• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06d
• /
• pp.259-260
• /
• 2011

기존의 인터넷 환경은 늘어나고 있는 사용자의 요구와 더불어 트래픽폭증, 보안 등의 여러 가지 문제점들이 나타나고 있다. 세계 각국에서는 이를 해결하기 위한 다양한 프로그램을 만들고 관련된 연구개발에 힘쏟고 있다. 우리나라에서도 미래인터넷과 관련된 많은 연구개발이 진행되고 있으며 이를 실험하고 검증하기 위한 미래인터넷테스트베드 구축을 진행하고 있다. 본 논문에서는 현재 연구중인 차세대전달망 전달 장치인 패킷-광 스위치와 제어를 위한 통합제어시스템, 미래인터넷연구를 위한 프로그래머블가상라우터플랫폼을 KOREN망에 설치, 미래인터넷 시험망을 만들고 장비들을 실증하기 위한 구축 진행현황에 대하여 고찰한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.84-88
• /
• 2001

Security and degradation by broadcast is the most important part that must handle in LAN. Virtual LAN can improve LAN's degradation by method to form and manages network group logically. MAC Address VLAN algorithm that propose in this research give overlap special qualify to VLAN adding extension VID field and VID connection extent table to FDB, manage overlap extent dynamically. VLAN that apply this proposal algorithm can share information and resource in network without additional equipment. Application is possible switch or Bridge that this algorithm achieves Layer 2 functions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.21-22
• /
• 2013

가상화 기술은 하드웨어 위에서 여러 운영체제를 동작시키면서, 시스템의 활용률을 극대화 시키는 기술이므로 여러 분야에서 각광받고 있다. 가상화는 시스템 위험성 전파 등을 줄임으로써, 보안 노출을 막는 등 여러 장점들이 있다. 하지만, 게스트머신에서 하이퍼바이저로의 잦은 스위치는 가상화 성능을 떨어트린다. 또한, 다수의 가상머신에서 공유될 수 있는 페이지들에 대한 메모리 중복 문제도 존재한다. 우리는 가상화 환경에서 VMEXIT를 줄이고, 메모리를 절약할 수 있는 메모리 중복제거 기술을 제안하고, 이를 정성적으로 성능 평가를 진행하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.614-617
• /
• 2013

DDoS 대피소 시스템은 백본 네트워크의 연동구간에서 공격 대상 서버로 유입되는 DDoS 트래픽의 경로를 변경하여 공격성 패킷은 차단하고 정상적인 패킷은 원래의 경로로 전송함으로써 서비스의 연속성을 보장하는 보안 시스템이다. 본 논문에서는 일반적인 DDoS 대피소 시스템의 구성에 L7 스위치와 웹 캐시서버를 추가적으로 구성하고 클라이언트의 요청을 웹 캐시서버에서 처리하도록 하여 소규모 트래픽을 이용한 웹 어플리케이션 계층 세션 고갈형 DDoS(Web DDoS) 공격을 효과적으로 방어할 수 있으며, IP 터널링 없이도 서비스를 지속할 수 있는 L7 계층 Web DDoS 대피소 시스템을 제안한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.5
• /
• pp.39-48
• /
• 2016

One of the major trends of automotive networking architecture is the introduction of automotive Ethernet. Ethernet is already used in single automotive applications (e.g. to connect high-data-rate sources as video cameras), it is expected that the ongoing standardization at IEEE (IEEE802.3bw - 100BASE-T1, respectively IEEE P802.3bp - 1000BASE-T1) will lead to a much broader adoption in future. Those applications will not be limited to simple point-to-point connections, but may affect Electric/Electronic(EE) Architectures as a whole. It is agreed that IP based traffic via Ethernet could be secured by application of well-established IP security protocols (e.g., IPSec, TLS) combined with additional components like, e.g., automotive firewall or IDS. In the case of safety and real-time related applications on resource constraint devices, the IP based communication is not the favorite option to be used with complicated and performance demanding TLS or IPSec. Those applications will be foreseeable incorporate Layer-2 based communication protocols as, e.g., currently standardized at IEEE[13]. The present paper reflects the state-of-the-art communication concepts with respect to security and identifies architectural challenges and potential solutions for future Ethernet Switch-based EE-Architectures. It also gives an overview and provide insights into the ongoing security relevant standardization activities concerning automotive Ethernet. Furthermore, the properties of non-automotive Ethernet security mechanisms as, e.g., IEEE 802.1AE aka. MACsec or 802.1X Port-based Network Access Control, will be evaluated and the applicability for automotive applications will be assessed.

