• Journal of KIISE:Information Networking
• /
• v.31 no.4
• /
• pp.363-374
• /
• 2004

In this paper, we propose an in-line mode NIDS using network processors(NPs) that achieve performance comparable to ASIC and flexibility comparable to general-purpose processors. Even if many networking applications using NPs have been proposed, we cannot find any NP applications to NIDS in the literature. The proposed NIDS supports packet payload inspection detecting attacks, as well as packet filtering and traffic metering. In particular, we separate the filtering and metering functions from the complicated and time-consuming operations of the deep packet inspection function using two-level searching scheme, thus we can improve the performance, stability, and scalability of In-line mode system. We also implement a proto-type based on a PC platform and the Agere PayloadPlus (APP) 2.5G NP solution, and present a payload inspection algorithm to apply APP NP.

• Journal of the Korean Society for Nondestructive Testing
• /
• v.29 no.4
• /
• pp.331-337
• /
• 2009

Space launch vehicles require highly reliable, lightweight structures. It is thus important to monitor the structural health of these components with nondestructive inspections. In this paper, we studied an example of a nondestructive inspection that was partially applied to the manufacture and inspection of a launch vehicle. Ultrasonic tests, X-rays, tapping, and acoustic emissions comprised the inspection method. A payload fairing, high pressure tank, fastener part, and bonding part were used as hardware to be inspected. We proposed a quantitative standard for debonding inspection of the payload fairing and acoustic emission data for the proof test of the high pressure tank. We analyzed the fracture mode of the sandwich fastener part according to frequency changes. We also proposed a standard specimen for ultrasonic inspection of bonds of different materials. The present analyses and results provide data for evaluation of the launch operation sequence to ensure launch vehicles afford high reliability.

• Journal of Institute of Control, Robotics and Systems
• /
• v.19 no.10
• /
• pp.915-920
• /
• 2013

Payload capacity and transition ability are essential for climbing robots to apply the robots to various applications such as inspection and exploration. This paper presents a new climbing robotic platform with multi-link structure of track-wheel modules to enhance payload capacity and transition ability, and its tracking controller design and experimental results. The compliances between track-wheel modules achieve stable internal and external transitions while the large adhesion area of the track-wheel module enhances the payload capacity of the robot. Kinematic model-based tracking controller is designed and implemented for autonomous internal transition, and the gains of the controller are optimized by experimental design. Experiments on the automatic internal transitions are performed and the results guarantee autonomous internal transition with little tracking error.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.5
• /
• pp.794-804
• /
• 2018

Various applications running in computers exchange information in the form of packets through the network. Most packets are formatted into UDP/IP or TCP/IP standard. Network management administrators of enterprises and organizations should be able to monitor and manage packets transmitted over the network for Internet traffic measurement & monitoring, network security, and so on. The goal of this paper is to analyze the performance of several algorithms which closely examine and analyze payloads in a DPI(Deep Packet Inspection) system. The main procedure of packet payload analysis is to quickly search for a specific pattern in a payload. In this paper, we introduce several algorithms which detect a specific pattern in payloads, analyze the performance of them from three perspectives, and suggest an application method suitable for requirements of a given DPI system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• Journal of Aerospace System Engineering
• /
• v.3 no.1
• /
• pp.6-11
• /
• 2009

It is anticipated that quality assurance for the Ka band Communication Payload System(COPS) development program of the communication, Ocean & Meteorological Satellite(COMS) may be a core technical factor to be concerned in order to avoid any failure, and to assure its final performance during the mission lifetime in space. Those can be managed and verified and assessed by performing the Quality Assurance (QA) and risk management which helps to prevent and to reduce the critical fails. This paper introduces the Product Assurance (PA) system and procedures for controlling and monitoring sub-contractors which were participated in Ka band Communication Payload System (COPS) development. Also this paper shows Quality Assurance (QA) procedures and detailed their processes for assured the product performed by local companies from site survey for selecting companies to delivery of their equipment.

