• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.3B
• /
• pp.152-158
• /
• 2008

Recently, DDoS (Distributed Denial of Service) attack has emerged as one of the major threats and it's main characteristic is to send flood of data packets toward a specific victim. Thus, several attack detection schemes which monitor the destination IP address of packets have been suggested. The existing Bloom Filter based attack detection scheme is simple and can support real-time monitoring. However, since this scheme monitors the separate fields of destination IP address independently, wrong detection is comparatively high. In this paper, in order to solve this drawback, an efficient Bloom Filter based destination address monitoring scheme is proposed, which monitors not only separate fields but also relationship among separate fields. In the results of simulation, the proposed monitoring scheme outperforms the existing Bloom Filter based detection scheme. Also, to improve the correctness of detection, multi-layerd structure is proposed and the correctness of result is improved according to the number of layers and extra tables.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.2
• /
• pp.371-381
• /
• 2011

Recently, there are some social issues that personal sensitive data in database were let out. The best method to protect these personal sensitive data is used by the database encryption method. But the encrypting database makes the query difficult. So, there are a lot of study to protect the database and increase the query efficiency as well. In this paper, we analysed recent research trend to protect the sensitive data and propose the combined method using buckets and the bloom filter for the medical database with range property. Compared to bucket index model, the proposed method can increase bucket index value and protect data distribution exposure. We can estimate that this proposed method can improve searching time and efficiency.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.14 no.5
• /
• pp.60-70
• /
• 2018

A software defined storage (SDS) is being deployed in cloud environment to allow multiple users to virtualize physical servers, but a solution for optimizing space efficiency with limited physical resources is needed. In the conventional data deduplication system, it is difficult to deduplicate redundant data uploaded to distributed storages. In this paper, we propose a distributed deduplication method using similarity-based clustering and multi-layer bloom filter. Rabin hash is applied to determine the degree of similarity between virtual machine servers and cluster similar virtual machines. Therefore, it improves the performance compared to deduplication efficiency for individual storage nodes. In addition, a multi-layer bloom filter incorporated into the deduplication process to shorten processing time by reducing the number of the false positives. Experimental results show that the proposed method improves the deduplication ratio by 9% compared to deduplication method using IP address based clusters without any difference in processing time.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.4
• /
• pp.848-854
• /
• 2015

There are a lot of encryption methods to secure database proposed recently. Those encryption methods can protect the sensitive data of users effectively, but it deteriorates the search performance of database query. In this paper, we proposed the selective element encryption method in order to complement those drawbacks. In addition, we compared the performance of the proposed method with that of tuple level encryption method using the various queries. As a result, we found that the proposed method, which use the selective element encryption with bloom filter as a index, has better performance than the other encryption method.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.795-798
• /
• 2017

최근 멀티코어 프로세서가 개발됨에 따라 병렬 프로그래밍은 멀티코어를 효과적으로 활용하기 위한 기법으로 그 중요성이 높아지고 있다. 트랜잭셔널 메모리는 처리 방식에 따라 HTM, STM, HyTM으로 구분되며, 최근 HTM 및 STM 결합한 HyTM 이 활발히 연구되고 있다. 그러나 기존의 HyTM 는 HTM과 STM의 동시성 제어를 위해 블룸필터를 사용하는 반면, 블룸필터의 자체적인 긍정 오류를 해결하지 못한다. 아울러, 트랜잭션 처리를 위한 메모리 할당/해제를 기존의 락 메커니즘을 사용하여 관리한다. 따라서 멀티코어 환경에서 스레드 수가 증가할수록 트랜잭션 처리 효율이 떨어진다. 본 논문에서는 멀티코어 환경에서 효율적인 트랜잭션 처리를 위한 메모리 관리 기반 하이브리드 트랜잭셔널 메모리 기법을 제안한다. 제안하는 기법은 트랜잭션 처리에 최적화된 블룸필터를 제공함으로써, 병렬적으로 동시에 수행되는 서로 다른 환경의 트랜잭션에 대해 일관성 있는 처리를 지원한다. 아울러, CPU 캐시라인에 최적화된 메모리 기법을 통해, 메모리 할당량이 적은 트랜잭션은 로컬 캐시에 할당함으로써 트랜잭션의 빠른 처리를 지원한다.

