• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.431-433
• /
• 2020

4 차 산업혁명의 시대를 맞아 사물인터넷 및 5G 를 활용한 수많은 사물들이 인터넷을 기반으로 연결되고 있다. 또한 이러한 사물들을 관제 및 유지 보수하기 위해서 장비들에 보안 관제 시스템을 구축하고 모니터링을 하기 위한 많은 비용과 관리의 어려움을 겪고 있다. 만약, 장비들이 스스로 능동적인 방어를 하게 된다면 유지관리의 가장 큰 문제가 해결될 것이다. 이러한 능동적인 보안을 통해 보호대상 시스템의 다양한 특징들을 시간의 변화에 따라 역동적으로 변경하는 MTD(Moving Target Defense)기법들이 개발되고 있다. 본 논문에서는 네트워크 기반의 NMTD(Network-based MTD)를 이용하여 호스트 서버에 IP 와 PORT 로 접속하는 SSH 에 적용하여 능동적으로 보호하고, OTP 를 활용하여 사용자 식별을 통해 SSH 에 대한 내부자 접속에 대한 보안을 강화하는 시스템을 설계 및 구현하였다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.15 no.5
• /
• pp.799-806
• /
• 2020

The rapid growth of smartphone-to-Internet of Things (IoT) connections and the explosive demand for data usage centered on mobile video are increasing day by day, and this increase in data usage creates many problems in the IP system. In a full-based environment, in which information requesters focus on information providers to receive information from specific servers, problems arise with bottlenecks and large data processing. To address this problem, CCN networking technology, a future network technology, has emerged as an alternative to CCN networking technology, which reduces bottlenecks that occur when requesting popular content through caching of intermediate nodes and increases network efficiency, and can be applied to military information and communication networks to address the problem of traffic concentration and the use of various surveillance equipment in full-based networks, such as scientific monitoring systems, and to provide more efficient content.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.1B
• /
• pp.26-38
• /
• 2006

To construct seamless collaborative environments, what all participants intent should be delivered, and visual elements such gesture, facial expression, and ambiance should be shared with all participants. In this paper, we propose high-quality video service to support DV(digital video) and HDV(high-definition DV) based on Access Grid(AG) which is a prevalent collaborative system. The proposed service is designed for employing versatile media tools and codecs with SDP(session description protocol) and SAP(session announcement protocol). We also design network-adaptive video transmission module to mitigate the impact of network fluctuation. This periodically monitors multicast performance and controls frame rate on sender side considering network condition. The experimental results over the test bed show that proposed service enhances quality of AG video service and provides seamless high-quality video transport by mitigating the impact of network fluctuation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.4
• /
• pp.1344-1367
• /
• 2014

Mobile traffic is increasing a masse because of the propagation of the Internet and the development of wireless mobile technology. Accordingly, the Network Local Mobility Management (NETLMM) working group [1] of the Internet Engineering Task Force (IETF) has standardized Proxy Mobile IPv6 (PMIPv6) [2] as a protocol for accomplishing the transmissibility of mobile terminals. PMIPv6 is a network-led IP-based mobility management protocol, which can control terminal mobility without depending on the type of access system or the capability of the terminal. By combining PMIPv6 and the mobility of Session Initiation Protocol (SIP), we can establish terminal mobility and session mobility through a more effective route. The mobility function can be improved and the overlap of function reduced as compared to that in the case of independent operation. PMIPv6 is appropriate for a non-real-time service using TCP, and SIP is appropriate for a real-time service using RTP/UDP. Thus, in the case of a terminal using both services, an effective mobility management is possible only by using PMIPv6 together with SIP. In order to manage mobility in this manner, researches on PMIPv6-SIP are in progress. In line with this trend, this paper suggests a new PMIPv6-SIP architecture where when a mobile terminal conducts a handover, a network-led handover while maintaining the session without the addition of a special function or middleware is possible along with effective performance evaluation through mathematical modeling by comparing the delay and the packet loss that occur during the handover to the Pure-SIP.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.2964-2985
• /
• 2019

