Based on the analysis of different decision tree algorithms, the statistics-based classifier is implemented with REPTree. In addition, the ensemble algorithm is used to improve the performance of statistics-based classifier Through the verification with the real datasets, it is shown that our hybrid scheme provides higher accuracy and lower overhead compared to other existing schemes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1234-1244
• /
• 2009

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services and applications on Internet, which makes the need of application-level traffic classification important for the efficient management and control of network resources. Although lots of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in terms of accuracy and completeness. In this paper we propose an application traffic classification method using statistic signatures, defined as a directional sequence of packet size in a flow, which is unique for each application. The statistic signatures of each application are collected by our automatic grouping and extracting mechanism which is mainly described in this paper. By matching to the statistic signatures we can easily and quickly identify the application name of traffic flows with high accuracy, which is also shown by comprehensive excrement with our campus traffic data.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.387-396
• /
• 2014

Recently, there have been continuous efforts and progresses regarding the research on diverse network control and management platforms for SDN (Software Defined Networking). SDN is defined as a new technology to enable service providers/network operators easily to control and manage their networks by writing a simple application program. In SDN, incomplete or malicious programmable entities could cause break-down of underlying networks shared by heterogeneous devices and stake-holders. In this sense, any misunderstanding or diverse interpretations should be completely avoided. This paper proposes a new framework for SDN application verification and a prototype based on the formal method, especially with process algebra called pACSR which is an extended version of Algebra of Communicating Shared Resources (ACSR).

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.7
• /
• pp.1339-1346
• /
• 2015

The traffic identification is a preliminary and essential step for stable network service provision and efficient network resource management. While a number of identification methods have been introduced in literature, the payload signature-based identification method shows the highest performance in terms of accuracy, completeness, and practicality. However, the payload signature-based method's processing speed is much slower than other identification method such as header-based and statistical methods. In this paper, we first classifies signatures by matching type based on range, order, and direction of packet in a flow which was automatically extracted. By using this classification, we suggest a novel method to improve processing speed of payload signature-based identification by reducing searching space.