Search

Your search keyword '"Min Sik Kim"' showing total 64 results
Start Over Author "Min Sik Kim" Publisher ieee
64 results on '"Min Sik Kim"'

2. Linear prediction-based dereverberation with very deep convolutional neural networks for reverberant speech recognition

Author

Min Sik Kim, Sunchan Park, Hyung Soon Kim, and Yongwon Jeong

Subjects
Speech enhancement, Computer science, Mean squared prediction error, Speech recognition, Task analysis, Preprocessor, Word error rate, Linear prediction, Convolutional neural network, Task (project management)
Abstract

Convolutional neural networks (CNNs) have been shown to improve classification tasks such as automatic speech recognition (ASR). Furthermore, the CNN with very deep architecture lowered the word error rate (WER) in reverberant and noisy environments. However, DNN-based ASR systems still perform poorly in unseen reverberant conditions. In this paper, we use the weighted prediction error (WPE)-based preprocessing for dereverberation. In our experiments on the ASR task of the REVERB Challenge 2014, the WPE-based processing with eight channels reduced the WER by 20% for the real-condition data using CNN acoustic models with 10 layers.

Published
2018

3. Cyber situational awareness enhancement with regular expressions and an evaluation methodology

Author

Min Sik Kim, Hyun Kyoo Park, Moosung Park, and Kyungho Lee

Subjects
Decision support system, Situation awareness, Computer science, Deep packet inspection, 06 humanities and the arts, 02 engineering and technology, 0603 philosophy, ethics and religion, Computer security, computer.software_genre, Cyber operations, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 060301 applied ethics, Regular expression, computer
Abstract

Cybersecurity is one of critical issues in modern military operations. In cyber operations, security professionals depend on various information and security systems to mitigate cyber threats through enhanced cyber situational awareness. Cyber situational awareness can give decision makers mission completeness and providing appropriate timely decision support for proactive response. The crucial information for cyber situational awareness can be collected at network boundaries through deep packet inspection with security systems. Regular expression is regarded as a practical method for deep packet inspection that is considering a next generation intrusion detection and prevention, however, it is not commonly used by the reason of its resource intensive characteristics. In this paper, we describe our effort and achievement on regular expression processing capability in real time and an evaluation method with experimental result.

Published
2017

4. Simulating Exploits for the Creation and Refinement of Detection Signatures

Author

Lin Ya-Wen, Atsuhiro Suzuki, Victor C. Valgenti, and Min Sik Kim

Subjects
021110 strategic, defence & security studies, Exploit, Computer science, 0211 other engineering and technologies, Process (computing), 02 engineering and technology, computer.software_genre, Signature (logic), Set (abstract data type), Feature (computer vision), 0202 electrical engineering, electronic engineering, information engineering, Leverage (statistics), 020201 artificial intelligence & image processing, Anomaly detection, Data mining, Host (network), computer
Abstract

Advanced computer security systems rely on a host of detectors that examine anomalies, or known signatures, to qualify network traffic. Anomaly detectors usually come at greater cost in resources over signature detectors spurring the desire to translate anomalies into identifiable signatures. Automatic Signature Generation (ASG) attempts to automate the process of creating signatures to describe newly identified malicious network traffic. However, the quality of the signatures created in ASG depends on the ability to identify malicious traffic which remains a difficult problem plagued by massive amounts of data, high-speed links, and an adversarial environment. As a result, the detection process itself can greatly hamper the process of Automatic Signature Generation.This research attempts to leverage the Metasploit framework to provide a simulation environment that can execute exploits and record those attacks without interference from rogue users or any reliance on detection methods. This simulation environment side-steps the problem of identifying the malicious traffic because the executed exploits are known malicious and isolated. The Metasploit framework provides many tools for mutating and varying attack signatures such that each execution of an exploit may have a wildly different signature. We employ this mutational feature of Metasploit, and use prior ASG techniques, to create a smaller set of signatures that address the core of an attack rather than quantifying each variant. We demonstrate that creating signatures in such an environment is not only viable, but may even be desirablein order for a user to have the most effective signature set for their purpose.