Global data center IP traffic is expected to reach 20.6 zettabytes (ZB) by the end of 2021. Intra-data center networks (Intra-DCN) will account for 71.5% of the data center traffic flow and will be the largest portion of the traffic. The understanding of traffic distribution in IntraDCN is still sketchy. It causes significant amount of bandwidth to go unutilized, and creates avoidable choke points. Conventional transport protocols such as Optical Packet Switching (OPS) and Optical Burst Switching (OBS) allow a one-sided view of the traffic flow in the network. This therefore causes disjointed and uncoordinated decision-making at each node. For effective resource planning, there is the need to consider joining the distributed with centralized management which anticipates the system's needs and regulates the entire network. Methods derived from Kalman filters have proved effective in planning road networks. Considering the network available bandwidth as data transport highways, we propose an intelligent enhanced SDN concept applied to OBS architecture. A management plane (MP) is added to conventional control (CP) and data planes (DP). The MP assembles the traffic spatio-temporal parameters from ingress nodes, uses Kalman filtering prediction-based algorithm to estimate traffic demand. Prior to packets arrival at edges nodes, it regularly forwards updates of resources allocation to CPs. Simulations were done on a hybrid scheme (1+1) and on the centralized OBS. The results demonstrated that the proposition decreases the packet loss ratio. It also improves network latency and throughput-up to 84 and 51%, respectively, versus the traditional scheme.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.2
• /
• pp.279-285
• /
• 2012

Most national critical key infrastructure, such like electricity, nuclear power plant, and petroleum is run on SCADA (Supervisory Control And Data Acquisition) system as the closed network type. These systems have treated the open protocols like TCP/IP, and the commercial operating system, which due to gradually increasing dependence on IT(Information Technology) is a trend. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. In this paper, the method to minimize threats and vulnerabilities is proposed, with the virtual honeynet system architecture and the attack detection algorithm, which can detect the unknown attack patterns of Zero-Day Attack are reviewed.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.8
• /
• pp.74-85
• /
• 2015

PCI Express is a well-known and widely used de-facto system bus standard for connecting among a processor and IO devices. PCI Express is originated from old PCI standard, and its most of applications are limited to be used within a PC or server system. But, because of its fast speed, low power consumption, and good protocol efficiency, it is considered as one of a good candidate for an alternate system interconnect for many years. In this paper, we present design, implementation and early evaluation of an alternate system interconnect by utilizing PCI Express. The developed alternate system interconnect using PCI Express (named PCIeLINK) utilizes non-transparent bridging (NTB) technic which generally used in fail-over system in PCI and PCI Express. By using NTB technic, PCI Express device can be extended to outside of a system without electrical and logical problems arising during system boot and enumeration. To build up an alternate system interconnect, we designed and implemented a network interface card having multiple PCI Express ${\times}4$ connections (theoretically 20 Gbps) and tested, The early test results revealed that an ${\times}4$ port in the card showed 8.6 Gbps peak performance for bulk transmission and 5.1 Gbps peak for normal TCP/IP transfer.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.2 s.40
• /
• pp.351-360
• /
• 2006

Proposed security system attacks it, and detect it, and a filter generation, a business to be prompt of interception filtering dates at attack information public information. inner IPS to attack detour setting and a traffic band security, different connection security system, and be attack packet interceptions and service and port interception setting. Exchange new security rule and packet filtering for switch type implementation through dynamic reset memory by real time, and deal with a packet. The attack detection about DDoS, SQL Stammer, Bug bear, Opeserv worm etc. of the 2.5 Gbs which was an attack of a hacker consisted in network performance experiment by real time. Packet by attacks of a hacker was cut off, and ensured the normal inside and external network resources besides the packets which were normal by the results of active renewal.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.2
• /
• pp.131-136
• /
• 2013

Multi-core processors can improve parallelism of application processes and thus can enhance the system throughput. Researchers have recently revealed that the processor affinity is an important factor to determine network I/O performance due to architectural characteristics of multi-core processors; thus, many researchers are trying to suggest a scheme to decide an optimal processor affinity. Existing schemes to dynamically decide the processor affinity are able to transparently adapt for system changes, such as modifications of application and upgrades of hardware, but these have limited access to characteristics of application behavior and run-time information that can be collected heuristically. Thus, these can provide only sub-optimal processor affinity. In this paper, we define meaningful system variables for determining optimal processor affinity and suggest a tool to gather such information. We show that the implemented tool can overcome limitations of existing schemes and can improve network bandwidth.

• Journal of Advanced Navigation Technology
• /
• v.13 no.5
• /
• pp.793-798
• /
• 2009

In this paper, the performances of implementation real-time book search service of government library using OpenAPI. Since 2000, each self-government made a governmnt library for local resident because of policies to encourage reading. Each self-government library services book perusal and lend free for local resident. In current system local residents visit to a library for lending, returning and reading books. And each library run by a self-governing administration provides their own homepage for searching service as well as booking. For each services are not unified, however, it is not easy for lenders to search and lend these enormous books which are spread each library. Accordingly, we present a plan which using organization of every system established now in each library as it is, for a scheme of database by libraries' efficient unification and search, a network of TCP/IP and application which connects each library's database, servicing which uses Open API a check books through real time accessing Database.