Ki-Yeol Ryu

Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages

Since SIP uses a text-based message format and is open to the public Internet, it provides a number of potential opportunities for Denial of Service (DoS) attacks in a similar manner to most Internet applications. In this paper, we propose an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. The proposed method can be easily extended to detect flooding attacks by other SIP messages.

An efficient algorithm for computing safe exit points of moving range queries in directed road networks

In this paper, we investigate the problem of computing the safe exit points of moving range queries in directed road networks where each road segment has a particular orientation. The safe exit point of query object q indicates the point at which the safe region and non-safe region of q meet. A safe region indicates a region where the query result remains unchanged provided q remains inside this region. Unfortunately, the existing state-of-the-art algorithm focuses on computing the safe exit points of moving range queries in undirected road networks where every road segment is undirected. What is worse, far too little attention has been paid to moving range queries in dynamic road networks where the network distance changes depending on the traffic conditions. In this paper, we address these problems by proposing an efficient algorithm called CRUISE for computing the safe exit points of moving range queries in directed road networks. Our experimental results demonstrate that CRUISE significantly outperforms a conventional solution in terms of both computational and communication costs.

An Enhancement of SIENA Event Routing Algorithms

A new class of applications based on event interactions is emerging for the wide-area network such as Internet, which is characterized as loose coupling, heterogeneity, and asynchrony. Content-based event routing has been studied to implement an event notification service for wide-area networks. In this paper, we analyze some anomalies of the event routing algorithm in SIENA, a recently developed as a representative event notification service architecture, and develop enhanced routing algorithms. The proposed algorithms take the advantage of SIENA while resolving the anomalies.

A whitelist-based countermeasure scheme using a Bloom filter against SIP flooding attacks

Since SIP uses a text-based message format and is open to the public Internet, it is exposed to a number of potential threats of denial of service (DoS) by flooding attacks. Although several approaches have been proposed to detect and counteract SIP flooding attacks, most of these do not provide effective countervailing schemes to protect normal messages from abnormal ones after attacks have been detected. In addition, these approaches have some limitations in large user environments for SIP-based multimedia services. In this paper, a whitelist-based countermeasure scheme is proposed, to protect both normal SIP users and servers from malicious flooding attacks. To construct the whitelist, a Bloom filter approach is used, to reduce memory requirements and computational complexity. We use the non-membership ratio as a measure for the attack detection, instead of using the message rate usually used in conventional schemes. It is shown that the proposed method can provide more robust detection performances.

Moving range k nearest neighbor queries with quality guarantee over uncertain moving objects

To avoid traffic accidents, drivers must constantly be aware of nearby vehicles. Unfortunately, nearby vehicles often go unnoticed because of various obstacles such as other vehicles, buildings, or poor weather. In this paper, we study Moving range k-nearest neighbor (MRkNN) queries as a tool for continuously monitoring nearby moving objects. A simple approach to processing MRkNN queries is to have each object periodically broadcast information regarding its movements (i.e., location and velocity at a particular time) to other objects. However, this simple technique cannot be used to process MRkNN queries owing to the limited network bandwidth in mobile peer-to-peer environments. Therefore, we address this bandwidth limitation by proposing a probabilistic algorithm, called MINT, for MovIng range k-NN queries with qualiTy guarantee over uncertain moving objects. MINT provides users with approximate answers with a quality guarantee, rather than exact answers, with near optimal communication costs. Using a series of simulations, we demonstrate the efficiency and efficacy of?MINT in evaluating MRkNN queries with a quality guarantee.