• The KIPS Transactions:PartC
• /
• v.11C no.3
• /
• pp.319-326
• /
• 2004

To help network intrusion detection systems(NIDSs) keep up with the demands of today's networks, that we the increasing network throughput and amount of attacks, a radical new approach in hardware and software system architecture is required. In this paper, we propose a Network Processor(NP) based In-Line mode NIDS that supports the packet payload inspection detecting the malicious behaviors, as well as the packet filtering and the traffic metering. In particular, we separate the filtering and metering functions from the deep packet inspection function using two-level searching scheme, thus the complicated and time-consuming operation of the deep packet inspection function does not hinder or flop the basic operations of the In-line mode system. From a proto-type NP-based NIDS implemented at a PC platform with an x86 processor running Linux, two Gigabit Ethernet ports, and 2.5Gbps Agere PayloadPlus(APP) NP solution, the experiment results show that our proposed scheme can reliably filter and meter the full traffic of two gigabit ports at the first level even though it can inspect the packet payload up to 320 Mbps in real-time at the second level, which can be compared to the performance of general-purpose processor based Inspection. However, the simulation results show that the deep packet searching is also possible up to 2Gbps in wire speed when we adopt 10Gbps APP solution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.27-37
• /
• 2011

The IDS/IPS(Intrusion Detection/Prevention System) has been widely deployed to protect the internal network against internet attacks. Reducing the packet inspection time is one of the most important challenges of improving the performance of the IDS/IPS. Since the IDS/IPS needs to match multiple patterns for the incoming traffic, we may have to apply the multiple pattern matching schemes, some of which use finite automata, while the others use the shift table. In this paper, we first show that the performance of those schemes would degrade with various kinds of pattern sets and payload, and then propose a hybrid multiple pattern matching scheme which combines those two schemes. The proposed scheme is organized to guarantee an appropriate level of performance in any cases. The experimental results using real traffic show that the time required to do multiple pattern matching could be reduced effectively.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.317-326
• /
• 2010

Nowadays, transmission bandwidth for network traffic is increasing and the type is varied such as peer-to-peer (PZP), real-time video, and so on, because distributed computing environment is spread and various network-based applications are developed. However, as PZP traffic occupies much volume among Internet backbone traffics, transmission bandwidth and quality of service(QoS) of other network applications such as web, ftp, and real-time video cannot be guaranteed. In previous research, the port-based technique which checks well-known port number and the Deep Packet Inspection(DPI) technique which checks the payload of packets were suggested for solving the problem of the P2P traffics, however there were difficulties to apply those methods to detection of P2P traffics because P2P applications are not used well-known port number and payload of packets may be encrypted. A proposed algorithm for identifying P2P heavy traffics based on flow transport parameters and behavioral characteristics can solve the problem of the port-based technique and the DPI technique. The focus of this paper is to identify P2P heavy traffic flows rather than all P2P traffics. P2P traffics are consist of two steps i)searching the opposite peer which have some contents ii) downloading the contents from one or more peers. We define P2P flow patterns on these P2P applications' features and then implement the system to classify P2P heavy traffics.

• ETRI Journal
• /
• v.30 no.2
• /
• pp.183-193
• /
• 2008

In this paper, we propose quality of service mechanisms for flow-based routers which have to handle several million flows at wire speed in high-speed networks. Traffic management mechanisms are proposed for guaranteed traffic and non-guaranteed traffic separately, and then the effective harmonization of the two mechanisms is introduced for real networks in which both traffic types are mixed together. A simple non-work-conserving fair queuing algorithm is proposed for guaranteed traffic, and an adaptive flow-based random early drop algorithm is proposed for non-guaranteed traffic. Based on that basic architecture, we propose a dynamic traffic identification method to dynamically prioritize traffic according to the traffic characteristics of applications. In a high-speed router system, the dynamic traffic identification method could be a good alternative to deep packet inspection, which requires handling of the IP packet header and payload. Through numerical analysis, simulation, and a real system experiment, we demonstrate the performance of the proposed mechanisms.