• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.77-87
• /
• 2007

It will need a quite long time to replace IPv4 protocol, which currently used, with IPv6 protocol completely, thus we will use both IPv4 and IPv6 together in the Internet during the period. For coexisting protocols, IETF standardized various IPv4/IPv6 transition mechanisms. However, new security problems of IPsec adaptation and IPv6 packet filtering can be raised by tunneling mechanism which mainly used in transition mechanisms. To resolve these problems, we suggested two improved schemes for packet filtering functions, which consists of an inner header filtering scheme and a dedicated filtering scheme for IPv4/IPv6 transition mechanisms. Also we implemented our proposed schemes based on Linux Netfilter framework, and we tested their filtering functions and evaluated experimental performance of our implementation on IPv4/IPv6 transition testbed. These evaluation tests indicated that our improved packet filtering functions can solve packet filtering problems of IPv4/IPv6 transition mechanisms without severely affecting system performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.97-105
• /
• 2008

The various mutations of the malicious codes are fast generated on the network. Also the behaviors of them become intelligent and the damage becomes larger step by step. In this paper, we suggest the method to select the useful measures for the detection of the codes. The method has the advantage of shortening the detection time by using header data without payloads and uses connection data that are composed of TCP/IP packets, and much information of each connection makes use of the measures. A naive estimator is applied to the probability distribution that are calculated by the histogram estimator to select the specific measures among 80 measures for the useful detection. The useful measures are then selected by using relative entropy. This method solves the problem that is to misclassify the measure values. We present the usefulness of the proposed method through the result of the detection experiment using the detection patterns based on the selected measures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.127-138
• /
• 2006

The IPSec is a basic security mechanism of the IPv6 protocol, which can guarantee an integrity and confidentiality of data that transmit between two corresponding hosts. Also, both data and communication subjects can be authenticated using the IPSec mechanism. However, it is difficult that the IPSec mechanism protects major important network from attacks which transmit mass abnormal IPSec traffic in session-configuration or communication phases. In this paper, we present a design of the security system that can effectively detect and defeat abnormal IPSec traffic, which is encrypted by the ESP extension header, using the IPSec Session and Configuration table without any decryption. This security system is closely based on a multi-tier attack mitigation mechanism which is based on network bandwidth management and aims to counteract DDoS attacks and DoS effects of worm activity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.819-825
• /
• 2012

Nowadays many phishing sites contain HTTP links to victim web-site's contents such as images, bulletin board etc. to make the phishing sites look more real and similar to the victim web-site. We introduce a real-time phishing site detection system which makes use of the characteristic that the phishing sites' URLs flow into the victim web-site via the HTTP referer header field when the phishing site is visited. The detection system is designed to adopt an out-of-path network configuration to minimize effect on the running system, and a phishing site source code analysis technique to alert administrators in real-time when phishing site is detected. The detection system was installed on a company's web-site which had been targeted for phishing. As result, the detection system detected 40 phishing sites in 6 days of test period.

• KIPS Transactions on Software and Data Engineering
• /
• v.11 no.1
• /
• pp.29-34
• /
• 2022

We propose a novel network architecture and build dataset for recognizing clickable objects on mobile device screens. The data was collected based on clickable objects on the mobile device screen that have numerous resolution, and a total of 24,937 annotation data were subdivided into seven categories: text, edit text, image, button, region, status bar, and navigation bar. We use the Deconvolution Single Shot Detector as a baseline, the backbone network with Squeeze-and-Excitation blocks, the Single Shot Detector layer structure to derive inference results and the Feature pyramid networks structure. Also we efficiently extract features by changing the input resolution of the existing 1:1 ratio of the network to a 1:2 ratio similar to the mobile device screen. As a result of experimenting with the dataset we have built, the mean average precision was improved by up to 101% compared to baseline.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.869-879
• /
• 2022

Through this study, we discovered that among three types of compressed data blocks generated through the Deflate algorithm, No-Payload Non-Compressed Block type (NPNCB) which has no literal data can be randomly generated and inserted between normal compressed blocks. In the header of the non-compressed block, there is a data area that exists only for byte alignment, and we called this area as DBA (Disposed Bit Area), where an attacker can hide various malicious codes and data. Finally we found the vulnerability that hides malicious codes or arbitrary data through inserting NPNCBs with infected DBA between normal compressed blocks according to a pre-designed attack scenario. Experiments show that even though contaminated NPNCB blocks were inserted between normal compressed blocks, commercial programs decoded normally contaminated zip file without any warning, and malicious code could be executed by the malicious decoder.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.5
• /
• pp.119-131
• /
• 2009