Mission-critical packet transfer with explicit path selection in WMN-based tactical networks

In military communication environments, most mission-critical data should be guaranteed to be delivered to their corresponding targets in time even sacrificing the quality of services (QoSs) for existing non-mission-critical flows. This preemption capability is one of the most required features for the operation of tactical networks. And, it can be achieved by sacrificing QoSs for traditional class-based non mission-critical flows along the path for the delivery of those mission-critical data. Multilevel precedence and preemption (MLPP) has been developed for circuit-switched military networks. Since the paths to deliver data in circuit-switched networks are explicitly established, the implementation of MLPP is very simple,. However, since paths to deliver data are implicit and varying according to the changes of topologies in packet-switched and mobile ad-hoc networks, it is very difficult to implement the precedence capability. In this paper, we propose a preemptive control method to guarantee the delivery of mission-critical data in wireless mesh network (WMN)-based mobile tactical networks. To provide the preemption capability, we also propose a method to establish an explicit path in WMN environment. With the explicitly established path, cross layer-based queue management scheme at each node along the path is also proposed. The performances of the proposed method are evaluated through simulations, and the results show that the proposed method is very suitable to support preemptive mission-critical data delivery.

A probabilistic approach for collision avoidance of uncertain moving objects within black zones

This work addresses the problem of collision avoidance for vehicles in black zones where the risk of accidents increases. Vehicles have an inherent uncertainty of location because the exact position of a moving object is known, with certainty, only at the time of an update on position information. This paper proposes a collision prediction model and a monitoring algorithm for collision avoidance within black zones by considering the location uncertainty of moving vehicles. It formalizes the impact of trajectories of moving vehicles on probabilistic collision prediction. The proposed approach provides approximate answers to the user at the users required level of accuracy while achieving near-optimal communication and computational costs. Finally, extensive experiments were conducted to show the efficiency and efficacy of the proposed approach.

A Countermeasure Scheme Based on Whitelist using Bloom Filter against SIP DDoS Attacks

SIP(Session Initiation Protocol) has some security vulnerability because it works on the Internet. Therefore, the proxy server can be affected by the flooding attack such as DoS and service interruption. However, traditional schemes to corresponding Denial of Service attacks have some limitation. These schemes have high complexity and cannot protect to the variety of Denial of Service attack. In this paper, we newly define the normal user who makes a normal session observed by verifier module. Our method provides continuous service to the normal users in the various situations of Denial of Service attack as constructing a whitelist using normal user information. Various types of attack/normal traffic are modeled by using OPNET simulator to verify our scheme. The simulation results show that our proposed scheme can prevent DoS attack and achieve a low false rate and fast searching time.

An Organization Framework for Role-based Adaptive Distributed Systems

Recently, role-based distributed system models have been proposed to support adaptive interactions in ubiquitous application environment. A Role-based distributed model regards an application as an organization composed of roles, and separate players running role processes from the roles. When an application is running, it binds a role with a player, and the player runs dynamically assigned role processes provided by an application for supporting adaptability. However, there has not been much attention on researches about development and runtime environment for role-based distributed systems. In this paper we suggest an application framework as an environment for developing and executing role-base distributed systems. The application framework is divided into two parts: an organization framework to manage and construct an organization composed of roles necessary in the application, and a player framework to provide running environment for players. In this paper, we focus on the organization framework which supports the creation and management of organizations, directory service for players and allocation of players to roles, and message brokering between roles and players. The proposed framework makes developers to be able to develop highly adaptive distributed systems in the ubiquitous environment.

Role-Based Application Model for Supporting Spontaneous Interoperation in Ubiquitous Environments

The spontaneous interoperation is an important characteristic of ubiquitous applications and is closely related with mobility. The mobile components in ubiquitous environments are liable to appear in and disappear from one physical space to another. Because this characteristic certainly influences the structure and behavior of applications, they should adapt themselves to the changed environments by configuring their structure and behaviors. Consequently, developers are faced with the above challenging issue when they design and implement ubiquitous applications. The role concept is an efficient tool to model participant entities, their relationship, and collaboration, so role-based model are appropriate to describe a structure and behavior of software system. But, little attention has been given to reflect characteristics of ubiquitous applications. To tackle the problem, this study considers a ubiquitous application as a software organization which consists of software components and proposes an enhanced role-based application model for supporting spontaneous interoperation.