• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.278-281
• /
• 2018

The early Web technology was to show text information through a browser. However, as web technology advances, it is possible to show large amounts of multimedia data through browsers. Web technologies are being applied in a variety of fields such as sensor network, hardware control, and data collection and analysis for big data and AI services. As a result, the standard has been prepared for the Internet of Things, which typically controls a sensor via HTTP communication and provides information to users, by installing a web browser on the interface of the Internet of Things. In addition, the recent development of web-assembly enabled 3D objects, virtual/enhancing real-world content that could not be run in web browsers through a native language of C-class. Factors that evaluate the performance of existing Web applications include performance, network resources, and security. However, since there are many areas in which web applications are applied, it is time to revisit and review these factors. In this thesis, we will conduct an analysis of the factors that assess the performance of a web application. We intend to establish an indicator of the development of web-based applications by reviewing the analysis of each element, its main points, and its needs to be supplemented.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.1
• /
• pp.159-163
• /
• 2011

3-Screen service means that one video contents is operated on 3 different terminals(smart-phone, IP-TV, internet PC) with same service browser. In this paper, we developed 3-Screen video service system based on imbedded web browser. We evaluated and analysed of developed 3-Screen service system through Agribusiness video service offering test environment on the LG U+ network. As a result of tests, it showed that 3-Screen video service was well performed in each 3-Screen service terminals. The result of this paper will be utilized in various application developments for the 3-Screen video service in the future.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.66-75
• /
• 2023

Recently, the number of cloud web applications is increasing owing to the accelerated migration of enterprises and public sector information systems to the cloud. Traditional network attacks on cloud web applications are characterized by Denial of Service (DoS) attacks, which consume network resources with a large number of packets. However, HTTP DoS attacks, which consume application resources, are also increasing recently; as such, developing security technologies to prevent them is necessary. In particular, since low-bandwidth HTTP DoS attacks do not consume network resources, they are difficult to identify using traditional security solutions that monitor network metrics. In this paper, we propose a new detection model for detecting HTTP DoS attacks on cloud web applications by collecting the application metrics of web servers and learning them using machine learning. We collected 18 types of application metrics from an Apache web server and used five machine learning and two deep learning models to train the collected data. Further, we confirmed the superiority of the application metrics-based machine learning model by collecting and training 6 additional network metrics and comparing their performance with the proposed models. Among HTTP DoS attacks, we injected the RUDY and HULK attacks, which are low- and high-bandwidth attacks, respectively. As a result of detecting these two attacks using the proposed model, we found out that the F1 scores of the application metrics-based machine learning model were about 0.3 and 0.1 higher than that of the network metrics-based model, respectively.

• Journal of Korea Multimedia Society
• /
• v.14 no.2
• /
• pp.153-170
• /
• 2011

OMTP (Open Mobile Terminal Platform) is a global forum made by telecommunications providers to promote user-oriented mobile services and data business. Devised by OMTP, BONDI is a browser-based application or a mobile web run-time platform to help widgets make good use of functions of mobile devices in a secure way. BONDI enables applications programmed with web standard technologies such as HTML, JavaScript, CSS, and AJAX to reach the internal functions of mobile devices. Since BONDI, which is not just a simple network application, can reach the internal resources of devices in standard ways, it enables the application and widgets to be developed regardless of tile OS or platform. Web browser-based widgets are vulnerable to the network environment, and their exeeution speed can be slowed as the operations of the widgets or applications become heavy. However, those web widgets will be continuously used thanks to the user-friendly simple interface and the faster speed in using web resources more than the native widgets inside the device. This study suggested a method to effectively operate and manage the resource of OMTP BONDI web widget and then provided an improved result based on a running performance evaluation experiment. The experiment was carried to improve the entire operating time by enhancing the module-loading speed. In this regard, only indispensable modules were allowed to be loaded while the BONDI widget was underway. For the purpose, the widget resource list, able to make the operating speed of the BONDI widget faster, was redefined while a widget cache was employed. In addition, the widget box, a management tool for removed widgets, was devised to store temporarily idle widgets.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11c
• /
• pp.1983-1986
• /
• 2002

