• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2113-2116
• /
• 2003

이 논문에서는 리눅스 기반VDPM(Virus Detection Protection Management)시스템을 제안하고 개발한 응용SW로 감지, 차단 및 관리 방법을 제시한다. 제안된 LVPM시스템은 첫째특정탐색 및 전체탐색 알고리듬에 의하여 개발된 VDPM시스템은 신종 바이러스까지 탐지하는 모든 종류의 바이러스 탐지(VDPM_hawkeye) 모듈, Virus첵크하는 감시 및 Virus첵크후 친정, 제거하는 방지(VDPM_medic)모듈, DB를 update하는 기능을 가지는 관리(VDPM_manager)모듈과 원격 DB관리 및 Virus결과 보고 기능 (VDPM_reporter) 모듈로 되어 있으며 지능적인 Virus방지 시스템, 둘째 네트워크 패킷을 분석하여 네트워크를 통한 침 바이러스 탐지 및 대응 시스템과 셋째 네트워크 패킷을 분석하여 네트워치를 통한 네트워크형 악성 소프트웨어 대응 시스템을 포함한 바이러스 보호 통합 시스템을 구현하였다. 더불어 호스트와 네트웍기반의 통합적인 IDS가 방화벽(Firewall)시스템과 연동하여 IDS 단독 차단이 불가능한 공격을 차단하는 소프트웨어 시스템을 개발하는 것이며 관리자가 사용하기 쉬운 GUI환경으로 구현하였고 대규모 분산 네트워크 환경에서 효율적인 리눅스기반 침입탐지방지관리 솔루션을 제시한다.

• Journal of the Semiconductor & Display Technology
• /
• v.15 no.3
• /
• pp.51-56
• /
• 2016

This paper proposes a new image enhancement method for an infrared thermal image. The proposed method uses both Laplacian and Prewitt edge detectors. Without a visible light, it uses an infrared image for the edge detection. The method subtracts contour images from the infrared thermal image. It results black contours of objects in the infrared thermal image. That makes the objects in the infrared thermal image distinguished clearly. The proposed method is implemented using C language in an embedded Linux system for a high-speed real-time image processing. Experiments were conducted by using various infrared thermal images. The results show that the proposed method is successful for image enhancement of an infrared thermal image.

• Journal of the Semiconductor & Display Technology
• /
• v.14 no.4
• /
• pp.50-55
• /
• 2015

This paper proposes a new histogram partition stretching and shrinking method for infrared image enhancement. The proposed method divides the histogram of an input image into three partitions according to its mean value and standard deviation. The method stretches both the dark partition and the bright partition of the histogram, while it shrinks the medium partition. As the result, both the dark part and the bright part of the image have more brightness levels. The proposed method is implemented using C language in an embedded Linux system for a high-speed real-time image processing. Experiments were conducted by using various infrared images. The results show that the proposed algorithm is successful for the infrared image enhancement.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.229-231
• /
• 2003

최근 몇 년 동안 컴퓨터 사용자들의 멀티미디어 데이터에 대한 요구가 빠르게 증가하고 있다. 멀티미디어 데이터를 서비스하기 위해서는 대용량의 저장장치가 필요하며 연속재생이 가능하여야 한다. 이와 관련하여 데이터 압축기술과 스트리밍 기슬과 고성능 PC를 고속의 네트웍으로 연결하는 클러스터 기술에 대한 연구가 진행되고 있다. 클러스터 시스템은 비교적 저렴한 가격의 고성능 시스템으로 고가의 단일서버에 비해 확장성과 가격대 성능면에서 유리하다. 이에 본 연구에서는 리눅스 클러스터 기반의 오디오/비디오 실시간 및 VOD 스트리밍 서버와 일반적인 사용자에게 친숙한 윈도우 환경의 플레이어를 구현하였다. 또한 본 연구에서 구현한 시스템에서는 기존에 윈도우 NT계열에서만 스트리밍이 가능했던 ASF포맷의 멀티미디어 데이터를 리눅스 서버에서도 스트리밍 서비스가 가능하도록 하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.93-94
• /
• 2024

