• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.397-404
• /
• 2006

Successful software attacks require both injecting malicious code into a program's address space and altering the program's flow control to the injected code. Code section can not be changed at program's runtime, so malicious code must be injected into data section. Detoured flow control into data section is a signal of software attack. We propose a new software attack detection method which verify the target address of CALL, JMP, RET instructions, which alter program's flow control, and detect a software attack when the address is not in code section. Proposed method can detect all change of flow control related data, not only program's return address but also function pointer, buffer of longjmp() function and old base pointer, so it can detect the more attacks.

• Journal of Korea Society of Industrial Information Systems
• /
• v.18 no.3
• /
• pp.1-8
• /
• 2013

Plasma display panel (PDP) televisions are facing to have a new chance to receive attention along with a boom in 3-D software and contents because PDP can provide the comfortable and realistic 3-D images. The PDP has three driving circuit boards such as X, Y and addressing boards. Cost effective driving waveform has already been reported to decrease the number of driving circuit board. Half bridge based sustaining driver can remove a sustaining driver in the X board. However, the biasing circuit in the X driving boards cannot be reduced because there are some drawbacks such as unstable gas discharge condition and unreliability of an address driver IC. In this paper, the half bridge based sustaining driver is considered and a simple address driver is proposed to remove one driving board, X driving board. The stable gas discharge condition, reliability of the address driver IC and the low cost can be obtained by the proposed circuit.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.9
• /
• pp.37-46
• /
• 2009

The movement of the MR loaded on the train is confined to the bidirectional movement along the rail. Therefore, the AR connected to the MR can use the address information of the neighboring ARs and configure CoA in advance before performing L2 and L3 handoff. The MR can acquire new CoA immediately from the present AR after the movement detection procedure. The performance analysis shows that the proposed scheme can provide CoA to the MR about 1.8(s) at minimum and 4.98(s) at maximum faster than the Stateless scheme because the proposed scheme does not carry out any additional CoA and DAD procedure unlike the Stateless scheme.

• Proceedings of the IEEK Conference
• /
• 2004.06a
• /
• pp.175-178
• /
• 2004

This paper describes a new IP address lookup algorithm using a binary search on multiple balanced trees stored in one memory. The proposed scheme has 3 different tables; a range table, a main table, and multiple sub-tables. The range table includes $2^8$ entries of 22 bits wide. Each of the main table and sub-table entries is composed of fields for a prefix, a prefix length, the number of sub-table entries, a sub-table pointer, and a forwarding RAM pointer. Binary searches are performed in the main table and the multiple sub-tables in sequence. Address lookups in our proposed scheme are achieved by memory access times of 11 in average, 1 in minimum, and 24 in maximum using 267 Kbytes of memory for 38.000 prefixes. Hence the forwarding table of the proposed scheme is stored into L2 cache, and the address lookup algorithm is implemented in software running on general purpose processor. Since the proposed scheme only depends on the number of prefixes not the length of prefixes, it is easily scaled to IPv6.

• ETRI Journal
• /
• v.30 no.6
• /
• pp.790-798
• /
• 2008

Recently, NAND flash memory has emerged as a next generation storage device because it has several advantages, such as low power consumption, shock resistance, and so on. However, it is necessary to use a flash translation layer (FTL) to intermediate between NAND flash memory and conventional file systems because of the unique hardware characteristics of flash memory. This paper proposes a new clustered FTL (CFTL) that uses clustered hash tables and a two-level software cache technique. The CFTL can anticipate consecutive addresses from the host because the clustered hash table uses the locality of reference in a large address space. It also adaptively switches logical addresses to physical addresses in the flash memory by using block mapping, page mapping, and a two-level software cache technique. Furthermore, anticipatory I/O management using continuity counters and a prefetch scheme enables fast address translation. Experimental results show that the proposed address translation mechanism for CFTL provides better performance in address translation and memory space usage than the well-known NAND FTL (NFTL) and adaptive FTL (AFTL).

• Journal of information and communication convergence engineering
• /
• v.12 no.3
• /
• pp.154-160
• /
• 2014

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host's ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.8
• /
• pp.716-721
• /
• 2014

This paper proposes how to prevent of vulnerability from IP address attack of Oracle DB by C program environments. An attacker may try to login DB by connectng remote IP address. Recently an attacker use foreign IP address and try to connect to DB using known DB account. Therefore, DB data is frequently disclosed. I propose a new idea that develops specific IP address blocking module in C program in the Oracle DB. By this module, we can use the Oracle DB safely.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.5143-5158
• /
• 2018

Improving the intrusion detection system (IDS) is a pressing need for cyber security world. With the growth of computer networks, there are constantly daily new attacks. Machine Learning (ML) is one of the most important fields which have great contribution to address the intrusion detection issues. One of these issues relates to the imbalance of the diverse classes of network traffic. Accuracy paradox is a result of training ML algorithm with imbalanced classes. Most of the previous efforts concern improving the overall accuracy of these models which is truly important. However, even they improved the total accuracy of the system; it fell in the accuracy paradox. The seriousness of the threat caused by the minor classes and the pitfalls of the previous efforts to address this issue is the motive for this work. In this paper, we consolidated stratified sampling, cost function and weighted Support Vector Machine (WSVM) method to address the accuracy paradox of ID problem. This model achieved good results of total accuracy and superior results in the small classes like the User-To-Remote and Remote-To-Local attacks using the improved version of the benchmark dataset KDDCup99 which is called NSL-KDD.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.6B
• /
• pp.349-354
• /
• 2005

Several IP autoconfiguration techniques for MANET have been proposed by this time. But most of them concentrate on dealing with address duplication, so they have problems with latency and inefficient address space utilization. In this paper, we proposed a new IP autoconfiguration technique, namely Relational MANET Autoconfiguration Protocol(RMAP). This technique distributes IP addresses effectively by exchanging messages and recovers IP addresses by applying parent-child relationship. Simulation experiments are conducted to demonstrate the enhancement of the proposed algorithm over other known algorithms regarding latency, uniform distribution, and IP address recovery ratio.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.323-330
• /
• 2005

Buffer overflow is one of the most prevalent and critical internet security vulnerabilities. Recently, various methods to prevent buffer overflow attacks have been investigated, but they are still difficult to apply to real applications due to their run-time overhead. This paper suggests an efficient rewrite method to prevent buffer-overflow attacks only with lower costs by generating a redundant copy of the return address in stack frame and comparing return address to copied return address. Not to be overwritten by the attack data the new copy will have the lower address number than local buffers have. In addition, for a safer execution environment, every vulnerable function call is transformed during the rewriting procedure.