분산 인터넷 환경에서 웹 애플리케이션의 상호운영성, 유연성, 확장성, 유지보수성 재사용성을 높이기 위해서 프레임웍 및 패턴을 시스템 개발에 적용하는 연구가 진행되고 있다. 프레임웍 및 패턴을 사용하여 시스템을 개발하기 위해서는 여러 가지 설비(facility)를 요구하며 개발자는 시스템에 대해 보다 많은 부분을 고려해야 한다. 본 논문에서는 특정 도메인에서 MVC Model 2 프레임웍을 기반으로 하는 시스템에 대해 공통으로 사용 가능한 코드를 재사용할 수 있도록 시스템의 골격 코드 및 프로토타입 형태의 시스템을 자동 생성하는 빌더를 설계하고 구현한다. 생성되는 프로토타입 시스템에서는 커스텀 태그 및 재사용 가능한 빈을 정의하고 XML, DOM, 국제화, 지역화 등을 지원하도록 작성되어 커스텀 태그 및 빈의 추가 및 변경에 의해 웹 애플리케이션의 기능을 변경시키고 성능을 향상시키는 것이 용이하게 된다. 본 연구에서 설계하고 구현한 Model 2 기반 프로토타입 자동생성 도구는 웹 애플리케이션 개발시에 활용되어 생산성 향상에 기여할 수 있다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.10
• /
• pp.2473-2481
• /
• 2014

The majority of next generation information systems will be working on portable mobile devices such as smartphones. REST Open API web services have quickly become popular among mobile application development. The use of REST web services are not only growing in popularity but totally changing the way of mobile applications development. This is because REST web services could be used in application development as a form of building blocks, which is completely independent, compatible, to any platforms. With this strength, REST web services encourage third party application to build add-on functionality. This research proposes the use of REST web service to replace the use of socket APIs into major internet communication APIs. To this end, this paper also provide performance evaluation of the REST web services compared to the conventional socket APIs, focusing on scalability by analytical and experimental evaluations. Finally, we summarize the possibility whether REST Open API web services have enough performance as future major internet communication primitive APIs.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.43-51
• /
• 2016

Nowadays hacked using a security vulnerability in a web application, and the number of security issues on the web site at many sites due to the exposure of personal information is increasing day by day. In this paper, considering the open-source Web Application Security Project at the time of production of the website. Proposed the OWASP TOP 10 vulnerability verification method, by applying the proposed method and then analyzed for improved method and vulnerability to verify the performance of security vulnerability.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.1628-1631
• /
• 2015

웹을 통한 다수의 정보서비스와 전산자원을 공동으로 활용하는 경우에 있어서는, 구성자원에 대한 통합과 공동 활용이 상당히 중요한 요소이다. 일반적으로 웹 서비스를 위한 구성요소로서는 Web, WAS, 데이터베이스, 검색엔진 등의 다양한 소프트웨어를 통합, 운영하게 된다. 또한, 투입비용에 대한 효과적인 측면과 서비스 연속성 측면에서 서버의 공유 및 공유 스토로지에 대한 요구를 피할 수 없게 된다. 본 논문에서는 전체적인 서비스의 성능에 커다란 영향을 미치는 Back-end Tier의 검색서버를 통하여, IP 네트워크 기반의 스토리지 I/O에 대한 성능측정을 수행하였고, 그 성능실험의 결과에 따라 해당 애플리케이션에 최적의 스토리지 설계하고, 애플리케이션의 특성별로 최적의 스토리지를 할당하여 정보서비스의 전체적인 성능향상을 이루었다.

• Journal of the Korea Society for Simulation
• /
• v.16 no.4
• /
• pp.33-41
• /
• 2007

Service-Oriented Architecture(SOA) define the interaction method between two computing entities that one entity performs a unit task instead of another entity. This, unit task, is called "Service" and interaction of these services should have independency and loosely coupled task. The effect of SOA's main functions such as loosely coupled task and independent interoperability with influence the possibility of flexible message communication between different way and different users. In this article, we analyzed the performance about system stabilization between general web service and SOA based application that implemented through WCF based messaging framework using .NET Framework and integrated data presentation method. As the result of test, we confirmed that SOA environment using WCF have more advantages.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.