• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.382-384
• /
• 2004

최근 가파른 증가세를 보이며 그 기법 또한 다양해지고 있는 공격에 대한 사후처리와 동일 침입 방지를 위해, 네트워크 포렌직에 대한 관심이 커지고 있다. 포렌직을 위해서는 정보의 손실 없는 네트워크 트래픽을 수집하여 보존하는 것이 필요하지만, 그 양이 막대하며, 이는 더 큰 용량의 디스크를 필요로 한다. 이를 해결하기 위해서는 압축을 수행하는 것이 필요하며, 또한 IP와 같이 필요로 하는 몇몇 정보를 압축해제 없이 접근할 수 있게 한다면, 간단한 작업을 위해서도 압축을 풀기 위해 컴퓨팅 파워와 시간을 줄일 수 있을 것이다. 따라서, 이 논문에서는 수집한 패킷마다 압축을 수행할 부분과 수행하지 않을 부분으로 나누고, 압축을 수행한 뒤, 해당 정보를 4바이트의 헤더로 만들어 덧붙임으로써, 기존 트래픽을 압축함과 동시에 패킷들에 대한 간단한 정보들을 압축해제 없이 접근할 수 있는 모델을 제안하였다.

• Journal of Korea Multimedia Society
• /
• v.11 no.10
• /
• pp.1359-1365
• /
• 2008

The portion of header in H.264 gets higher than those of previous standards instead of its better compression efficiency. Therefore, this paper proposes a new technique to compress the header of H.264. Unifying a sentence elementary in H.264, H.264 does not consider the distribution of element which be encoded and uses existing Exp-Golomb method, but it is uneffective for variable length coding. Most of the header are block type(s) and motion vector difference(s), and there are redundancies in the header of H.264. The redundancies in the header of H.264 which are analyzed in this paper are three. There are frequently appearing symbols and non-frequently appearing symbols in block types. And when mode 8 is selected in macroblock, all of four sub-macroblock types are transferred. At last, same values come in motion vector difference, especially '0.' This paper proposes the algorithm using type code and quadtree, and with them presents the redundant information of header in H.264. The type code indicates shape of the macroblock and the quadtree does the tree structured motion compensation. Experimental results show that proposed algorithm achieves lower total number of encoded bits over JM12.4 up to 32.51% bit reduction.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.57-64
• /
• 2009

In order to efficiently provide IP based Wireless Broadband services in Mobile WiMAX, schemes for more efficiently utilizing a limited bandwidth in radio links are needed. Robust Header Compression (ROHC), a standard header compression scheme proposed by IETF, Bi-directional Optimistic (O) mode provides higher compression efficiency and robustness compared with Payload Header Suppression (PHS) which is an optional header compression scheme for mobile WiMAX [1, 2]. However, if consecutive packet losses occur because of a Shadow Region of Mobile WiMAX or bit errors, header decompression failure rate of the ROHC O mode increases due to inconsistency of the compression information between the Compressor and the Decompressor. Therefore, a complementary mechanism is needed. In this paper, we propose an approach for the dynamic adjustment of an optimistic parameter, which has an effect on both the compression efficiency and the robustness, for improving the performance of ROHC O mode. We also analyze the performance of the proposed approach using an OPNET simulator.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.7
• /
• pp.1214-1221
• /
• 2006

Header compression scheme is suggested as a solution to reduce the inefficient overhead of general packet stream data. Especially, it is shown that there are more overhead rate for real-time media stream links such as voice because of its short payload size, and it is possible to get higher bandwidth efficiency using the header compression scheme. There are two kinds of error recovery in header compression such as Periodic Header Refresh(PHR) and Header Request(HR) schemes. In this paper, we analyze the performance of these two compression recovery schemes, and some results such as the overhead rate, bandwidth gain and bandwidth efficiency(BE) are presented.

• Proceedings of the IEEK Conference
• /
• 2002.06a
• /
• pp.311-314
• /
• 2002

This paper deals with an improved method of utilizing end-to-end bandwidth in the All-IP environment. The proposed method includes compression of UDP/RTP headers, and multiplexing of the RTP stream packets over the end-to-and media transfer. Although the conventional method of using TCRTP(Tunneling Multiplexed Compressed RTP) is an efficient mettled of maximizing tile network throughput, it is inadequate for the All-IP based end-to-end communication. The method is a link-layer independent solution that can be easily implemented in the NGN(Next Generation Network).