Published
2017

5. A shutter-less micro-bolometer thermal imaging system using multiple digital correlated double sampling for mobile applications

Author

Kwyro Lee, Hyungchul Park, Cho Tei, Seunghyun Park, and Min Sik Kim

Subjects
Microelectromechanical systems, Correlated double sampling, Materials science, Noise measurement, business.industry, 010401 analytical chemistry, Fixed-pattern noise, Bolometer, 020206 networking & telecommunications, 02 engineering and technology, 01 natural sciences, 0104 chemical sciences, law.invention, CMOS, law, Shutter, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, Optoelectronics, Image sensor, business
Abstract

A micro-bolometer focal plane array (MBFPA)-based long wavelength Infra-red thermal imaging sensor is presented. The proposed multiple digital correlated double sampling (MD-CDS) readout method employing newly designed reference-cell greatly reduces PVT variation-induced fixed pattern noise (FPN) and as a result features much relaxed calibration process, easier TEC-less operation and Shutter-less operation. The readout IC and MBFPA was fabricated in 0.35um CMOS and amorphous silicon MEMS process respectively. The fabricated MBFPA thermal imaging sensor has NETD performance of 0.1 kelvin even though the mechanical shutter is not used.

Published
2017

6. Increasing Diversity in Network Intrusion Detection System Evaluation

Author

Victor C. Valgenti and Min Sik Kim

Subjects
business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, System evaluation, Context (language use), Intrusion detection system, Machine learning, computer.software_genre, Network intrusion detection, Data mining, Artificial intelligence, business, computer, Diversity (business)
Abstract

The performance of Network Intrusion Detection Systems (NIDS) depends heavily on the inputs to the system (rules and network traffic). A common trend in the evaluation of NIDS is to use a narrow selection of publicly or privately available rule-sets and traffic. Private rule-sets and traffic make the repeatability of experiments difficult while publicly available rule-sets and traffic often lack the diversity to explore the NIDS's true operating range. This can cause misleading results in the face of inputs that do not adequately test the NIDS. To improve diversity and provide better context for evaluations it is necessary to employ synthesized traffic and rules in addition to the use of public or private traffic and rule-sets. This research expands on previous models and tools to provide systematic means for increasing the diversity and context of any evaluation providing for a broader perspective from which to view NIDS performance and compare results.

Published
2015

7. REduce: Removing Redundancy from Regular Expression Matching in Network Security

Author

Sung-il Oh, Victor C. Valgenti, In-Bok Lee, and Min Sik Kim

Subjects
Prefix, TheoryofComputation_COMPUTATIONBYABSTRACTDEVICES, Finite-state machine, Theoretical computer science, Computer science, Network security, business.industry, Redundancy (engineering), Binary number, Regular expression, business, Automaton
Abstract

Regular expressions have become a fixture in network security systems such as Network Intrusion Detection, Spam email filtering, and Antivirus. Unfortunately, regular expressions require considerably more resources in matching over fixed binary or character strings. Much research has focused on improving matching architectures or hardware support to create more efficient regular expression matching. This research, however, investigated whether or not the regular expression set itself contained any lever that might make for creating more efficient automata prior to moving such automata to any specific matching architecture or hardware. We found that typical Non-deterministic Finite Automata (NFA) construction methodologies create redundant paths in the NFA when used with the complex rule-sets employed in network security. This stems directly from the fact that creating optimized NFA is a hard problem. As such, we created REduce, a tool that uses shared prefixes among regular expressions as a heuristic to eliminate redundant paths among shared prefixes within constructed NFA. The end result is smaller matching automata (between 4-50% depending on the rule-set) and a 4-900% improvement in throughput due to reductions in active state. More importantly, REduce only targets NFA construction, thus the generated NFA can be converted to any specific matching architecture or hardware for cumulative improvement.

