• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.331-337
• /
• 2014

Paradigm shift to cloud computing has increased the importance of security. Even though public cloud computing providers such as Amazon, already provides security related service like firewall and identity management services, it is not suitable to protect data in cloud environments. Because in public cloud computing environments do not allow to use client's own security solution nor equipments. In this environments, user are supposed to do something to enhance security by their hands, so the needs of visualized security management arises. To implement visualized security management, developing near realtime data handling & packet classification mechanisms are crucial. The key technical challenges in packet classification is how to classify packet in the manner of unsupervised way without human interactions. To achieve the goal, this paper presents automated packet classification mechanism based on naive-bayesian and packet Chunking techniques, which can identify signature and does machine learning by itself without human intervention.

• Proceedings of the KIEE Conference
• /
• 2007.11b
• /
• pp.291-293
• /
• 2007

SCADA (Supervisory Control and Data Acquisition) SCADA refers to the combination of telemetry and data acquisition [1]. SCADA system has been used for remote measurement and control on the critical infrastructures as well as modem industrial facilities. Electric Power system is a representative system using SCADA network for its communication. Integration between many networks and increasing threatens of terrorism have made the potential risk by cyber attacks real and bigger in power system. Recently, many researching efforts have been made on SCADA network for improving its security. In general aspect, there are already several ways to secure the system like encryption, firewall, authentication, etc. In this paper, we focus on symmetric encryption method and propose the proper key distribution method to reflect the unique characteristics of SCADA network communication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.7
• /
• pp.1230-1251
• /
• 2011

This document specifies a new IPv6 deployment protocol called CHANC, which stands for Configuring Hosts to Auto-detect (IPv6, IPv6-in-IPv4, or IPv4) Network Connectivity. The main part is an application level tunneling protocol that allows Internet Service Providers (ISPs) to rapidly start deploying IPv6 service to their subscribers whom connected to the Internet via IPv4-only access networks. It carries IPv6 packets over HTTP protocol to be transmitted across IPv4-only network infrastructure. The key aspects of this protocol are: offers IPv6 connectivity via IPv4-only access networks, stateless operation, economical solution, assures most firewall traversal, and requires simple installation and automatic configuration at customers' hosts. All data packets and routing information of the IPv6 protocol will be carried over the IPv4 network infrastructure. A simple application and a pseudo network driver must be installed at the end-user's hosts to make them able to work with this protocol. Such hosts will be able to auto-detect the ISP available connectivity in the following precedence: native IPv6, IPv6-in-IPv4, or no IPv6 connectivity. Because the protocol does not require changing or upgrading customer edges, a minimal cost in the deployment to IPv6 service should be expected. The simulation analysis showed that the performance of CHANC is pretty near to those of native IPv6, 6rd, and IPv4 protocols. Also, the performance of CHANC is much better than that of D6across4 protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1277-1284
• /
• 2011

Today, many applications use 80 port, which is a basic port number of HTTP protocol, to avoid a blocking of firewall. HTTP protocol is used in not only Web browsing but also many applications such as the search of P2P programs, update of softwares and advertisement transfer of nateon messenger. As HTTP traffics are increasing and various applications transfer data through HTTP protocol, it is essential to identify which applications use HTTP and how they use the HTTP protocol. In order to prevent a specific application in the firewall, not the protocol-level, but the application-level traffic classification is necessary. This paper presents a method to classify HTTP traffics based on applications of the client-side and group the applications based on providing services. We developed an application-level HTTP traffic classification system and verified the method by applying the system to a small part of the campus network.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.63 no.11
• /
• pp.1571-1574
• /
• 2014