Existing proposals on route optimization for nested Network Mobility(NEMO) have a problem that it is difficult to optimize a route promptly in an environment where a MR moves frequently. Also, they have L3 handoff latency as well as route optimization latency until an optimized route is formed. In this paper, we propose a L3 handoff scheme that supports fast route optimization for nested NEMO without any additional optimization procedure. To achieve this, our proposed scheme is designed to include a procedure that an AR acquires address informations of a MR. After receiving binding update message from the MR, the AR performs the binding update procedure with the MR's HA on behalf of the MR. Packets are delivered to the AR only passing by the MR's HA after a bi-directional tunnel is formed between the AR and the HA. The result of our performance evaluation has shown that the proposed scheme could provide excellent performance compared with the RRH and the ONEMO.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.94-96
• /
• 2021

Software-Defined Networking (SDN), which has emerged to overcome the limitations of existing network architectures, makes routing management simpler and more efficient through a central controller. SR (Segment Routing) is a flexible and scalable way of doing source routing, and defines the information path of the network through a list of segments arranged in the packet header. In an SDN environment, the performance of each router is almost the same, but packets tend to be concentrated on routes that are frequently used depending on routing algorithms. Routers in that path have a relatively high frequency of failure and are more likely to become bottlenecks. In this paper, we propose a routing algorithm that allows the router, which is a resource in the network, to evenly process packets in the SDN with SR, so that the administrator can utilize the resources in the network without idle routers, and at the same time facilitate the management of the router.

• Journal of the Korean Wood Science and Technology
• /
• v.39 no.4
• /
• pp.318-325
• /
• 2011

Pitch pine (Pinus rigida Miller) retaining walls using Steel bar, of which the constructability and strength performance are good at the construction site, were manufactured and their strength properties were evaluated. The wooden retaining wall using Steel bar was piled into four stories stretcher and three stories header, which is 770 mm high, 2,890 mm length and 782 mm width. Retaining wall was made by inserting stretchers into Steel bar after making 18 mm diameter of holes at top and bottom stretcher, and then stacking other stretchers and headers which have a slit of 66 mm depth and 18 mm width. The strength properties of retaining walls were investigated by horizontal loading test, and the deformation of structure by image processing (AlCON 3D OPA-PRO system). Joint (Type-A) made with a single long stretcher and two headers, and joint (Type-B) made with two short stretchers connected with half lap joint and two headers were in the retaining wall using Steel bar. The compressive shear strength of joint was tested. Three replicates were used in each test. In horizontal loading test the strength was 1.6 times stronger in wooden retaining wall using Steel bar than in wooden retaining wall using square timber. The timber and joints were not fractured in the test. When testing compressive shear strength, the maximum load of type-A and Type-B was 130.13 kN and 130.6 kN, respectively. Constructability and strength were better in the wooden retaining wall using Steel bar than in wooden retaining wall using square timber.

• Journal of Korean Home Economics Education Association
• /
• v.19 no.4
• /
• pp.91-117
• /
• 2007

This study was to compare the contents and practical problems addressed, the process of teaching-learning method, and evaluation method of Korean Home Economics curriculum and of the Oregon and Ohio's Practical Problem Focused Family & Consumer Sciences Curricula. The results are as follows. First, contents of Korean curriculum are organized by major sub-concepts of Home Economics academic discipline whereas curricular of both Oregon and Ohio states are organized by practical problems. Oregon uses the practical problems which integrate multi-subjects and Ohio uses ones which are good for the contents of the module by integrating concerns or interests which are lower or detailed level (related interests). Since it differentiates interest and module and used them based on the basic concept of Family and Consumer Science, Ohio's approach could be easier for Korean teachers and students to adopt. Second, the teaching-learning process in Korean home economics classroom is mostly teacher-centered which hinders students to develop higher order thinking skills. It is recommended to use student-centered learning activities. State of Oregon and Ohio's teaching-learning process brings up the ability of problem-solving by letting students clearly analyze practical problems proposed, solve problems by themselves through group discussions and various activities, and apply what they learn to other problems. Third, Korean evaluation system is heavily rely on summative evaluation such as written tests. It is highly recommended to facilitate various performance assessment tools. Since state of Oregon and Ohio both use practical problems, they evaluate students mainly based on their activity rather than written tests. The tools for evaluation include project documents, reports of learning activity, self-evaluation, evaluation of discussion activity, peer evaluation in a group for each students for their performance, assessment about module, and written tests as well.