Published
2015

8. OpenFlow Accelerator: A Decomposition-Based Hashing Approach for Flow Processing

Author

Yan Sun, Hai Sun, Min Sik Kim, and Victor C. Valgenti

Subjects
OpenFlow, Theoretical computer science, Computer engineering, Computer science, Hash function, Scalability, Table (database), Longest prefix match, Field (computer science), Networking hardware, Hash table
Abstract

To support scalable, flexible software-defined networking, OpenFlow is designed to provide granular traffic control across multiple vendor's network devices for efficient flow processing. Decision-tree packet classification algorithms do not scale to the number of flow table fields while decomposition algorithms such as RFC fail to provide necessary incremental update and determinism. Since searching in a single field is well studied, e.g. Longest Prefix Match (LPM) for prefix fields, we propose a decomposition approach which performs individual search on each flow table field, aggregates these results and conducts a query in a single hash table. Our approach scales well to the number of fields and allows incremental update. Meanwhile deterministic query is enabled for high-speed search. As far as we know our proposal is the first efficient decomposition approach to address multidimensional match in an OpenFlow flow table with an arbitrary number of fields as well as any match type. Theoretical analysis and experiments using synthetic classifiers justify the performance improvement.

Published
2015

9. A highly deterministic hashing scheme using bitmap filter for high speed networking

Author

Min Sik Kim, Yan Sun, Victor C. Valgenti, and Hai Sun

Subjects
Open addressing, Primary clustering, Theoretical computer science, Universal hashing, Computer science, Dynamic perfect hashing, Hash function, Linear hashing, Algorithm, Double hashing, Hash table
Abstract

In modern network devices the query performance for a hashing method degrades sharply due to non-determinism incurred by hash collision. Although previous collision resolution mechanisms have made remarkable progress, there is still much room to improve deterministic performance by resolving hash collisions more effectively. Further, the use of probabilistic, on-chip, summaries such as Bloom filters in these solutions causes a large number of off-chip memory accesses when under heavy network traffic. Even worse, these solutions use separate hash computation for filter queries and hash queries, doubling the computational overhead for hash access. We propose two novel collision resolution mechanisms, Double Out hashing and Bidirectional Hop hashing and establish a multiple-segment hash construction to facilitate deterministic query. Collision is restricted to only one segment and the length of a probe sequence in each segment is minimized to 1. In addition an important category of false positive is reduced to 0 due to exact bitmap filters. The use of a unique set of hash functions for filters and hash tables avoids unnecessary computation.

Published
2015

10. A hierarchical hashing scheme to accelerate longest prefix matching

Author

Yan Sun, Hai Sun, Min Sik Kim, and Victor C. Valgenti

Subjects
Theoretical computer science, Computer science, Routing table, Hash function, Parallel computing, computer.file_format, Prefix, Tree (data structure), Memory management, Bitmap, Algorithm design, Longest prefix match, Routing (electronic design automation), computer
Abstract

Longest Prefix Matching in IP Address lookup remains a bottleneck for high-speed routers where large volumes of traffic at multi-gigabyte link speeds require extremely fast lookup time. By taking advantage of bitmap and hashing techniques effectively used in Tree Bitmap algorithm and Binary hash searching on prefix length algorithm we propose a hierarchical hashing scheme based on observations about prefix length distribution in real routing tables. Theoretical analysis and experiments using real routing tables show that our scheme significantly improve IP lookup efficiency by remarkably reducing the number of memory access, consuming less memory and enabling fast update.

Published
2014

12. Efficient memory layout for packet classification system on multi-core architecture

Author

Min Sik Kim and Shariful Hasan Shaikot

Subjects
Hardware_MEMORYSTRUCTURES, Speedup, Memory hierarchy, business.industry, Computer science, Cache coloring, Network packet, Quality of service, Translation lookaside buffer, Cache-only memory architecture, Uniform memory access, Parallel computing, Cache pollution, Memory map, CAS latency, Networking hardware, Non-uniform memory access, Memory management, Shared memory, Interleaved memory, Cache, business, Computer network
Abstract