컨테이너는 현대 클라우드 환경에서 핵심적인 역할을 수행하며, 이에 따라 많은 기업이 접근성과 확장성을 위해 이를 채택하고 있다. 그러나 컨테이너는 호스트 리눅스 커널과 컴퓨팅 자원을 공유하는 특징을 가지고 있어서, 한 컨테이너가 오작동하면 호스트 환경 전체에 악영향을 끼칠 수 있다. 따라서 실시간으로 컨테이너의 상태를 감시하고 이를 효과적으로 관리하는 것이 필요하다. 본 논문에서는 이러한 문제에 대응하기 위해 호스트에서 동작하는 모든 컨테이너의 활동을 실시간으로 통합 감시하고자 한다. 이를 위해, 본 논문에서는 Linux Namespace를 활용하는 컨테이너의 특징을 이용하여 호스트에서 실행되는 여러 프로세스 중 컨테이너 프로세스를 식별하고, 이후 eBPF (Extended Berkeley Packet Filter) 기술을 활용하여 컨테이너로부터 호출되는 시스템 콜을 kprobe와 kretprobe를 통해 모니터링하여 컨테이너의 활동을 실시간으로 감시할 수 있는 시스템을 제안하고자 한다.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.4
• /
• pp.187-194
• /
• 2018

The operating system for IoT should have a small memory footprint and provide low power state, real-time, multitasking, various network protocols, and security. Although the Zephyr kernel, an operating system for IoT, released by the Linux Foundation in February 2016, has these features but errors generated by the user code can generate fatal problems in the system because the Zephyr kernel adopts a single-space method that both the user code and kernel code execute in the same space. In this research, we propose a space separation method, which separates kernel space and user space, to solve this problem. The space separation that we propose consists of three modifications in Zephyr kernel. The first is the code separation that kernel code and user code execute in each space while using different stacks. The second is the kernel space protection that generates an exception by using the MPU (Memory Protection Unit) when the user code accesses the kernel space. The third is the SVC based system call that executes the system call using the SVC instruction that generates the exception. In this research, we implemented the space separation in Zephyr v1.8.0 and evaluated safety through abnormal execution of the user code. As the result, the kernel was not crashed by the errors generated by the user code and was normally executed.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.10
• /
• pp.3148-3154
• /
• 2000

In this paper. the design and implementationof the on-line registration system for the school affairs is described. The environments for the system configurations include a PC server under Linux Iperating System. Apache Web-server, and MySQL as database engine. In addition, PHP, which becomes a popular Internet server-based script language lately, is used to implement a real-time database. In order to avoid overload problems during short-term registration period, which deconstraces the typical surge of traffics, the proposed system is designed to minimize the unnecessary interfacing tasks. On administrator side task, the sytem is designed to have environments by separating the dechcated server that restricts the scope of specific database thasks. In doing so, it become possibal to build an optical system by distributing, balancing the transaction load, maintainimg the security and efficient administrative tasks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.129-140
• /
• 2003

Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.319-330
• /
• 2001

In virtual memory system, when a process attempts to access a page that is not resident in memory, the system generates and handles a page fault that causes unpredictable delay. So virtual memory system is not appropriate for the real-time system, because it can increase the deadline miss ratio of real-time task. In multimedia system, virtual memory system may degrade the QoS(quality of service) of multimedia application. Furthermore, in general-purpose operating system, whenever a new task is dynamically loaded, virtual memory system suffers from extensive page fault that cause transient overloading state. In this paper, we present efficient overloading control mechanism called RBPFH (Rate-Based Page Fault Handling). A significant feature of the RBPFH algorithm is page fault dispersion that keeps page fault ratio from exceeding available bound by monitoring current system resources. Furthermore, whenever the amount of available system resource is changed, the RBPFH algorithm dynamically adjusts the page fault handling rate. The RBPFH algorithm is implemented in the Linux operating system and its performance measured. The results demonstrate RBPFH\`s superior performance in supporting multimedia applications. Experiment result shows that RBPFH could achieve 10%∼20% reduction in deadline miss ratio and 50%∼60% reduction in average delay.

• Journal of Advanced Navigation Technology
• /
• v.16 no.6
• /
• pp.910-919
• /
• 2012

In this paper, we described development of on-board image processing system and its process and verified its performance through flight experiment. The image processing board has single ARM(Advanced Risk Machine) processor. We performed Embedded Linux Porting. Algorithm to be applied for object tracking is color-based image processing algorithm, it can be designed to track the object that has specific color on ground in real-time. To verify performance of the on-board image processing system, we performed flight test using the PNUAV, UAV developed by LAB. Also, we performed optimization of the image processing algorithm and kernel to improve real-time performance. Finally we confirmed that proposed system can track the blue-color object within four pixels error range consistently in the experiment.