• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.767-772
• /
• 2005

The Internet is a packet switched network which offers best-effort service, but current IP network provide enhanced services such Quality of Services, Virtual Private Network (VPN) services, Distribute Firewall and IP Security Gateways. All such services need packet classification for determining the flow. The problem is performing scalable packet classification at wire speeds even as rule databases increase in size. Therefore, this research offer packet classification algorithm that increase classifier performance when working with enlarge rules database by rearrange rule structure into Bitmap Intersection Lookup (BIL) tables. It will use packet's header field for looking up BIL tables and take the result with intersection operation by logical AND. This approach will use simple algorithm and rule structure, it make classifier have high search speed and fast updates.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2A
• /
• pp.79-85
• /
• 2006

Generally, it is essential that high-speed routers, switches, and network security appliances should have an efficient packet classification scheme in order to achieve the high-speed packet forwarding capability. For the multi-gigabit packet-processing network equipment the high-speed content search hardware such as TCAM and search engine is recently used to support the content-based packet inspection. During the packet classification process, hundreds and thousands of rules are applied to provide the network security policies regarding traffic screening, traffic monitoring, and traffic shaping. In addition, these rules could be dynamically changed during operations of systems if anomaly traffic patterns would vary. Particularly, in the high-speed network, an efficient algorithm that updates and reorganizes the packet classification rules is critical so as not to degrade the performance of the network device. In this paper, we have proposed an efficient update algorithm using a partial-ordering that can relocate the dynamically changing rules at the TCAM. Experimental results should that our algorithm does not need to relocate existing rules feature until 70$\%$ of TCAM utilization.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.23 no.5
• /
• pp.392-399
• /
• 2013

Due to the development of IT technology and the information age, a dependency of the network over the most of our lives have grown to a greater extent. Although it provides us to get various useful information and service, it also has negative effectiveness that can provide network intruder with vulnerable roots. In other words, we need to urgently cope with theses serious security problem causing service disableness or system connected to network obstacle with exploiting various packet information. Many experts in a field of security are making an effort to develop the various security solutions to respond against these threats, but existing solutions have a lot of problems such as lack of storage capacity and performance degradation along with the massive increase of packet data volume. Therefore we propose the packet analysis model to apply issuing Big Data technology in the field of security. That is, we used NoSQL which is technology of massive data storage to collect the packet data growing massive and implemented the packet analysis model based on K-means clustering using MapReudce which is distributed programming framework, and then we have shown its high performance by experimenting.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.39 no.6
• /
• pp.687-695
• /
• 2002

Media-specific FEC techniques, suggested to confront with VoIP speech packet loss, improve speech quality at the expense of generating additional one-frame delay. In this paper, we suggest new media-specific FEC, i.e, LSF FEC technique which is able to improve speech quality with much shortened additional delay. In the proposed technique, the LSF parameters of the future frame are utilized to recover a lost packet. To evaluate performance of the proposed technique, we use ITU-T G.723.1 and G.729 Codec and apply Gilbert packet loss model and estimate MOS per every packet loss rate using PESQ speech quality estimation algorithm. The proposed technique has effect of shortening delay over from 6.5ms to 27ms compared with existing media-specific FEC techniques. Simulation results for comparison of reconstructed speech quality show this novel technique improves the MOS over 0.1 in practical lossy environment of 5 % packet loss rate.

• Journal of National Security and Military Science
• /
• s.1
• /
• pp.345-360
• /
• 2003

To build an information oriented armed forces, the Korean military telecommunication networks adopt TCP/IP standard communication infrastructures based on ATM packet switched networks. Utilizing this network infrastructure, the Korean armed forces also applies to the areas of battleship management for efficient operation command controls and resource management for efficient resource allocations. In this military communication networks, it is essential to determine the least cost network topology under equal performance and reliability constraints. Basically, this type of communication network design problem is known in the literature as an NP Hard problem. As the number of network node increases, it is very hard to obtain an optimal solution in polynomial time. Therefore, it is reasonable to use a heuristic algorithm which provides a good solution with minimal computational efforts. In this study, we developed a simulated annealing based heuristic algorithm which can be utilized for the design of military communication networks. The developed algorithm provides a good packet switched network topology which satisfies a given set of performance and reliability constraints with reasonable computation times.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.163-172
• /
• 2003

Proposed in this paper is an authentication mechanism for multimedia streaming data in the Intemet multicast environment. The multicast authentication mechanism is coupled with the packet-level forward error correction code which has been recently applied for a reliable multicast transport transmission. Associated with this, Reed-Solomon erasure code is chosen for tolerating packet loss so that each of the received packets can be authenticated independently of the lost packets.

• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.417-422
• /
• 2009

Implementation of DPI(Deep Packet Inspection) system on a general purpose multiprocessor platform is an attractive option from the implementation cost point of view, since it does not require high-cost customized hardware. Load balancing has been considered as a primary means to achieve high performance in multi processor systems. We claim, however, that in case of DPI system design simply balancing the load of each processor does not necessarily yield the highest system performance. Instead, we propose a method in which tasks are allocated to processors based on their functions. We implemented the proposed method in dual processor Linux system and compare its performance with the existing load balancing methods. Under the proposed method, one processor is dedicated to deal with interrupt handling and generic packet processing, while another processor is dedicated to DPI processing. According to experimental results, the proposed scheme outperforms the existing schemes by 60%, mainly because of the reduction of cache miss and spin lock occurrences.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.3
• /
• pp.100-106
• /
• 2003

This paper presents the design of a value-added ATM switch. The ATM switch ca perform CAC Processing and Firewall Processing Routine at packet-level (IP) at the ATM environment per port. The proposed two routine are integrated into the components of ATM switch. The Firewall switch employs a suggested two routine model to avoid or reduce the latency caused by filtering. Also, we suggest four classes are defined. namely, classes A, B, C, and D, which are orded from the safest to the most dangerous. The suggested model performance of ATM Firewall switch is estimated simulation in terms of the throught and latency by computer.