Packet classification is primarily used by network devices, such as routers and firewalls, to do additional processing such as packet filtering, and Quality-of-Service (QoS) for a specific subset of network packets. In decision tree based packet classification system, packets are classified by searching in the tree data structure. Tree search presents significant challenges because it requires a number of unpredictable and irregular memory accesses. Since packet classification is per-packet operation and memory latency (caused by cache and TLB misses) is considerably high, any technique that can reduce cache and TLB misses can be useful in practice for improving lookup time in packet classification. In this paper, we present an efficient memory layout for the tree data structure which ensures the movement of data optimally among the different levels of the memory hierarchy on general purpose processors. In particular, for a given node size, the number of accessed cache lines (and memory pages) is minimized by our proposed memory layout resulting in less number of cache and TLB misses. This reduction directly contributes in improving the look up performance. The decision tree laid out in the proposed layout can also exploit the strong computing power of multi-core architecture by leveraging data- and thread-level parallelism. Experimental results on two different state-of-the-art processors show that significant performance improvements (40–55% faster) and near-linear speedup (3.8× on quad cores) on multi-core architecture is achievable by applying our proposed memory layout for the packet classification tree data structure.

Published
2012

13. Fast filtering for intrusion detection systems with the shift-or algorithm

Author

Sung-il Oh, Min Sik Kim, and In-Bok Lee

Subjects
Host-based intrusion detection system, Set (abstract data type), Network security, business.industry, Computer science, False positive paradox, Intrusion detection system, Pattern matching, String searching algorithm, business, Algorithm, Automaton
Abstract

Intrusion Detection Systems (IDS) play an important role in network security. The main challenge is how to find occurrences of patterns defined in the rule set which describe the signature of malicious activities. In this paper, we propose an efficient exact pattern matching algorithm based on the bit-parallel approach. Experimental results show that our algorithm outperforms the traditional Aho-Corasick automaton at the cost of a small number of false positives.

Published
2012

14. Real-time Netshuffle: Graph distortion for on-line anonymization

Author

Min Sik Kim, Ruma R. Paul, and Victor C. Valgenti

Subjects
Information privacy, Theoretical computer science, Computer science, Network security, business.industry, Data_MISCELLANEOUS, Complete graph, Inference, Graph theory, Intrusion detection system, computer.software_genre, Graph (abstract data type), Data mining, business, computer
Abstract

Due the significant need for real-time anonymization we propose Real-time Netshuffle [1]; a complete graph distortion technique designed to mitigate risk to inference attacks in traffic anonymization. Real-time Netshuffle provides an additional layer of security, in concert with other on-line traffic anonymization techniques, while imposing only minimal damage to the empirical value of the data.

Published
2011

15. NFA-Based Pattern Matching for Deep Packet Inspection

Author

Min Sik Kim, Yan Sun, and Victor C. Valgenti

Subjects
Network security, business.industry, Computer science, Network packet, Real-time computing, Payload (computing), Deep packet inspection, Intrusion detection system, computer.software_genre, Deterministic finite automaton, Header, Deep content inspection, Pattern matching, Data mining, business, computer, Processing delay
Abstract

Many network security applications in today's networks a0re based on deep packet inspection, checking not only the header portion but also the payload portion of a packet. For example, traffic monitoring, layer-7 filtering, and network intrusion detection all require an accurate analysis of packet content in search for predefined patterns to identify specific classes of applications, viruses, attack signatures, etc. Pattern matching is a major task in deep packet inspection. The two most common implementations of Pattern matching are based on Non-deterministic Finite Automata (NFAs) and Deterministic Finite Automata (DFAs), which take the payload of a packet as an input string. In this paper, we propose an efficient NFA-based pattern matching in Binary Content Addressable Memory(BCAM), which uses data search words consisting of 1s and 0s. Our approach can process multiple characters at a time using limited BCAM entries, which makes our approach scalable well. We evaluate our algorithm using patterns provided by Snort, a popular open-source intrusion detection system. The simulation results show that our approach outperforms existing CAM-based and software-based approaches.

