• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.11A
• /
• pp.867-875
• /
• 2003

Current end-to-end congestion control depends only on the information of end points (using three duplicate ACK packets) and generally responds slowly to the network congestion. This mechanism can't avoid TCP global synchronization in which TCP congestion window size is fluctuated during congestion period. Furthermore, if RTT(Round Trip Time) is increased, three duplicate ACK packets are not correct congestion signals because congestion might already disappear and the host may send more packets until it receives three duplicate ACK packets. Recently there are increasing interests in solving end-to-end congestion control using AQM(Active Queue Management) to improve the performance of TCP protocols. AQM is a variation of RED-based congestion control. In this paper, we first evaluate the effectiveness of the current AQM schemes such as RED, CHOKe, ARED, FRED and SRED, over traffic with different rates and over traffic with mixed responsive and non-responsive flows, respectively. In particular, CHOKe mechanism shows greater unfairness, especially when more unresponsive flows exist in a shared link. We then propose a new AQM scheme using CHOKe mechanism, called DQC(Double Queue CHOKe), which uses two FIFO queues before applying CHOKe mechanism to adaptive congestion control. Simulation shows that it works well in protecting congestion-sensitive flows from congestion-causing flows and exhibits better performances than other AQM schemes. Also we use partial state information, proposed in LRURED, to improve our mechanism.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.12
• /
• pp.287-296
• /
• 2019

Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB - based IDS proposed in this paper, we constructed prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.

• Journal of Korea Multimedia Society
• /
• v.16 no.8
• /
• pp.954-961
• /
• 2013

To enhance the efficiency of network, content-centric networking (CCN), one of future Internet architectures, allows network nodes to temporally cache transmitted contents and then to directly respond to request messages which are relevant to previously cached contents. Also, since CCN uses a hierarchical content-name, not a host identity like source/destination IP address, for request/response packet routing and CCN request message does not include requester's information for privacy protection, contents-providers/ network nodes can not identify practical requesters sending request messages. So to send back relevant contents, network nodes in CCN records both a request message and its incoming interfaces on Pending Interest Table (PIT). Then the devices refer PIT to return back a response message. If PIT is exhausted, the device can not normally handle request/response messages anymore. Hence, it is needed to detect/react attack to exhaust PIT. Hence, in this paper, we propose improved detection/reaction schemes against attacks to exhaust PIT. In practice, for fine-grained control, this proposal is applied to each incoming interface. Also, we propose the message framework to control attack traffic and evaluate the performance of our proposal.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.2B
• /
• pp.184-194
• /
• 2011

Security is critically important for smart grid networks that are usually used for the electric power network and IT environments that are opened to attacks, such as, eavesdropping, replay attacks of abnormal messages, forgery of the messages to name a few. ZigBee has emerged as a strong contender for smart grid networks. ZigBee is used for low data rate and low power wireless network applications. To deploy smart grid networks, the collected information requires protection from an adversary over the network in many cases. The security mechanism should be provided for collecting the information over the network. However, the ZigBee protocol has some security weaknesses. In this paper, these weaknesses are discussed and a method to improve security aspect of the ZigBee protocol is presented along with a comparison of the message complexity of the proposed security protocol with that of the current ZigBee protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.24 no.9A
• /
• pp.1295-1305
• /
• 1999

In this paper, we present the implementation and performance analysis of H.324M mobile multimedia terminal which s under standardization. The H.324M is the mobile extension of H.324 which is the standard for low bit rate multimedia terminals operating over GSTN. For H.324M, the multiplexing protocol (H.223) of H.324 is enhanced to protect data from the transmission errors over mobile channels. The multiplexing protocol of H.324M is classified into Levels 0, 1, 2, and 3 depending on the level of error protection. Each Level is analyzed according to different types of the data loss elements. Simulation results show that the loss caused by the corrupted flag and header produces the most serious performance degradation. Levels 1 and 2 which protect the header and flag are effective in reducing the total loss. Furthermore, the optimal flag length and threshold value for Levels 1 and 2 are determined.

