• The KIPS Transactions:PartA
• /
• v.15A no.5
• /
• pp.249-258
• /
• 2008

DCDN(Distributed Contents Delivery Network) as known the next generation of CDN is to exploit the resource of client PCs based on P2P technology to provide low cost, high scalability and high speed services when contents are delivered. This DCDN has two problems. One is that DCDN can't provide a sustainable service because client PCs are on/off irregularly and their on times tend to focus on specific time zone, and the other is that client PCs can not be accessed outside in DCDN if they are behind NAT or Firewall. In this paper, we present a distributed contents delivery network based on home gateway for a sustainable service. If home gateway is used in DCDN instead of client PC, it can solve the two existing problems of DCDN. That is, home gateway can provide a sustainable service because it is on during all day and it is not behind NAT and Firewall. The proposed method is implemented with ASUS WL-500GP, a wired/wireless router. Experimental results show the effectiveness of the proposed method compared to the existing method of DCDN.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.279-285
• /
• 2015

In this paper, we present the design and implementation of a realtime DNS Query Analysis System to detect and to protect from DNS attacks. The proposed system uses mirroring to collect data in DMZ, then analizes the collected data. As a result of the analysis, if the proposed system finds attack information, the information is used as a filtering information of firewall. statistic of the collected data is viewed as a realtime monitoring information on the web. To verify the effictiveness of the proposed system, we have built the proposed system and conducted some experiments. As the result, Our proposed system can be used effectively to defend DNS spoofing, DNS flooding attack, DNS amplification attack, can prevent interior network's attackers from attacking and provides realtime DNS query statistic information and geographic information for monitoring DNS query using GeoIP API and Google API. It can be useful information for ICT convergence and the future work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.61-73
• /
• 2015

In order to respond quickly to security threats that are increasing fast and variously, security control personnel needs to understand the threat of a massive amount of logs generated from security devices such as firewalls and IDS. However, due to the limitations of the information processing capability of humans, it takes a lot of time to analyze the vast amount of security logs. As a result, there is problem that the detection and response of security threats are delayed. Visualization technique is an effective way to solve this problem. This paper visualizes the security log using the RGB Palette, offering a quick and effective way to know whether the security threat is occurred. And it was applied empirically in VAST Challenge 2012 dataset.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.12
• /
• pp.965-974
• /
• 2003

Today's network consists of a large number of routers and servers running a variety of applications. In this paper, we have designed and constructed the general simulation environment of network security model composed of multiple IDSs agent and a firewall agent which coordinate by CNP (Contract Net Protocol). The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls the execution of agents or a contractee, who performs intrusion detection. In the knowledge-based network security model, each model of simulation environment is hierarchically designed by DEVS (Discrete Event system Specification) formalism. The purpose of this simulation is the application of rete pattern-matching algorithm speeding up the inference cycle phases of the intrusion detection expert system. we evaluate the characteristics and performance of CNP architecture with rete pattern-matching algorithm.

• Journal of Korea Multimedia Society
• /
• v.10 no.8
• /
• pp.1052-1059
• /
• 2007

Network security system used in the large scale network composes individual security system which protects only own domain. Problems of individual security system are not to protect the backbone network and to be hard to cope with in real-time. In this paper we proposed a security system which includes security function at the router, and the access point, which exist at the backbone network, to solve the problems. This security system sends the alert messages to an integrated security management system after detecting intrusions. The integrated security management system releases confrontation plan to each suity system. Thus the systematic and immediate confrontation is possible. We analyzed function verification and efficiency by using the security system and the integrated security management system suggested in this paper. We confirmed this integrated security management system has a possibility of a systematic and immediate confrontation.

• Journal of KIISE:Information Networking
• /
• v.29 no.5
• /
• pp.524-532
• /
• 2002

With the recent rapid progress of Internet, the higher speed network is needed to support the exploration of ambient information from text-based to multimedia-based information. Also, demands for additional Layer 3 routing technique, such as Network Address Translator (NAT) and Firewall, are required to solve a limitation of a current Internet address space and to protect the interior network from the exterior network. However, current router-based algorithms do not provide mechanisms to solve the congestion and fairness problems, while supporting the multimedia services and satisfying the user requirements. In this paper, to solve these problems, a new active queue management, called MFRED (Multiple Fairness RED) algorithm, is proposed. This algorithm can efficiently reduce the congestion in a router or gateway based on the Layer 3 routing technique, such as NAT. This algorithm can improve the fairness among TCP-like flows and unresponsive flows. It also works well in fairly protecting congestion-sensitive flows, i.e. fragile TCP, from congestion-insensitive or congestion-causing flows, i.e. robust TCP.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.782-785
• /
• 2007

If existing system need to expand security part, the security was established after paying much cost, processing of complicated installation and being patient with inconvenience at user's view because of closed structure. In this thesis, those defects could be overcome by using open security tools and constructing security server, which is firewall of 'bastion' form including proxy server, certification server and so on. Also each security object host comes to decide acceptance or denial where each packet comes from, then determines security level each hosts. Precisely it is possible choosing the packets from bastion host or following at the other policies. Although an intruder enter into inside directly, it is constructed safely because encryption algorithm is applied at communication with security object host. This thesis suggests more flexible, independent and open security system, which improves existing security through systematic linkage between system security and network security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.9
• /
• pp.1264-1270
• /
• 2018

Blockchain is a technology that directly connects each node to P2P method, except for the central server. A public blockchain is one of the blockchain types, anyone can participate without any restriction. If some node find nonce, which node can broadcasted data to all nodes. At this time, if a node that finds a nonce hides malicious code in the block, all nodes participating in the chain may be infected with malicious code due to the characteristics of the decentralization system of the blockchain. In this paper, to solve the problem that hackers can participate as an any node, we propose that a user with malicious intent can not participate as a node through a firewall with AI technology. This will improve the reliability of the propagated data over existing data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.4
• /
• pp.643-650
• /
• 2008

If existing system need to expand security part, the security was established after paying much cost, processing of complicated installation and being patient with inconvenience at user's view because of closed structure. In this thesis, those defects could be overcome by using open security tools and constructing security server, which is firewall of 'bastion' form including proxy server, certification server and so on. Also each security object host comes to decide acceptance or denial where each packet comes from, then determines security level each hosts. Precisely it is possible choosing the packets from bastion host or following at the other policies. Although an intruder enter into inside directly, it is constructed safely because encryption algorithm is applied at communication with security object host. This thesis suggests more flexible, independent and open security system, which improves existing security through systematic linkage between system security and network security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.35-45
• /
• 2004

In explosively increasing internet environments, information security is one of the most important consideration. Nowadays, various security solutions are used as such problems countermeasure; IDS, Firewall and VPN. However, basically internet has much vulnerability of protocol itself. Specially, it is possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledge number, timestamp and so on. In this Paper, we focus cm the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, we used Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using Support Vector Machine.