In this paper, we propose a unidirectional transmission of critical information obtained by keyboard hacking or kernel and keyboard driver hacking even though the computer is not connected to the external network. We show the hacking can be attempted in the proposed method to show the way preventing such attempts in advance. Firewalls and other various methods are used to prevent the hacking from the external network but the hacking is also attempted in various ways to detour the firewall. One of the most effective way preventing from the hacking attack is physically disconnect the internal intranet systems from the external internet and most of the government systems, military systems and big corporate systems are using this way as on one of the protection method. In this paper, we show the feasibility of transmission of security codes, etc via the short message to the external network on the assumption that a hacking program such as Trojan Horse is installed on the computer systems separated from the external network. Previous studies showed that the letters on the monitor can be hijacked by electromagnetic analysis on the computer to obtain the information even though the system is not connected ti the network. Other studies showed that the security code hint can obtained by analyzing the power consumption distribution of CPU. In this paper, the power consumption distribution of externally accessible power line is analyzed to obtain the information and the information can be transmitted to the external network. Software controlling the CPU and GPU usage is designed to control the power supply of computer. The sensors such as the Rogowski coils can be used on the external power line to collect the data of power consumption change rates. To transmit the user password by short message, due to the capacitive components and the obstacle from other power supply, A very slow protocol are used.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.5
• /
• pp.933-939
• /
• 2007

There is a tremendous increase in the growth of Internet making people's life easy. The rapid growth in technology has caused misuse of the Internet like cyber Crime. There are several vulnerabilities in current firewall and Intrusion Detection Systems (IDS) of the Network Computing resources. Automatic real time station chase techniques can track the internet invader and reduce the probability of hacking Due to the recent trends the station chase technique has become inevitable. In this paper, we design and implement Active Security system using ICMP Traceback message. In this design no need to modify the router structure and we can deploy this technique in larger network. Our Implementation shows that ICMP Traceback system is safe to deploy and protect data in Internet from hackers and others.

• Journal of Convergence for Information Technology
• /
• v.7 no.1
• /
• pp.25-33
• /
• 2017

In order to prevent information leakage, companies are monitoring the information leakage by internal staff by building individual security system and integrated monitoring system of firewall and DLP function. Especially, many log data of the integrated monitoring system cause time and money, and it is difficult to detect information leak of fast malicious personnel due to system slowdown. It is necessary to speed up the system by digitizing large log data for each day and person for fast information leakage detection and there is a need to develop and manage a continuous monitoring program for the information leakage indications personnel. Therefore, we propose an improved integrated monitoring system using log data by date and individual data.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11a
• /
• pp.435-438
• /
• 2003

오늘날 네트워크 보호를 위해 firewall 과 같은 패킷 여과 시스템이 많이 보급되어 있다. 이러한 시스템에서는 해당 패킷의 생사 및 진행방향을 정할 수 있는 Rule 이 다수 존재하며, 각 패킷에 해당하는 Rule 을 검색하는 시간은 전체 네트워크의 응답시간을 지연시킨다. 더불어 해당 네트워크의 병목현상을 일으키는 주범이 될 수 있다. 본 논문에서는 데이터 캐쉬 잠금 방법을 활용한 네트워크 프로세서를 모델로, 캐쉬 잠금을 이용해 패킷 여과 Rule 의 접근 시간을 줄일 수 있는 파라미터를 찾고 수식화하며 Simulation 을 통해 효용성을 검토해 본다.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2003.06a
• /
• pp.38-41
• /
• 2003

Better understanding and sharing information are getting important to manage interdisciplinary product development team in a globally-distributed company. This study propose a solution to implement RPD(Rapid Product Development) system, focusing on rapid production process, for better understanding between development team members in different place and easy sharing of product information. The system developed by this research shows that SOAP(Simple Object Access Protocol) operates in distributed environment more efficiently than other RPC(Remote Procedure Call) techniques and it does not respond sensitively to firewall. And SOAP is an excellent RPC and messaging technique to exchange structured data. Procedures developed with use of SOAP are worked together with web, and users can use remote services as an application program in their computer.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.291-295
• /
• 2004

Recently, distributing information on the Internet is common in our daily li(e. Also, data exchange on Internet has rapidly changed the way we connect with other people. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we analyzes Traceback System that based on active network and design of Traceback System that based on active network for efficiently traceback.