• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.135-140
• /
• 2015

The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.11B
• /
• pp.1133-1141
• /
• 2009

In this paper, we present a distributed fault-tolerant topology control protocol that configure a wireless sensor network to achieve k-connectivity and (k+1)-coverage. One fundamental issue in sensor networks is to maintain both sensing coverage and network connectivity in order to support different applications and environments, while some least active nodes are on duty. Topology control algorithms have been proposed to maintain network connectivity while improving energy efficiency and increasing network capacity. However, by reducing the number of links in the network, topology control algorithms actually decrease the degree of routing redundancy. Although the protocols for resolving such a problem while maintaining sensing coverage were proposed, they requires accurate location information to check the coverage, and most of active sensors in the constructed topology maintain 2k-connectivity when they keep k-coverage. We propose the fault-tolerant topology control protocol that is based on the theorem that k-connectivity implies (k+1)-coverage when the sensing range is at two times the transmission range. The proposed distributed algorithm does not need accurate location information, the complexity is O(1). We demonstrate the capability of the proposed protocol to provide guaranteed connectivity and coverage, through both geometric analysis and extensive simulation.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.35 no.2
• /
• pp.129-135
• /
• 1999

The telemetry system for the current speed and direction, the underwater ambient noise and the distribution ecology of fishes was constructed by the author and his collaborator in order to product and manage effectively in shallow sea culture and setnets fisheries, and then the experiments for the telemetry system carried out at set net fishing ground located Nungpobay in Kojedo from October 1996 to June 1997. As this results, the techniques suggested in the telemetry system gave full display its function even though far away 1.5 km from transmitting part, but with the suggested telemetry system could not be ascertained relationship between physical environment and distribution ecology of fishes.

• Journal of Internet Computing and Services
• /
• v.14 no.5
• /
• pp.27-38
• /
• 2013

Currently a number of managers exist to manage heterogeneous networks, in this situation, the NETCONF protocol for efficient network management has been proposed as a new protocol. However, the standard NETCONF protocol stack continuous improvement since the establishment but in four layers still have some problems. Especially in situations where there are multiple administrators, problems are more highlighted in operation layer. In this paper, we focus on these issues and the Operation layer has improved the efficiency and flexibility of operations among NETCONF four layers. Additionally, for the inefficiency of updates improved the device settings based on improved operation techniques. In addition, standard protocol NETCONF did not proposed content layer data structure and we propose standard technique of content layer that can generate configuration structure of devices. Improved the three techniques are applied appropriately to the NETCONF, the proposed method and the existing NETCONF was performed experiment to compare with experimental four factors. Compare key factor are four kind as maintaining the probability of network function, the reaction performance about command, the number of control packets, performance of data creation in content layer. Such factors after performing the experiment, the proposed method in this paper is superior to the existing NETCONF and there was confirmed by analysis Experimental results.

• Journal of KIISE:Information Networking
• /
• v.33 no.4
• /
• pp.333-342
• /
• 2006

The cdma2000 lxEV - DO mobile communication system provides broadcast and multicast services (BCMCS) to meet an increasing demand from multimedia data services. The servicing of video streams over a BCMCS network must, however, face a challenge from the unreliable and error-prone nature of the radio channel. The BCMCS network uses Reed-Solomon coding integrated with the MAC protocol for error recovery. We analyze this coding technique and show that it is not effective in the case of slowly moving mobiles. To improve the playback quality of an MPEG-4 FGS video stream, we propose the Hybrid error recovery scheme, which combines Reed-Solomon with ARQ, using slots which are saved by reducing the Reed-Solomon coding overhead. The target packets to be retransmitted are prioritized by a utility function to reduce the packet error rate in the application layer within a fixed retransmission budget. This is achieved by considering of the map of the error control block at each mobile node. The proposed Hybrid error recovery scheme also uses the characteristics of MPEG-4 FGS (fine granularity scalability) to improve the video quality even when conditions are adverse: slow-moving nodes and a high error rate in the physical channel.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.4
• /
• pp.83-90
• /
• 2010