• KSCI Review
• /
• v.14 no.2
• /
• pp.235-244
• /
• 2006

This paper attacked the unknown DoS which mixed a DoS attack, Worm and the Trojan horse which used IP Source Address Spoofing and Smurf through the SYN Flooding way that UDP, ICMP, Echo, TCP Syn packet operated. the applications that used TCP/UDP in VoIP service networks. Define necessity of a Dynamic Update Engine for a prevention, and measure Miss traffic at RT statistics of inbound and outbound parts in case of designs of an engine at IPS regarding an Self-learning module and a statistical attack spread. and design a logic engine module. Three engines judge attack grades (Attack Suspicious, Normal), and keep the most suitable filtering engine state through AND or OR algorithms at Footprint Lookup modules. A Real-Time Dynamic Engine and Filter updated protected VoIP service from DoS attacks, and strengthened Ubiquitous Security anger, and were turned out to be.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.165-174
• /
• 2006

This paper attacked the unknown DoS which mixed a DoS attack, Worm and the Trojan horse which used IP Source Address Spoofing and Smurf through the SYN Flooding way that UDP, ICMP, Echo, TCP Syn packet operated, the applications that used TCP/UDP in VoIP service networks. Define necessity of a Dynamic Update Engine for a prevention, and measure Miss traffic at RT statistics of inbound and outbound parts in case of designs of an engine at IPS regarding an Self-learning module and a statistical attack spread, and design a logic engine module. Three engines judge attack grades (Attack, Suspicious, Normal), and keep the most suitable filtering engine state through AND or OR algorithms at Footprint Lookup modules. A Real-Time Dynamic Engine and Filter updated protected VoIP service from DoS attacks, and strengthened Ubiquitous Security anger, and were turned out to be.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.5
• /
• pp.925-933
• /
• 2003

Network is expected to be developed into optical Internet network collected IP layer and optical layer, but GMPLS is risen at the transitional evolution stage because of the present technology level. GMPLS that MPLS is extended and generalized is able to support not only the packet switching device but also the devices which perform switching in time, wavelength, and space domain. To implement the common control plane to these various switching types, GMPLS extends the existing MPLS signaling and routing protocol. In this paper, we describe the overview of GMPLS technology, and then we will refer to the OSPF(Open Shortest Path First), which was used to exchange the status information of link, as the plan of routing extension to exchange the information of various link type, bandwidth, link protection type etc. And also, we describe the definition of new protocol, so called, LMP that is a signaling protocol for solving complex problem which manages hundreds and thousands of links between two nodes. And we will examine and analyze the plan of signaling protocol extension to apply signaling protocol RSVP-TE(Resource Reservation Protocol) for traffic engineering in MPLS to network, and the message objects and formats associated with modified RSVP.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.6
• /
• pp.83-89
• /
• 2012

This paper proposes the design of a security-enhanced RFID authentication protocol which meets the privacy protection for tag bearers. The protocol which uses AES(Advanced Encryption Standard) cipher algorithm is based on a three-way challenge response authentication scheme. In addition, three different types of protocol packet formats are also presented by extending the ISO/IEC 18000-3 standard for realizing the security-enhanced authentication mechanism in RFID system environment. Through the comparison of security, it was shown that the proposed scheme has better performance in user data confidentiality, Man-in-the-middle replay attack, and replay attack, and forgery resistance, compared with conventional some protocols. In order to validate the proposed protocol, a digital Codec of RFID tag is also designed based on the protocol. This Codec has been described in Verilog HDL and also synthesized using Xilinx Virtex XCV400E device.

• Journal of the Korean Institute of Telematics and Electronics S
• /
• v.36S no.8
• /
• pp.1-7
• /
• 1999

The Internet is emerging as a powerful tool in the area of information and communication technology. The WWW has been especially contributed to increase the internet demand because of its browser which has "Graphic User Interface". Nowadays number of hosts that supply harmful information such as pornographic materials, and the infringement of human rights is rapidly increased. Access to such materials is very easy. Therefore security system which will protect young users from access to harmful host is needed. This paper presents implementation of user system has database about harmful hosts at the Internet and monitors that the user traffic over LAM get touch with the hosts. The system can not make the user access the harmful host because it can over LAN. The performance analysis on the developed system monitoring the traffic over LAN of Andong university is carried out. The performance analysis of monitoring results satisfies with preventing users from the connection to the internet harmful sites.