• Journal of Korean Institute of Industrial Engineers
• /
• v.25 no.2
• /
• pp.233-239
• /
• 1999

With the increase of Internet protocol (IP) packets the performance of routers became an important issue in internetworking. In this paper we examined the matching algorithm in gigabit router which has input queue with virtual output queueing. Port partitioning concept is employed to reduce the computational burden of the scheduler within a switch. The input and output ports are divided into two groups such that the matching algorithm is implemented within each input-output pair group in parallel. The matching is performed by exchanging input and output port groups at every time slot to handle all incoming traffics. Two algorithms, maximal weight matching by port partitioning (MPP) and modified maximal weight matching by port partitioning (MMPP) are presented. MMPP has the lowest delay for every packet arrival rate. The buffer size on a port is approximately 20-60 packets depending on the packet arrival rates. The throughput is illustrated to be linear to the packet arrival rate, which can be achieved under highly efficient matching algorithm.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.543-550
• /
• 2005

Demand for better services in the Internet has been increasing due to the rapid growth of the Internet, and hence next generation routers are required to perform intelligent packet classification. For a given classifier defining packet attributes or contents, packet classification is the process of identifying the highest priority rule to which a packet conforms. A notable characteristic of real classifiers is that a packet matches only a small number of distinct source-destination prefix pairs. Therefore, a lot of schemes have been proposed to filter rules based on source and destination prefix pairs. However, most of the schemes are based on sequential one-dimensional searches using trio which requires huge memory. In this paper, we proposea memory-efficient two-dimensional search scheme using source and destination prefix pairs. By constructing binary prefix tree, source prefix search and destination prefix search are simultaneously performed in a binary tree. Moreover, the proposed two-dimensional binary prefix tree does not include any empty internal nodes, and hence memory waste of previous trio-based structures is completely eliminated.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.4
• /
• pp.344-365
• /
• 2009

The performance of a tracking system is greatly increased if multiple types of sensors are combined to achieve the objective of the tracking instead of relying on single type of sensor. To conduct the multi-modal tracking, we have previously developed a multi-modal sensor-based tracking model where acoustic sensors mainly track the objects and visual sensors compensate the tracking errors [1]. In this paper, we find a network synchronization problem appearing in the developed tracking system. The problem is caused by the different location and traffic characteristics of multi-modal sensors and non-synchronized arrival of the captured sensor data at a processing server. To effectively deliver the sensor data, we propose a time-based packet aggregation algorithm where the acoustic sensor data are aggregated based on the sampling time and sent to the server. The delivered acoustic sensor data is then compensated by visual images to correct the tracking errors and such a compensation process improves the tracking accuracy in ideal case. However, in real situations, the tracking improvement from visual compensation can be severely degraded due to the aforementioned network synchronization problem, the impact of which is analyzed by simulations in this paper. To resolve the network synchronization problem, we differentiate the service level of sensor traffic based on Weight Round Robin (WRR) scheduling at the routers. The weighting factor allocated to each queue is calculated by a proposed Delay-based Weight Allocation (DWA) algorithm. From the simulations, we show the traffic differentiation model can mitigate the non-synchronization of sensor data. Finally, we analyze expected traffic behaviors of the tracking system in terms of acoustic sampling interval and visual image size.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.9
• /
• pp.38-45
• /
• 2007

With the emergence of new applications, packet classification is essential for supporting advanced internet applications, such as network security and QoS provisioning. As the packet classification on multiple-fields is a difficult and time consuming problem, internet routers need to classify incoming packet quickly into flows. In this paper, we present multi-phase packet classification architecture using an internal buffer for fast packet processing. Using internal buffer between address pair searching phase and remained fields searching phases, we can hide latency from the characteristic that search times of source and destination header fields are different. Moreover we guarantee the improvement by using single entry caching. The proposed architecture is easy to apply to different needs owing to its simplicity and generality.