In wireless sensor networks, the data transmitted from the sensor nodes are susceptible to corruption by errors which caused of noisy channels and other factors. In view of the severe energy constraint in Sensor Networks, it is important to use the error control scheme of the energy efficiently. In this paper, we presented RS (Reed-Solomon) codes in terms of their BER performance and power consumption. RS codes work by adding extra redundancy to the data. The encoded data can be stored or transmitted. It could have errors introduced, when the encoded data is recovered. The added redundancy allows a decoder to detect which parts of the received data is corrupted, and corrects them. The number of errors which are able to be corrected by RS code can determine by added redundancy. The results of experiment validate the performance of proposed method to provide high degree of reliability in low-power communication. We could predict the lifetime of RS codes which transmitted at 32 byte a 1 minutes. RS(15, 13), RS(31, 27), RS(63, 57), RS(127,115), and RS(255,239) can keep the days of 173.7, 169.1, 163.9, 150.7, and 149.7 respectively. The evaluation based on packet reception ratio (PRR) indicates that the RS(255,239) extends a sensor node's communication range by up about 3 miters.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.93-103
• /
• 2006

Network solutions for protecting against worm attacks that complement partial end system patch deployment is a pressing problem. In the content-based worm filtering, the challenges focus on the detection accuracy and its performance enhancement problem. We present a worm filter architecture using the bloom filter for deployment at high-speed transit points on the Internet, including firewalls and gateways. Content-based packet filtering at multi-gigabit line rates, in general, is a challenging problem due to the signature explosion problem that curtails performance. We show that for worm malware, in particular, buffer overflow worms which comprise a large segment of recent outbreaks, scalable -- accurate, cut-through, and extensible -- filtering performance is feasible. We demonstrate the efficacy of the design by implementing it on an Intel IXP network processor platform with gigabit interfaces. We benchmark the worm filter network appliance on a suite of current/past worms, showing multi-gigabit line speed filtering prowess with minimal footprint on end-to-end network performance.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.11
• /
• pp.11-18
• /
• 2014

Most of the energy efficient MAC protocols for wireless sensor networks (WSNs) are based on duty cycling in a single channel and show competitive performances in a small number of traffic flows; however, under concurrent multiple flows, they result in significant performance degradation due to contention and collision. We propose a multi-channel pipelining (MCP) method for convergecast WSN in order to address these problems. In MCP, a staggered dynamic phase shift (SDPS) algorithms devised to minimize end-to-end latency by dynamically staggering wake-up schedule of nodes on a multi-hop path. Also, a phase-locking identification (PLI) algorithm is proposed to optimize energy efficiency. Based on these algorithms, multiple flows can be dynamically pipelined in one of multiple channels and successively handled by sink switched to each channel. We present an analytical model to compute the duty cycle and the latency of MCP and validate the model by simulation. Simulation evaluation shows that our proposal is superior to existing protocols: X-MAC and DPS-MAC in terms of duty cycle, end-to-end latency, delivery ratio, and aggregate throughput.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.8B
• /
• pp.1105-1114
• /
• 2010

The Proxy Mobile IPv6 (PMIPv6) has been standardized by the IETF NETLMM WG for network-based mobility management. The PMIPv6 can provide IP mobility for Mobile Nodes (MNs) with low handover latency and less wireless resource usage. But, since the PMIPv6 is basically designed for local mobility management, it cannot support directly global mobility management between different PMIPv6 domains. In the PMIPv6, since all traffic is routed through a Local Mobility Anchor (LMA), it causes a long end-to-end delay and triangular routing problem. Therefore, in this paper, we propose a fast network-based global mobility management scheme and route optimization scheme with a new network entity, called Global Mobility Agent (GMA). Numerical analysis and simulation results show that the proposed scheme is able to support global mobility between different public domains with low handover latency and low end-to-end delay, compared with the PMIPv6.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)