• Journal of Digital Contents Society
• /
• v.19 no.2
• /
• pp.327-334
• /
• 2018

When a PC is infected with a malicious code, it communicates with the control and command (C&C) server and, by the attacker's instructions, spreads to the internal network and acquires information. The company focuses on preventing attacks from the outside in advance, but malicious codes aiming at APT attacks are infiltrated into the inside somehow. In order to prevent the spread of the damage, it is necessary to perform internal monitoring to detect a PC that is infected with malicious code and attempts to communicate with the C&C server. In this paper, a destination IP monitoring method is proposed in this paper using Bloom filter to quickly and effectively check whether the destination IP of many packets is in the blacklist.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.5
• /
• pp.939-946
• /
• 2012

Recently privacy breaches has been an social issues. If we should encrypt the sensitive information in order to protect the database, the leakage of the personal sensitive data will be reduced for sure. In this paper, we analyzed the existing protection algorithms to protect the personal sensitive data and proposed the combined method using the bucket index method and the bloom filters. Bucket index method applied on tuples data encryption method is the most widely used algorithm. But this method has the disadvantages of the data exposure because of the bucket index value presented. So we proposed the combined data encryption method using bucket index and the bloom filter. Features of the proposed scheme are the improved search performance of data as well as the protection of the data exposure.

• Journal of KIISE:Information Networking
• /
• v.37 no.3
• /
• pp.175-186
• /
• 2010

Due to the emergence of new application programs and the fast growth of Internet users, Internet routers are required to provide the quality of services according to the class of input packets, which is identified by wire-speed packet classification. For a pre-defined rule set, by performing multi-dimensional search using various header fields of an input packet, packet classification determines the highest priority rule matching to the input packet. Efficient packet classification algorithms have been widely studied. Tuple pruning algorithm provides fast classification performance using hash-based search against the candidate tuples that may include matching rules. Bloom filter is an efficient data structure composed of a bit vector which represents the membership information of each element included in a given set. It is used as a pre-filter determining whether a specific input is a member of a set or not. This paper proposes new tuple pruning algorithms using Bloom filters, which effectively remove unnecessary tuples which do not include matching rules. Using the database known to be similar to actual rule sets used in Internet routers, simulation results show that the proposed tuple pruning algorithm provides faster packet classification as well as consumes smaller memory amount compared with the previous tuple pruning algorithm.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.194-196
• /
• 2019

컨소시엄 블록체인은 허가된 멤버로 구성된 여러그룹이 하나의 원장을 공유한다. 이때 하위멤버의 트랜잭션 및 멤버 인증은 블록생성에 참여하는 신뢰된 노드로부터 유효성을 검증받는다. 따라서 컨소시엄 블록체인의 그룹 간 멤버의 트랜잭션 공유는 Privacy문제를 야기한다. 본 논문에서 컨소시엄 블록체인에서의 privacy를 위해 익명신용장기반의 익명프로토콜을 제안한다. 본 제안 방식은 다중블룸필터를 이용하여 긍정오류율을 높이고 효율적으로 검색하도록 한다. 또한 Blind Signature를 통해 컨소시엄 멤버간 메시지에 대한 익명성을 보존하면서 인증에 대한 서명은 유지하도록 한다. 결과적으로 컨소시엄 멤버 간 Privacy를 보존하면서 인증 트랜잭션을 블룸필터의 다중패턴으로 검증하여 컨소시엄 블록체인에서의 익명프로토콜(Anonymous protocol)을 제안한다. 이로써 컨소시엄 블록체인에서의 신뢰기반의 서버 시스템의 확장과 privacy 향상을 제공한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1024-1027
• /
• 2012

SMART Highway는 다수의 차량들이 무선통신을 이용하여 차량 간 통신 또는 차량과 도로의 인프라 장비 사이에서의 통신을 제공하는 차세대 네트워킹 기술로 VANET이 핵심기술이 된다. 이러한 환경에서는 기존의 네트워크와 달리 사람의 생명과 직접적으로 연결되어 있기 때문에 보안이 매우 중요한 핵심사항이 된다. 빠른 속도의 환경속에서 이동하는 차량 간 인증이 원활이 이루어지기 위해서는 기존의 네트워크에서 사용된 인증방식은 그대로 적용시키기 어렵다. 따라서 본 논문에서는 VANET 통신 환경에서의 보안 위협 분석을 통해 보안 요구사항을 도출하여, 이를 바탕으로 다수의 차량 간 통신 시에 보다 효율적인 차량 인증이 이루어지기 위하여 블룸필터를 사용한 메시지 일괄검증 기법을 사용한다. 이를 통하여 차량이 통신 범위를 벗어나기 전까지 별도의 불필요한 인증메시지 교환을 줄이고, 통신 범위 내에 차량이 존재하지 않을 때에만 새롭게 갱신된 블룸필터를 이용하여 다른 차량과 인증이 이루어지는 효율적 방식을 제안하고자 한다.