• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.1
• /
• pp.5-25
• /
• 2009

In recent years the popularity of multi-hop wireless networks has been growing. Its flexible topology and abundant routing path enables many types of applications. However, the lack of a centralized controller often makes it difficult to design a reliable service in multi-hop wireless networks. While packet routing has been the center of attention for decades, recent research focuses on data discovery such as file sharing in multi-hop wireless networks. Although there are many peer-to-peer lookup (P2P-lookup) schemes for wired networks, they have inherent limitations for multi-hop wireless networks. First, a wired P2P-lookup builds a search structure on the overlay network and disregards the underlying topology. Second, the performance guarantee often relies on specific topology models such as random graphs, which do not apply to multi-hop wireless networks. Past studies on wireless P2P-lookup either combined existing solutions with known routing algorithms or proposed tree-based routing, which is prone to traffic congestion. In this paper, we present two wireless P2P-lookup schemes that strictly build a topology-dependent structure. We first propose the Ring Interval Graph Search (RIGS) that constructs a DHT only through direct connections between the nodes. We then propose the ValleyWalk, a loosely-structured scheme that requires simple local hints for query routing. Packet-level simulations showed that RIGS can find the target with near-shortest search length and ValleyWalk can find the target with near-shortest search length when there is at least 5% object replication. We also provide an analytic bound on the search length of ValleyWalk.

• The Journal of the Korea Contents Association
• /
• v.9 no.4
• /
• pp.131-141
• /
• 2009

An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. This paper proposes an intrusion detection system based outflow traffic analysis. Many research efforts and commercial products have focused on preventing intrusion by filtering known exploits or unknown ones exploiting known vulnerabilities. Complementary to these solutions, the proposed IDS can detect intrusion of unknown new mal ware before their signatures are widely distributed. The proposed IDS is consists of a outflow detector, user monitor, process monitor and network monitor. To infer user intent, the proposed IDS correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. As a complement to existing prevention system, proposed IDS decreases the danger of information leak and protects computers and networks from more severe damage.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.14 no.1
• /
• pp.49-58
• /
• 2011

Recently, GIS(Geographic Information System) has been developed to personalized service for providing the specialized services that is aimed to personal user based on mobile communication. The existing GIS system provides comprehensive and simple information but GIS System for personalized service must provide the adjustive information through the personal interest profile based on POI(PoInt of Interest). This paper describes the intelligent retrieval geographical information service module for providing personal oriented geographic information service. Our proposal model consists of user preference profile, acquisition of POI through hybrid network (Wireless LAN, CDMA), service platform and implementation of prototype system. Implementation model can apply to the life information service like restaurant, oil station, convenient store and etc.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.279-285
• /
• 2015

In this paper, we present the design and implementation of a realtime DNS Query Analysis System to detect and to protect from DNS attacks. The proposed system uses mirroring to collect data in DMZ, then analizes the collected data. As a result of the analysis, if the proposed system finds attack information, the information is used as a filtering information of firewall. statistic of the collected data is viewed as a realtime monitoring information on the web. To verify the effictiveness of the proposed system, we have built the proposed system and conducted some experiments. As the result, Our proposed system can be used effectively to defend DNS spoofing, DNS flooding attack, DNS amplification attack, can prevent interior network's attackers from attacking and provides realtime DNS query statistic information and geographic information for monitoring DNS query using GeoIP API and Google API. It can be useful information for ICT convergence and the future work.

• Journal of Advanced Navigation Technology
• /
• v.12 no.3
• /
• pp.245-254
• /
• 2008

If the broadcast message is sent, first of all, the privileged users will decode the session key by using his or her personal key, which the user got previously. The user willget the digital information through this session key. As shown above, the user will obtain messages or session keys using the keys transmitted from a broadcaster, which process requires effective ways for the broadcaster to generate and distribute keys. In addition, when a user wants to withdraw or sign up, an effective process to renew a key is required. It is also necessary to chase and check users' malicious activities or attacking others. This paper presents a method called Traitor Tracing to solve all these problems. Traitor tracing can check attackers and trace them. It also utilizes a proactive way for each user to have effective renewal cycle to generate keys.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.6
• /
• pp.3865-3871
• /
• 2014

The U-health service provides medical services with patients anytime or anywhere and is defined as the service that combines information and communication technology with health and medical service. However, it causes some troubles, such as the disclosure of patients' medical information or data spills (personal information extrusion). Moreover, it has the weak point of the security threats associated with data based on existing wire-wireless systems because it conducts data transmission and reception through the network. Therefore, this paper suggests a safe personal information management system by designing integrated certification schema that will help compensate for the weaknesses of the U-health service. In the proposal, the protocols for user information, certification between medical institution and users, data communication encryption & decryption, and user information disuse were designed by applying the ID-Based Encryption, and analyzed such existing systems and PKI Based-based communication process, securely and safely.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.462-463
• /
• 2012

