• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.16 no.7
• /
• pp.680-695
• /
• 1991

In this paper, the conditions on the number of required copies of a self-routing network with and without extra stages in back-to-back manner are presented respectively for a nonblocking $Multi-Log_2N$ multiconnection network. Actually the obained results hold regardless of connection patterns, i.e., whether a network deploys on-to-one connections or multiconnections. Thus open problems on the nonblocking condition for a multi $Multi-Log_2N$ multiconnection network are solved. Interestingly some of the given formulas comprise the Benes network and the Canto network as a special case repectively. A novel switching system architecture deploying a distributed calls-distribution algorithm is provided to design a nonblocking $Multi-Log_2N$ photonic switching network using a directional coupler. And a directional couplex based call holding demultiplexer is introduced to hold a call until blocking disappears in a switching network and let it enter to a network, provided that the number of switching networks is less than that of required switching networks for a nonblocking $Multi-Log_2N$ network.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.39-45
• /
• 2011

Application log files contain error messages; operational data and usage information that can help manage applications and servers. Log analysis system is software that read and parse log files, extract and aggregate information in order to generate reports on the application. In currently, the importance of log files of firewalls is growing bigger and bigger for the forensics of cyber crimes and the establishment of security policy. In this paper, we designed and implemented the SILAS(SysLog-based Integrated Log mAanagement System) in distribute network environments. It help to generate reports on the the log fires of firewalls - IP and users, and statistics of application usage.

• Journal of Communications and Networks
• /
• v.13 no.5
• /
• pp.525-535
• /
• 2011

In this paper, we study the contribution of network coding (NC) in improving the multicast capacity of random wireless ad hoc networks when nodes are endowed with multi-packet transmission (MPT) and multi-packet reception (MPR) capabilities. We show that a per session throughput capacity of ${\Theta}$(nT$^3$(n)) can be achieved as a tight bound when each session contains a constant number of sinks where n is the total number of nodes and T(n) is the transmission range. Surprisingly, an identical order capacity can be achieved when nodes have only MPR and MPT capabilities. This result proves that NC does not contribute to the order capacity of multicast traffic in wireless ad hoc networks when MPR and MPT are used in the network. The result is in sharp contrast to the general belief (conjecture) that NC improves the order capacity of multicast. Furthermore, if the communication range is selected to guarantee the connectivity in the network, i.e., ${\Omega}$($\sqrt{log\;n/n}$)=T(n) = O(log log n / log n), then the combination of MPR and MPT achieves a throughput capacity of ${\Theta}$(log$^{\frac{3}{2}}$ n/$\sqrt{n}$) which provides an order capacity gain of ${\Theta}$(log$^2$ n) compared to the point-to-point multicast capacity with the same number of destinations.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1602-1605
• /
• 2005

An audit tracer is one of the last ways to defend an attack for network equipments. Firewall and IDS which block off an attack in advance are active way and audit tracing is passive way which analogizes a type and a situation of an attack from log after an attack. This paper explains importance of audit trace function in network equipment for security and defines events which we must leave by security audit log. We design and implement security audit system for secure router. This paper explains the reason why we separate general audit log and security audit log.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.7
• /
• pp.1842-1850
• /
• 1997

This paper proposes a new rearrangeable algorithm in multistage reverse shuffle/exchange network. The best known lower bound of stages for rearrangeability in symmetric network is 2logN-1 stages. However, it has never been proved for nonsymmetric networks before. Currently, the best upper bound for the rearrangeability of a shuffle/exchange network in nonsymmetric network is 3logN-3 stages. We describe the rearrangeability of reverse shuffle/exchange multistage interconnection network on every arbitrary permutation with $N{\le}16$. This rearrangeability can be established by setting one more stages in the middle stage of the network to allow the reduced network to be topological equivalent to a class of rearrangeable networks. The results in this paper enable us to establish an upper bound, 2logN stages for rearrangeable reverse shuffle/exchange network with $N{\le}16$, and leads to the possibility of this bound when $N{\le}16$.

• Journal of Computing Science and Engineering
• /
• v.2 no.3
• /
• pp.249-273
• /
• 2008

Epidemic protocols have two fundamental assumptions. One is the availability of a mechanism that provides each node with a set of log(N) (fanout) nodes to gossip with at each cycle. The other is that the network size N is known to all member nodes. While it may be trivial to support these assumptions in small systems, it is a challenge to realize them in large open dynamic systems, such as peer-to-peer (P2P) systems. Technically, since the most fundamental parameter of epidemic protocols is log(N), without knowing the system size, the protocols will be limited. Further, since the network churn, frequently observed in P2P systems, causes rapid membership changes, providing a different set of log(N) at each cycle is a difficult problem. In order to support the assumptions, the fanout nodes should be selected randomly and uniformly from the entire membership. This paper investigates one possible solution which addresses both problems; providing at each cycle a different set of log(N) nodes selected randomly and uniformly from the entire network under churn, and estimating the dynamic network size in the number of nodes. This solution improves the previously developed distributed algorithm called Shuffle to deal with churn, and utilizes the Shuffle infrastructure to estimate the dynamic network size. The effectiveness of the proposed solution is evaluated by simulation. According to the simulation results, the proposed algorithms successfully handle network churn in providing random log(N0 fanout nodes, and practically and accurately estimate the network size. Overall, this work provides insights in designing epidemic protocols for large scale open dynamic systems, where the protocols behave autonomically.

• Journal of the Korean Institute of Telematics and Electronics B
• /
• v.28B no.12
• /
• pp.59-67
• /
• 1991

In this paper, we aimed to develop associative pattern recognizer based on neural network for aircraft identification. For obtaining invariant feature space description of an object regardless of its scale change and rotation, Log-polar sampling technique recently developed partly due to its similarity to the human visual system was introduced with Fourier transform post-processing. In addition to the recognition results, image recall was associatively performed and also used for the visualization of the recognition reliability. The multilayer perceptron model was learned by backpropagation algorithm.

• Journal of KIISE:Information Networking
• /
• v.28 no.4
• /
• pp.455-462
• /
• 2001

In this paper, we propose a deterministic algorithm to solve the resource discovery problem, that is, some subset of machines to learn the existence of each other in a large distributed network. Harchol et al. proposed a randomized algorithm solving this problem within O($log^2\;n$) rounds with high probability, which requires O($nlog^2\;n$) connection communication complexity and O($n^2log^2\;n$) pointer communication complexity, where n is the number of machines in the network. His solution is based on randomization method and it is difficult to determine convergence time. We propose an efficient algorithm which improve performance and the non-deterministic characteristics. Our algorithm requires O(log n) rounds which shows O(mlog n) connection communication complexity and O($n^2log\;n$) pointer communication complexity, where m is the number of links in the network.

• Journal of Korean Library and Information Science Society
• /
• v.40 no.4
• /
• pp.139-158
• /
• 2009

This paper used the network analysis method to analyse a variety of attributes of searcher's search behaviors which was appeared on search access log data. The results of this research are as follows. First, the structure of network represented depending on the similarity of the query that user had inputed. Second, we can find out the particular searchers who occupied in the central position in the network. Third, it showed that some query were shared with ego-searcher and alter searchers. Fourth, the total number of searchers can be divided into some sub-groups through the clustering analysis. The study reveals a new recommendation algorithm of associated searchers and search query through the social network analysis, and it will be capable of utilization.