Jong-Ho Ryu

Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System

A decision tree is a outstanding method for the data mining. In intrusion detection systems (IDSs), the data mining techniques are useful to detect the attack especially in anomaly detection. For the decision tree, we use the DARPA 98 Lincoln Laboratory Evaluation Data Set (DARPA Set) as the training data set and the testing data set. KDD 99 Intrusion Detection data set is also based on the DARPA Set. These three entities are widely used in IDSs. Hence, we describe the total process to generate the decision tree learned from the DARPA Sets. In this paper, we also evaluate the effective value of the decision tree as the data mining method for the IDSs, and the DARPA Set as the learning data set for the decision trees.

Identity based KCDSA signcryption

Many signciyption schemes have been proposed to provide authentication and confidentiality of a message efficiently. Among such a scheme, identity-based cryptography is one of the public key cryptography that does not require the certificate for a public key and pre-compute key pair. This scheme uses the public key that can be generated from an arbitrary identifier such as an email address, while the private key is derived by a trusted private key generator as occasion demands. In this paper, we propose identity-based KCDSA(Korean certificate-based digital signature algorithm) signcryption schemes providing the semantic security. Also, the proposed schemes support either the public veiifiability or the forward secrecy. The proposed schemes are based on the standardized digital signature scheme and can be applied to the established KCDSA systems

pFlours: A New Packet and Flow Gathering Tool

A network monitoring is an essential activity for managing, diagnosing, and protecting network resources. The network traffic gathering is a foundation of the network monitoring. For the detail network monitoring, both the packet information and the flow information is needed. However, in the sampling needed environments, the sampling method and timing of the packet and flow gathering tools are different. Here, the synchronization problem occurs. Thus, in this paper, we present a new network traffic gathering tool called pFlours. The proposed tool, pFlours, fetches a packet and does the sampling, and then makes flows and packet dumps using the fetched packet. This, the ensemble of packet and flow information eliminates a synchronization problem during sampling network traffic. In this paper, we present the specification of pFlours: the aims, features, design, and performance. The pFlours can gather flows as well as packets, solve the synchronization problem, and export the gathered packets and flows to the remote collector. Furthermore, the pFlours consumes only little system resource and shows good work on the high speed networks.

A developing of signature-based network security tester for NGSS

This paper presents the testing tool that automatically generates attack traffic. Existing test equipments for network security systems are very expensive and difficult to use. We have designed and implemented NST (network security tester) that generate attack traffic using the signature of the snort network-based intrusion detection system. A set of attack packets is created from the database according to the pre-designed test scenario then transmitted to a target system. The proposed system shows useful features such as an attack information database, a scenario writing, a TCP session attack and high parsing success rate

A Study of Performance improvement on the End-host through Diagnosis of System Metrics

These days in Internet, emerging various applications has become more complicated and needed large bandwidth under the necessity to securely use them. Network bandwidth has increased as much as to support those needs. But it becomes increasingly difficult to utilize them to their full capacity [I]. In other word, up-grading of network bandwidth is not enough solution to enhance performance experienced by end users. There are so many causes including TCP/IP protocol behaviors, application issues and network configuration issues etc. In this paper, I would suggest a new system diagnosis tool to settle specially enhancement of end user & E2E performance. The goals of this tool are to enable an end user & network operator to diagnose an end-host system and E2E performance weak point, offer some advises and optimize the systems by given auto or manual system metrics tuning guideline. And I wish to get an overlay network to understand network characteristics and utilize full network capacity. In this paper, we look over briefly other relative projects and introduce some key metrics to optimize end-host performance

A revised LKK proxy blind signature scheme

In 1996, the concept of proxy signature was introduced by Mambo, Usuda and Okamoto in M. Mambo et al. (1996). A strong proxy signature scheme has been introduced in B. Lee et al. (2001), which we call LKK (B. Lee, H. Kim, K. Kim) scheme. In Z. Dong et al. (2003), the authors showed that the LKK scheme is vulnerable to their attack. In this paper, based on the vulnerability of the LKK scheme and blind Schnorr signature scheme, we propose a revised proxy signature and a proxy blind signature scheme. The basic idea is to propose the revised scheme resisting their attack and to make it difficult for the original signer to delete a delegation value