• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.203-206
• /
• 2020

소프트웨어 정의 네트워크(Software-Defined Networking; SDN) 기술은 기존 네트워크 기술의 폐쇄성과 복잡성의 한계를 극복하고, 중앙 집중적 관리 및 프로그래밍 기반의 네트워크 서비스를 제공할 수 있는 장점이 있다. 그러나 SDN 환경에서도 다른 네트워크 환경처럼 악의적인 DDoS 공격으로 인해 전체 네트워크 서비스가 마비될 수도 있는 문제가 있다. 이러한 문제를 해결하기 위한 기존의 연구들은 공격이 인입되는 스위치 포트를 차단하거나, 공격자의 출발지 주소 자체를 차단하는 기법 등이 있으나 공격 트래픽과 함께 정상 트래픽까지 차단하는 문제가 있다. 본 논문에서는 SDN 환경에서 DDoS 공격 발생 시 악의적인 트래픽만 방어하고, 정상적인 트래픽은 최대한 허용하는 서비스 Flow 기반의 방어 기법을 제안한다. 제안 기법은 SDN 환경에서 Flow 분석을 통해 DDoS 공격을 탐지한 후 이를 접근제어 리스트 방식을 통해 공격 트래픽만을 차단하는 것이 가능하다. 실험 결과를 통해 공격자의 악의적인 트래픽은 차단하고, 정상적인 트래픽은 허용하는 것이 확인되었다.

• Journal of Information Processing Systems
• /
• v.14 no.1
• /
• pp.228-238
• /
• 2018

With the rapid advancement of Internet services, there has been a dramatic increase in services that dynamically provide Internet resources on demand, such as cloud computing. In a cloud computing service, because the number of users in the cloud is changing dynamically, it is more efficient to utilize a flexible network technology such as software-defined networking (SDN). However, to efficiently support the SDN-based cloud computing service with limited resources, it is important to effectively manage the flow table at the SDN switch. Therefore, in this paper, a new flow management scheme is proposed that is able to, through efficient management, speed up the flow-entry search speed and simultaneously maximize the number of flow entries. The proposed scheme maximizes the capacity of the flow table by efficiently storing flow entry information while quickly executing the operation of flow-entry search by employing a hash index. In this paper, the proposed scheme is implemented by modifying the actual software SDN switch and then, its performance is analyzed. The results of the analysis show that the proposed scheme, by managing the flow tables efficiently, can support more flow entries.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.128-130
• /
• 2020

소프트웨어 정의 네트워킹(SDN)은 기존 네트워크의 컨트롤 기능을 컨트롤러에 중앙 집중화하여 프로그램 가능하며 유연한 네트워크 관리 방식을 제공한다. 컨트롤러-스위치 간 인터페이스 표준 기술인 OpenFlow에서는 스위치 내부의 플로우 테이블을 이용하여 네트워크에 접근하는 패킷을 처리한다. 하지만 OpenFlow 스위치에 주로 사용되는 TCAM의 부족한 용량으로 인해, 많은 트래픽이 발생하는 환경에서 플로우 테이블에 충분한 양의 플로우 엔트리를 설치하지 못하는 문제가 발생한다. 이 경우 플로우 테이블 오버플로우가 발생하는데, 네트워크에 새로이 진입하는 플로우를 위하여 기존의 플로우 엔트리를 방출시킬 필요가 있다. 이때, 활성화된 플로우 엔트리를 방출하게 되면 네트워크 컨트롤 오버헤드가 크게 증가할 위험이 있다. 따라서 오버플로우가 발생했을 때 어떤 플로우 엔트리를 방출시킬지 정하는 것이 중요하다. 이에 본 논문은 플로우 프로토콜 타입에 기반한 플로우 엔트리 방출 정책을 제안하여 효율적인 플로우 테이블 사용을 목표로 한다.

• 제어로봇시스템학회:학술대회논문집
• /
• 1991.10b
• /
• pp.1796-1800
• /
• 1991

Picture Archiving and Communication Systems(PACS) provide an integration of digital imaging information in a hospital, which encompasses various imaging equipment, viewing workstations, database archive systems, and a high speed fiber optic network. One of the most important requirements for integration is the standardization of communication protocols to connect devices from different vendors. Since 1985, the ACR-NEMA standard provides a hardware interface, a set of software commands, and a consistent set of data formats for point-to-point interconnection of medical equipment. However, it has been shown to be inadequate for PACS networking environments, because of its point-to-point nature and its inflexibility to allow other services and protocols in the future. Based on previous experience of PACS developments in The University of Arizona, a new communication protocol for PACS networks has been suggested to the ACR-NEMA Working Group VI. The defined PACS protocol is intended to facilitate the development of PACS's capable of interfacing with other hospital information systems. Also, it is intended to allow the creation of diagnostic information data bases which can be interrogated by a variety of distributed devices. A particularly important goal is to support communications in a multivendor environment. The new protocol specifications are defined primarily as a combination of the International Organization for Standardization / Open Systems Interconnection (ISO/OSI) protocols and the data format portion of ACR-NEMA standard. This paper addresses the specification and implementation of the proposed PACS protocol into network node. The protocol specification, which covers Presentation, Session, Transport, and Network layers, is summarized briefly. The implementation has natural extentions to Global PACS environments. The protocol implementation is discussed based on our implementation efforts in the UNIX Operating System Environment. At the same time, results of performance evaluation are presented to demonstrate the implementation of defined protocol. The testing of performance analysis is performed on the PACS prototype node.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.6
• /
• pp.1047-1054
• /
• 2022