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06a
• /
• pp.539-542
• /
• 2011

TAR와 같은 아카이브 포맷에는 파일 중복을 제거하는 기능이 포함되어 있지 않아서 리눅스 배포 미러와 같이 버전단위로 저장되는 시스템에서 디스크 공간의 낭비가 발생하였다. 본 연구에서는 파일 중복 제거 기능을 추가한 TAR형태의 압축 포맷인 DTAR와 이를 제어하는 DTM 유틸리티를 제안하였다. 주요 아이디어는 클라이언트에서 DTAR 생성 시, 헤더에 SHA1 해시 정보를 추가하여 DTM 유틸리티를 통해 SHA1 해시를 노드로 하는 R-B Tree를 생성하고 이를 서버에 저장된 해시 정보와 비교하여 DTAR내에서 중복이 없는 파일을 선택적으로 파일을 압축하고 서버로 백업하고 관리하는 것이다. 실험 결과 DTM을 통한 백업은 중복 데이터가 누적될수록 DTAR가 tar.gz보다 공간적인 측면이나 백업을 위한 데이터 패킷 전송 시간에서 크게 향상된 성능을 보였다.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.10
• /
• pp.101-110
• /
• 2009

The 6LoWPAN(IPv6 Low-power Wireless Personal Area Network) performs IPv6 header compression, TCP/UDP/IGMP header compression, packet fragmentation and re-assemble to transmit IPv6 packet over IEEE 802,15.4 MAC/PHY. However, from the point of view of security. It has the existing security threats issued by IP packet fragmenting and reassembling, and new security threats issued by 6LoWPAN packet fragmenting and reassembling would be introduced additionally. If fragmented packets are retransmitted by replay attacks frequently, sensor nodes will be confronted with the communication disruption. This paper analysis security threats introduced by 6LoWPAN fragmenting and reassembling, and proposes a re-transmission mechanism that could minimize re-transmission to be issued by replay attacks. Re-transmission procedure and fragmented packet structure based on the 6LoWPAN standard(RFC4944) are designed. We estimate also re-transmission delay of the proposed mechanism. The mechanism utilizes timestamp, nonce, and checksum to protect replay attacks. It could minimize reassemble buffer overflow, waste of computing resource, node rebooting etc., by removing packet fragmentation and reassemble unnecessary.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.869-879
• /
• 2022

Through this study, we discovered that among three types of compressed data blocks generated through the Deflate algorithm, No-Payload Non-Compressed Block type (NPNCB) which has no literal data can be randomly generated and inserted between normal compressed blocks. In the header of the non-compressed block, there is a data area that exists only for byte alignment, and we called this area as DBA (Disposed Bit Area), where an attacker can hide various malicious codes and data. Finally we found the vulnerability that hides malicious codes or arbitrary data through inserting NPNCBs with infected DBA between normal compressed blocks according to a pre-designed attack scenario. Experiments show that even though contaminated NPNCB blocks were inserted between normal compressed blocks, commercial programs decoded normally contaminated zip file without any warning, and malicious code could be executed by the malicious decoder.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.1
• /
• pp.43-50
• /
• 2013

File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the file identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

• Transactions of the Korean Society of Mechanical Engineers B
• /
• v.38 no.9
• /
• pp.789-795
• /
• 2014

In this study, the distribution characteristics of diffusers with various shapes that are installed in an open-type thermal storage system are numerically investigated. Four diffusers are designed to distribute a working fluid evenly through the holes on bifurcated pipes. Three-dimensional steady simulations of incompressible laminar flow are conducted using commercial software (ANSYS-FLUENT). The simulation results show that both the bidirectional header-type diffuser and the H-type diffuser distribute the working fluid evenly whereas both the unidirectional and the bidirectional diffusers distribute the working fluid unevenly. The results also show that the H-type diffuser requires a higher head of pump than the bidirectional header-type diffuser. Therefore, the bidirectional header-type diffuser is recommended for use because it enables even distribution of the working fluid and requires a low head of pump.