• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.93-103
• /
• 2006

Network solutions for protecting against worm attacks that complement partial end system patch deployment is a pressing problem. In the content-based worm filtering, the challenges focus on the detection accuracy and its performance enhancement problem. We present a worm filter architecture using the bloom filter for deployment at high-speed transit points on the Internet, including firewalls and gateways. Content-based packet filtering at multi-gigabit line rates, in general, is a challenging problem due to the signature explosion problem that curtails performance. We show that for worm malware, in particular, buffer overflow worms which comprise a large segment of recent outbreaks, scalable -- accurate, cut-through, and extensible -- filtering performance is feasible. We demonstrate the efficacy of the design by implementing it on an Intel IXP network processor platform with gigabit interfaces. We benchmark the worm filter network appliance on a suite of current/past worms, showing multi-gigabit line speed filtering prowess with minimal footprint on end-to-end network performance.

• The Journal of the Korea Contents Association
• /
• v.16 no.5
• /
• pp.242-250
• /
• 2016

This study was conducted to investigate whether Stroop-related cognitive task will be affected according to the preceding affective valence factored by matchedness in response time(RT) and whether facial recognition will be indexed by specific event-related potentials(ERPs) signature in normal person as in patients suffering from affective disorder. ERPs primed by subliminal(30ms) facial stimuli were recorded when presented with four pairs of affect(positive or negative) and cognitive task(matched or mismatched) to get ERP effects(N2 and P300) in terms of its amplitude and peak latency variations. Behavioral response analysis based on RTs confirmed that subliminal affective stimuli primed the target processing in all affective condition except for the neutral stimulus. Additional results for the ERPs performed in the negative affect with mismatched condition reached significance of emotional-face specificity named N2 showing more amplitude and delayed peak latency compared to the positive counterpart. Furthermore the condition shows more positive amplitude and earlier peak latency of P300 effect denoting cognitive closure than the corresponding positive affect condition. These results are suggested to reflect that negative affect stimulus in subliminal level is automatically inhibited such that this effect had influence on accelerating detection of the affect and facilitating response allowing adequate reallocation of attentional resources. The functional and cognitive significance with these findings was implied in terms of subliminal effect and affect-related recognition modulating the cognitive tasks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.666-677
• /
• 2015

The importance of application traffic analysis for efficient network management has been emphasized continuously. Snort is a popular traffic analysis system which detects traffic matched to pre-defined signatures and perform various actions based on the rules. However, it is very difficult to get highly accurate signatures to meet various analysis purpose because it is very tedious and time-consuming work to search the entire traffic data manually or semi-automatically. In this paper, we propose a novel method to generate signatures in a fully automatic manner in the form of sort rule from raw packet data captured from network link or end-host. We use a sequence pattern algorithm to generate common substring satisfying the minimum support from traffic flow data. Also, we extract the location and header information of the signature which are the components of snort content rule. When we analyzed the proposed method to several application traffic data, the generated rule could detect more than 97 percentage of the traffic data.