Published
2011

16. Fine-Grained DDoS Detection Scheme Based on Bidirectional Count Sketch

Author

Yan Sun, Haiqin Liu, and Min Sik Kim

Subjects
Scheme (programming language), business.industry, Computer science, Real-time computing, Denial-of-service attack, Internet traffic, Sketch, Feature (computer vision), Server, Intrusion prevention system, business, computer, computer.programming_language, Computer network
Abstract

Over the past decade, various intrusion detection and prevention systems have been proposed to detect DDoS attacks and mitigate the caused damage. However, many existing IDS systems still keep per-flow state to detect anomaly, and thus do not scale with link speeds in multi-gigabit networks. In this paper, we present a two-level approach for scalable and accurate DDoS attack detection by exploiting the asymmetry in the attack traffic. In the coarse level, we use a modified count-min sketch (MCS) for fast detection, and in the fine level, we propose a bidirectional count sketch (BCS) to achieve better accuracy. At both detection levels, sketch structures are utilized to ensure the scalability of our scheme. The main advantage of our approach is that it can track the victims of attacks without recording every IPaddress found in the traffic. Our scheme can save over 90% key storage. Such feature is significant for the detection in the highspeed environment. Experimental results using the real Internet traffic show that our approach is able to quickly detect anomaly events and track those victims with a high level of accuracy.

Published
2011

17. DFA-Based Regular Expression Matching on Compressed Traffic

Author

Min Sik Kim and Yan Sun

Subjects
Network security, business.industry, Computer science, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Real-time computing, Deep packet inspection, Intrusion detection system, Deterministic finite automaton, Header, Regular expression, Pattern matching, Nondeterministic finite automaton, business
Abstract

Many network security applications in today's networks are based on deep packet inspection, checking not only the header portion but also the payload portion of a packet. For example, traffic monitoring, layer-7 filtering, and network intrusion detection all require an accurate analysis of packet content in search for predefined patterns to identify specific classes of applications, viruses, attack signatures, etc. Regular expressions are often used to represent such patterns. They are implemented using finite automata, which take the payload of a packet as an input string. However, existing approaches, both non-deterministic finite automata (NFA) and deterministic finite automata (DFA), do not deal with compressed traffic, which becomes more and more popular in HTTP applications. In this paper, we propose an efficient algorithm for regular expression matching to implement deep packet inspection on compressed traffic. Based on the observations of DFA, we design a scheme to skip most of the matching process in the compressed parts of traffic. To the best of our knowledge, this is the first effort to design an efficient regular expression matching on compressed traffic. We evaluate our algorithm using rule sets provided by Snort, a popular open-source intrusion detection system. The evaluation results show that our approach can reduce the number of state access in the DFA significantly.

Published
2011

18. A High-Performance 8-Tap FIR Filter Using Logarithmic Number System

Author

Min Sik Kim and Yan Sun

Subjects
Adder, Finite impulse response, business.industry, Computer science, Pipeline (computing), Logarithmic number system, CMOS, Filter (video), Electronic engineering, Multiplication, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Computer hardware, Root-raised-cosine filter
Abstract

This paper presents an approach for implementing a 8-tap high-performance digital FIR (Finite Impulse Response) filter using Logarithmic Number System(LNS). In the past, FIR filters were implemented by conventional number system; therefore, the speed was limited due to the multiply accumulate operations. We realize a fast FIR filter by utilizing the Logarithmic Number System, which allows simple implementation of multiplication using a fixed-point adder. And the serious demerit of Logarithmic Number System's algorithm, conversions to and from the conventional number representations is effectively overcome by utilizing our pipeline architecture, so the delay and complexity of the filter is reduced. The critical path was reduced from a multiply-accumulate operation to an adder operation, and our FIR filter can operate at 1.3G Hz under the condition of 1.2 V power supply using SMIC 0.13um CMOS technology, and requires approximate 27 percent lesser area than the original FIR filter.