• Journal of Internet Computing and Services
• /
• v.8 no.5
• /
• pp.125-132
• /
• 2007

Transmission mechanisms that include an available bandwidth estimation algorithm and a packet loss differentiation scheme, in general, exhibit higher TCP performance in wireless networks. TCP New Jersey, known as the best existing scheme in terms of goodput, improves wireless TCP performance using the available bandwidth estimation at the sender and the congestion warning at intermediate routers. Although TCP New Jersey achieves 17% and 85% improvements in goodput over TCP Westwood and TCP Reno, respectively, we further improve TCP New Jersey by exploring improved available bandwidth estimation, retransmission timeout, and recovery mechanisms. Hence, we propose TCP New Jersey PLUS (shortly TCP NJ+), showing that under 1% packet loss rate, it outperforms 3% by TCP New Jersey and 5% by TCP Wes1wood. In 5% packet loss rate, a characteristic of high bit-error-rate wireless network, it outperforms other TCP variants by 19% to 104% in terms of goodput even when the network is in bi-directional congestion.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2B
• /
• pp.183-191
• /
• 2004

Single shortest path routing is known to perform poorly for Internet traffic engineering (TE) where the typical optimization objective is to minimize the maximum link load. Splitting traffic uniformly over equal cost multiple shortest paths in OSPF and IS-IS does not always minimize the maximum link load when multiple paths are not carefully selected for the global traffic demand matrix. However, among all the equal cost multiple shortest paths in the network, a set of TE-aware shortest paths, which reduces the maximum link load significantly, can be found and used by IP routers without any change of existing routing protocols and serious configuration overhead. While calculating TE-aware shortest paths. the destination-based forwarding constraint at a node should be satisfied, because an IP router will forward a packet to the next-hop toward the destination by looking up the destination prefix. In this paper, we present a problem formulation of finding a set of TE-aware shortest paths in ILP, and propose a simple heuristic for the problem. From the simulation results, it is shown that TE-aware shortest path routing performs better than default shortest path routing and ECMP in terms of the maximum link load with the marginal configuration overhead of changing the next-hops.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2B
• /
• pp.158-166
• /
• 2004

Address lookup is one of the most essential functions of the Internet routers and a very important feature in evaluating router performance. Due to the facts that the Internet traffic keeps growing and the number of routing table entries is continuously growing, efficient address-lookup mechanism is indispensable. In recent years, various fast address-lookup schemes have been proposed, but most of those schemes are not practical in terms of the memory size required for routing table and the complexity required in table update In this paper, we have proposed a parallel IP address lookup architecture based on multiple hashing. The proposed scheme has advantages in required memory size, the number of memory accesses, and table update. We have evaluated the performance of the proposed scheme through simulation using data from MAE-WEST router. The simulation result shows that the proposed scheme requires a single memory access for the address lookup of each route when 203kbytes of memory and a few-hundred-entry TCAM are used.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.9B
• /
• pp.577-588
• /
• 2007

The rapid growth of the Internet has stimulated the development of various new applications and services, and the service providers and the Internet users now require different levels of service qualities rather than current best-effort service which treats all incoming packet equally. Therefore, next generation routers should provide the various levels of services. In order to provide the quality of services, incoming packets should be classified into flows according to pre-defined rules, and this should be performed for all incoming packets in wire-speed. Packet classification not only involves multi-dimensional search but also finds the highest priority rule among all matching rules. Area-based quad-trie is a very good algorithm that constructs a two-dimensional trie using source and destination prefix fields. However, it performs the linear search for the prefix length, and hence it does not show very good search performance. In this paper, we propose to apply binary search on length to the area-based quad-trie algorithm. In improving the search performance, we also propose two new algorithms considering the priority of rules in building the trie.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.1
• /
• pp.129-137
• /
• 2016

Transmission Control Protocol as a transport layer protocol provides steady data transfer service. There are some serious concerns about the performance of TCP over diverse networks. The vital concern in TCP network environment is congestion which may occur due to quick transmission rates or because of large number of new connections entering the network at the same time. Size of queues in routers grows thus resulting in packet drops. Retransmission of the dropped packets, and reduced throughput can prove costly. Explicit Congestion Notification (ECN) in conjunction with Active Queue Management mechanisms (AQM) such as Random early detection (RED) is used for packet marking rather than dropping. In IP packet header ECN bits can be added as a sign of congestion thus avoiding needless packet drops. The proposed ECN and AQM mechanism can be implemented with help of ns2 simulator and the performance can be tested on different TCP variants.