• Journal of the Korea Convergence Society
• /
• v.8 no.8
• /
• pp.51-57
• /
• 2017

A wireless sensor network is composed of many resource constrained sensor nodes. These networks are attacked by malicious attacks like DDoS and routing attacks. In this paper, we propose the intrusion detection and prevention system using convergence of software-defined networking and security technology in wireless sensor networks. Our proposed scheme detects various intrusions in a central server by accumulating log messages of OpenFlow switch through SDN controller and prevents the intrusions by configuring OpenFlow switch. In order to validate our proposed scheme, we show it can detect and prevent some malicious attacks in wireless sensor networks.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.17-23
• /
• 2013

Clustering is required to configure clustering interdependent structural technology. Clustering handles variable workloads or impede continuity of service to continue operating in the event of a failure. Long as high-availability clustering feature focuses on server operating systems. Active-standby state of two systems when the active server fails, all services are running on the standby server, it takes the service. This function switching or switchover is called failover. Long as high-availability clustering feature focuses on server operating systems. The cluster node that is running on multiple systems and services have to duplicate each other so you can keep track of. In the event of a node failure within a few seconds the second node, the node shall perform the duties broken. Structure for high-availability clustering efficiency should be measured. System performance of infrastructure systems performance, latency, response time, CPU load factor(CPU utilization), CPU processes on the system (system process) channels are represented.

• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.11-18
• /
• 2016

Accessing unauthorized rogue APs in WiFi environments is a very dangerous behavior which may lead WiFi users to be exposed to the various cyber attacks such as sniffing, phishing, and pharming attacks. Therefore, prompt and precise detection of rogue APs and properly alarming to the corresponding users has become one of most essential requirements for the WiFi security. This paper proposes a new rogue AP detection method which is mainly using the installation information of authorized APs and the DHCP snooping information of the corresponding switches. The proposed method detects rogue APs promptly and precisely, and notify in realtime to the corresponding users. Since the proposed method is simple and does not require any special devices, it is very cost-effective comparing to the wireless intrusion prevention systems which are normally based on a number of detection sensors and servers. And it is highly precise and prompt in rogue AP detection and flexible in deployment comparing to the existing rogue AP detection methods based on the timing information, location information, and white list information.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.1
• /
• pp.69-76
• /
• 2010

We describe an all-optical circuit which recognizes the header information of packet-by-packet in the access networks based on FTTH. The circuit's operation is confirmed by an experiment in the recognition of 3 and 4 header bits. The output from the header recognition circuit appears in a signal assigned in the time axis according to the header information. The recognition circuit of header for self-routing has a very simple structure using only delay lines and switches. The circuit is expected that it can be constructed of the high reliability and the low cost. Also, the circuit can solve the problems of the power loss and private security which is the weak point of the TDM-PON method by being established a unique transmission line to each subscriber.

• Journal of Korea Multimedia Society
• /
• v.13 no.8
• /
• pp.1212-1220
• /
• 2010

The technologies of domestic user programs are not enough to convert address convert information, which was collected via port redirection server, to user traffic. Generally traffic redirection technology is a special purpose technology for I/O traffic via network device. L4 switch needs various additional costs and devices to achieve this special purpose. To solve this problem, there appears need for a central management of control and monitoring by centralizing traffic at one position regardless of network structure and it is necessary to realize redirection function of switch at network layer. Therefore this study offer development of traffic central control system through protocol redirection of client-side.