팍스시스템은 의료 영상을 디지탈화한 시스템이다. PACS데이터는 초창기 CR(Computed Radiography)의 경우 10MB내외의 데이터를 발생하였으나 의료장비의 발전으로 인해 DB(Digital Radiography)는 20MB이상의 데이터를 발생하였다. 또 CT(Computed Tomography)의 경우 0.5MB데이터를 100Slice내외의 데이터를 발생하였으나, 현재는 Cardiac/PET 등의 CT는 Multi Frame을 지원하며 300~5000Slice이상의 데이터를 발생하게 됨에 따라 네트워크에 상당한 트래픽이 발생하여 병원 진료 환경에 심각한 영향을 초래한다. 또한, 스마트 폰, 태블릿 pc등의 발전으로 인해 많은 사용자들은 실시간 또는 멀티미디어와 같은 데이터 표현 방식으로 팍스 데이터를 보길 원할 것이며, 팍스 시스템 또한 그러한 요구조건을 만족시키기 위해 발전하고 있다. 병원에서 사용하는 네트워크는 인터넷 서비스의 모토인 best effort방법을 일반적으로 사용한다. 이러한 데이터 전송방식은 진료에 직접적인 영향을 미치는 팍스 데이터의 전송에 영향을 미칠 수 있다. 특히 네트워크의 트래픽이 제한적인 환경에서 높은 대역폭을 요구하는 멀티미디어 팍스 데이터를 다수의 사용자들이 전송받기 원하면 지연시간으로 인해 원활한 진료진행을 방해 받을 수 있다. 이러한 문제를 해결하기 위해 네트워크 개발자들은 QoS라는 개념을 도입하였고, 여러 계층에서 QoS를 보장하기 위한 연구가 진행되였다. 일반적으로, 네트워크에서 QoS를 지원하기 위한 여러가지 형태의 연구들을 조사하고, 분산 시스템을 제어하기 위한 DDS 미들웨어에 대한 연구를 기반으로 병원 네트워크에서 적용 방안을 설계하고 시뮬레이션을 통해 검증함으로써 새로운 형태의 병원 네트워크를 제안하고자 한다.

• Journal of Advanced Navigation Technology
• /
• v.12 no.2
• /
• pp.180-190
• /
• 2008

There have been researches into digital Watermarking technology or Fingerprinting vigorously to safeguard Protective rights for knowledge and poverty for digital contents. DRM(Digital Rights Management) is not only Protective rights for knowledge and poverty, but also management and systems that are necessary to put out, circulate and use for contents. This paper proposes two kinds of ideas. One is protecting contents from illegal acts such as illegal copies when the contents are in the process of circulation. The other is the protocol that can give users convenience. Hidden Agents are used so that contents are protected from illegal copies and illegal use in the contents and cuts off those illegal acts. The Agent will be installed without any special setup. In addition, it can replace roles of Watermarking as a protection. Therefore, this paper shows the solution of illegal copies that happens frequently.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.4
• /
• pp.451-456
• /
• 2004

Signature based intrusion detection system (IDS), having stored rules for detecting intrusions at the library, judges whether new inputs are intrusion or not by matching them with the new inputs. However their policy has two restrictions generally. First, when they couldn't make rules against new intrusions, false negative (FN) errors may are taken place. Second, when they made a lot of rules for maintaining diversification, the amount of resources grows larger proportional to their amount. In this paper, we propose the learning algorithm which can evolve the competent of anomaly detectors having the ability to detect anomalous attacks by genetic algorithm. The anomaly detectors are the population be composed of by following the negative selection procedure of the biological immune system. To show the effectiveness of proposed system, we apply the learning algorithm to the artificial network environment, which is a computer security system.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.747-754
• /
• 2004

Today, wireless LANs are widely deployed in various places such as corporate office conference rooms, industrial warehouses, Internet-ready classrooms, etc. However, new concerns have been raised regarding suity. Currently, both virtual private network(VPN) and WEP are used together as a strong authentication mechanism. While security is increased by using VPN and WEP together, unnecessary redundancy occurs causing power consumption increase and authentication speed decrease in the authentication process. In this paper a new synchronization protocol for authentication is proposed which allows simple authentication, minimal power consumption at the mobile station, and high utilization of authentication stream. This is achieved by using one bit per a frame authentication, while main authentication process including synchronization is handled by access points. Computer simulation reveals that the proposed scheme significantly improves the authentication efficiency in terms of the number of authenticated frames and authentication speed compared with an earlier protocol employing a similar authentication approach.