• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.661-663
• /
• 2001

침입탐지 시스템은 내부자의 불법적인 사용, 오용 또는 외부 침입자에 의한 중요 정보 유출 및 변경을 알아내는 것으로서 각 운영체제에서 사용자가 발생시킨 키워드, 시스템 호출, 시스템 로그, 사용시간, 네트워크 패킷 등의 분석을 통하여 침입여부를 결정한다. 본 논문에서 제안하는 침입탐지시스템은 권한 이동 관련 이벤트 추출 기법을 이용하여 사용자의 권한이 바뀌는 일정한 시점만큼 기록을 한 후 HMM모델에 적용시켜 평가한다. 기존 실험에서 보여주었던 데이터의 신뢰에 대한 단점을 보완하기 위해 다량의 정상행위 데이터와 많은 종류의 침입유형을 적용해 보았고, 그 밖에 몇 가지 단점들을 수정하여 기존 모델에 비해 향상된 성능을 보이는지를 평가하였다 실험 결과 호스트기반의 침입에 대해서 매우 좋은 탐지율을 보여 주었고 F-P error(false positive error) 또한 매우 낮은 수치를 보여 주었다.

• Transactions of the Korean Society of Mechanical Engineers B
• /
• v.36 no.8
• /
• pp.839-847
• /
• 2012

Numerical simulations for channel flows with $Re_{\tau}$ = 180, 395 and 590 have been performed to investigate the hairpin packet formation process in wall-bounded turbulent flows. Using direct numerical simulation databases, the initial flow fields are given by the conditionally averaged flow field with the second quadrant event specified at the buffer layer. By tracking the initial vortex development, the change in the initial vortex to an ${\Omega}$-shaped vortex and th generation of a secondary hairpin vortex were found to occur with time scales based on the wall units. In addition, at the time when the initial vortex has grown to the channel center, the inclination angle of the hairpin vortex packet is approximately $12{\sim}14^{\circ}$, which is similar for all three Reynolds numbers. Finally, numerical simulations of the evolution of two adjacent hairpin vortices have been performed to examine the interaction between the adjacent vortex packets.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.11b
• /
• pp.207-210
• /
• 2002

본 논문에서는 NT 서버가 제공하는 서비스에서 발생하는 이벤트와 서비스를 실시간으로 감시하고 보고하는 접근 감시시스템을 설계하였다. 서버시스템으로 들어오는 패킷을 분석하고, 웹서버에 남겨지는 로그, 레지스트리 정보, 네트워크 연결 세션 정보를 통하여 불법적인 접근이 발생했는지를 분석한다. 또한 그로 인한 피해가 발생했을 경우 시스템의 어느 서비스에서 불법적인 접근이 발생했고, 어떠한 피해가 발생했는지를 분석하여 신속하고 정확한 대응을 할 수 있도록 정보를 제공한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.693-704
• /
• 2020

As a company's network structure is getting bigger and the number of security system is increasing, it is not easy to quickly detect abnormal traffic from huge amounts of security system events. In this paper, We propose traffic visualization analysis system(FDANT-PCSV) that can detect and analyze security events of information security systems such as firewalls in real time. FDANT-PCSV consists of Parallel Coordinates visualization using five factors(source IP, destination IP, destination port, packet length, processing status) and Sankey visualization using four factors(source IP, destination IP, number of events, data size) among security events. In addition, the use of big data-based SIEM enables real-time detection of network attacks and network failure traffic from the internet and intranet. FDANT-PCSV enables cyber security officers and network administrators to quickly and easily detect network abnormal traffic and respond quickly to network threats.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.227-230
• /
• 2013

Financial transactions using a mobile terminal and the Internet is activated, it is a stock exchange enabled using mobile devices and the Internet. Koscom in charge of IT operations of securities transaction-related in (securities ISAC), to analyze the vulnerability of information security related to securities transactions, which corresponds to running the integrated security control system. Online stock trading is a subject to the Personal Information Protection Act, electronic systems of related, has been designated as the main information and communication infrastructure to, damage financial carelessness of the user, such as by hacking is expected to are. As a result, research on the key vulnerabilities of information security fields related to securities business cancer decoding of the Securities and Exchange packet, through the analysis of security events and integrated security control is needed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.12
• /
• pp.287-296
• /
• 2019

Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB - based IDS proposed in this paper, we constructed prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1315-1324
• /
• 2012

Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of KIISE:Information Networking
• /
• v.34 no.6
• /
• pp.446-457
• /
• 2007

In wireless sensor network, to provide the proper responses quickly for diverse events, wireless sensor nodes have to cooperate with each other. For successful cooperation, the time synchronization among sensor nodes is an important requirement for application execution. In the wireless sensor network, the message packets including time information are used for the time synchronization. However, the transmission of many message packets will exhaust the battery of wireless sensor nodes. Since wireless sensor nodes works on the limited battery capacity, the excessive transmission of message packets has an negative impact upon their lifetime. In this paper, the Reference Interpolation Protocol (RIP) is proposed to reduce the number of message packets for the time synchronization. The proposed method performs the time interpolation between the reference packet's time and the global time of the base station. The proposed method completes the synchronization operation with only 2 message packets when compared to the previous Reference Broadcast Synchronization (RBS) technique. Due to the simple synchronization procedure, our method greatly reduces the number of synchronization messages and showed the 12.7 times less power consumption than the RBS method. From the decrease in the transmission of message packets, the convergence time among wireless sensor nodes is shortened and the lifetime of wireless sensor nodes is also prolonged as much as the amount of saved battery energy.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.979-982
• /
• 2010

최근 한정된 에너지를 기반으로 동작하는 센서 네트워크 환경에서 에너지를 효율적으로 사용하기 위한 많은 연구가 이루어지고 있다. 대표적인 연구로써 이벤트 발생 여부에 따른 노드의 가변 센싱 및 전송 기법의 경우, 특정 노드에서 네트워크 혼잡을 야기하여 전송 패킷의 손실 및 전송 모듈의 과다 사용으로 인한 네트워크의 수명이 감소하게 된다. 이를 해결하기 위해, 유전자 알고리즘을 기반으로 네트워크 패킷을 주변 노드로 분산시키는 TARP 가 제안되었다. 하지만 TARP 의 경우, 유전자 알고리즘의 핵심 단계인 적합도 평가에서 사용되는 적합도 함수에 인접 노드의 평균 데이터 전송량 및 데이터 분산만을 고려하여 트래픽을 분산하기 때문에, 전체 네트워크 수명에 대한 추가적인 고려가 필요하다. 이를 해결하기 위해 본 논문에서는 유전자 알고리즘 기반의 에너지 인식 트래픽 분산 기법을 제안한다. 제안하는 기법은 적합도 평가에서 잔여 에너지량 및 단일 노드의 데이터 전송량을 추가적으로 고려함으로써, 보다 효율적인 트래픽 분산을 수행하여 네트워크 수명을 증가시킨다. 제안하는 기법의 우수성을 보이기 위해 시뮬레이션을 통해 기존의 트래픽 분산 기법(TARP)과 제안하는 기법과의 성능을 비교하였다. 그 결과 기존 기법에 비해 평균 27% 이상의 네트워크 수명의 향상을 보였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.4
• /
• pp.980-992
• /
• 2011

WSN gateway which runs transmission between WSN (Wireless Sensor Network) based on IEEE 802.15.4 and PN (Public Network) based on TCP/IP belongs to core technology of application based on two network. Because WSN Gateway receives various kinds of packet from many sensor nodes in an uncertain time as well as uses hardware's performance enough, it has high level of complexity about software and it is hard to be implemented. To solve these problems, this paper suggests both efficient event detection scheme for identify packet and implementation unit of protocol called 'Transaction'. The results of applying the proposed network framework, complexity of software reduces. And we provide software development environments of reflect various performance requirements.