With the advent of SDN, a next-generation network technology that separates the hardware and software areas of network equipment and defines the network using open source-based software, it solves the problems of complexity and scalability of the existing network system. It is now possible to configure a custom network according to the requirements. However, it has a structural disadvantage that a load on the network may occur due to a lot of control communication occurring between the controller and the switch, and many studies on network load distribution to effectively solve this have been preceded. In particular, in previous studies of load balancing techniques related to flow tables, many studies were conducted without consideration of flow entries, and as the number of flows increased, the packet processing speed decreased and the load was increased. To this end, we propose a new network load balancing technique that monitors flows in real time and applies dynamic flow management techniques to control the number of flows to an appropriate level while maintaining high packet processing speed.

• Journal of Digital Convergence
• /
• v.16 no.11
• /
• pp.329-334
• /
• 2018

Web services are standardized software technologies that enable interoperability of operating systems and programming languages through networks and related standards. Web services are distributed computing services that provide and discover services making it possible to access various services. Since the search method of web service considers only the functional aspect, it has a limitation on user-oriented search when selecting a service. In order to solve these problems, this study proposes an automatic IoT information generation tool, and provides IoT extension information when searching a web service, thereby improving the problem so that a suitable service can be selected for a user. Automatic IoT extension information generation tool proposed in this study collects and stores various information generated in the process of sensing, networking, and information processing by collaborating autonomously in a distributed environment of user, object, and service. The proposed method supports the service search suitable for the user by providing the information generated by the user as extended information when searching the web service. The proposed method can be applied to the 4th industry sector to provide a customized service that meets various environment requirements.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.9
• /
• pp.2391-2402
• /
• 1997

TINA is the Open Networking Architecture which as newly introduced software architecture shares the network managements and the service managements on the Distributed Processing Environment. In this paper, based on the concepts and principles defined up to now, we implement and test the CM(Connection Management) Package included in CM which is one of the six functional areas into which TINA Management Architecture is devided. Before the implementation we learn the basic concepts accepted by the four architectures in TINA, and medelling concept of the CM. The interfaces of eaxh information objects explain the functions of computational objects implemented, and the message flows among the computational objects show the connection setup and release procedures.

• Journal of Information Processing Systems
• /
• v.13 no.3
• /
• pp.546-558
• /
• 2017

The amount of multimedia traffic over the Internet has been increasing because of the development of networks and mobile devices. Accordingly, studies on multicast, which is used to provide efficient multimedia and video services, have been conducted. In particular, studies on centralized multicast tree construction have attracted attention with the advent of software-defined networking. Among the centralized multicast tree construction algorithms, the group Takahashi and Matsuyama (GTM) algorithm is the most commonly used in multiple multicast tree construction. However, the GTM algorithm considers only the network-cost overhead when constructing multicast trees; it does not consider the temporary service disruption that arises from a link change for users receiving an existing service. Therefore, in this study, we propose a multiple multicast tree construction algorithm that can reduce network cost while avoiding considerable degradation of service quality to users. This is accomplished by considering both network-cost and link-change overhead of users. Experimental results reveal that, compared to the GTM algorithm, the proposed algorithm significantly improves the user-experienced quality of service by substantially reducing the number of linkchanged users while only slightly adding to the network-cost overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.485-500
• /
• 2018

As the size of the system and network environment grows and the network structure and the system configuration change frequently, network administrators have difficulty managing the status manually and identifying real-time changes. In this paper, we suggest a system that scans dynamic network information in real time, scores vulnerability of network devices, generates all potential attack paths, and visualizes them using attack graph. We implemented the proposed algorithm based attack graph; and we demonstrated that it can be applicable in MTD concept based defense system by simulating on dynamic virtual network environment with SDN.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.23 no.2
• /
• pp.106-114
• /
• 2020

NCW which is shaping favorable conditions with obtaining initiative through superiority in C2 and information sharing is critical to the result of the war in a modern warfare. An important requirement to attain superiority through an effective networking in a war-environment is to apply QoS to ensure priority in supporting critical mission and services. In order to obtain an effective NCOE through JCS-led QoS support, standard doucments have been reviewed and analyzed to understand the current level of technology and development. In addition, QoS-related policy documents which is currently being applied by the ROK armed forces have been analyzed to substantiated the JCS-led QoS model and propose the directions of development and enhancement required in the realm of technology, policy and system.