Published
2011

19. Netshuffle: Improving Traffic Trace Anonymization through Graph Distortion

Author

Victor C. Valgenti, Ruma R. Paul, and Min Sik Kim

Subjects
business.industry, Computer science, Network security, Data_MISCELLANEOUS, Computer security, computer.software_genre, Graph, Information sensitivity, Known-plaintext attack, Traffic trace, Graph (abstract data type), business, computer, Computer network
Abstract

Traffic traces provide valuable data to researchers and organizations alike. However, organizations that provide this information do not wish to expose the internal workings of their networks to potential attack. Traffic trace anonymization attempts to mitigate this concern by hiding sensitive information while preserving most of the empirical value of the trace. Unfortunately, many attacks such as statistical fingerprinting, known-plaintext, and port evaluation can serve to identify communications within a trace which can lead an attacker to the real-world identities of anonymized devices. The inherent graph structure embedded in network traffic stands as a primary lever in achieving such de-anonymization. We propose Netshuffle, a method that distorts the graph structure in the anonymized trace such that an attacker cannot rely on the edges (communications) to identify a particular end-node (device). In essence, we shuffle the edges of the graph like a deck of cards so that even if an attacker can identify an edge, that edge does not necessarily connect to the intended target. Thus, inferences based on features of communications will either lead an attacker astray, or force the attacker to guess as to the identity of the targeted node from several indistinguishable candidates. Netshuffle provides a complimentary vector of protection to current anonymization techniques at limited cost in data utility.

Published
2011

20. Provider-level content migration strategies in P2P-based media distribution networks

Author

Haiqin Liu, Yan Sun, and Min Sik Kim

Subjects
Computer science, Heuristic (computer science), Node (networking), Server, Distributed computing, Key (cryptography), Resource management, Cache, Data migration
Abstract

In a P2P-based media distribution network (PMDN), content migration is one of the key problems that affect the overall performance of a system. In the system hierarchy, the content migration problem consists of two levels of migration: provider-level migration and user-level migration. In this paper, we focus on the former, provider-level migration, where the goal is to reduce data migration cost while enhancing the local cache hit ratio of media contents. Since this is an NP-complete problem, we propose two types of heuristic migration strategies: object-benefit-based migration (OBM) and peer-benefit-based migration (PBM). The former maximizes the local benefits in allocating a data object to a certain node, while the latter maximizes the benefit of each peer. Experimental results show the effectiveness of both algorithms, which significantly outperform random and round-robin migration schemes.

Published
2011

21. Using TCAM efficiently for IP route lookup

Author

Yan Sun, Min Sik Kim, and Haiqin Liu

Subjects
Prefix, business.industry, Computer science, Routing table, Parallel computing, Longest prefix match, Content-addressable memory, Routing (electronic design automation), business, Computer network
Abstract

Ternary Content Addressable Memories (CAMs) are widely used by high-speed routers to find matching routes in a routing table, because they enable the longest prefix matching operation to complete in a single clock cycle. However, they are costly and their power consumption is very high and some solutions have been proposed. But some issues have not been well studied: first, the memory accesses often take down the high speed of TCAMs; second, the prefixes must be sorted in prefix length decreasing order, which makes the update of routing table very slow. Third, even though the TCAMs are pretty fast, they can only process one match at one time, which make them unscalable. In this paper, we first discuss these problems and propose an efficient algorithm to solve these problems.

Published
2011

22. A Hybrid Approach to CAM-Based Longest Prefix Matching for IP Route Lookup

Author

Min Sik Kim and Yan Sun

Subjects
Shared memory, business.industry, Computer science, Routing table, Hardware_INTEGRATEDCIRCUITS, Redundancy (engineering), Longest prefix match, Parallel computing, Routing (electronic design automation), IP forwarding algorithm, business, Critical path method, Computer network
Abstract

Ternary Content Addressable Memories (CAMs) are widely used by high-speed routers to find matching routes in a routing table, because they enable the longest prefix matching operation to complete in a single clock cycle. However, they are costly and their power consumption is very high. In this paper, we identify two kinds of redundancy in the usage of TCAMs in IP route lookup, and then propose a hybrid scheme which combines Binary CAMs and Ternary CAMs to reduce the total area and power consumption, exploiting the uneven distribution of IP prefix lengths in real-world IP routing tables. We also introduce shared memory blocks for further simplification of the lookup circuit. The simulation results show that our approach can save morethan 50% of transistors in CAMs, compared with the traditional way in storing a set of real-world routing tables, and that it reduces the critical path in IP route lookup significantly.

Published
2010

23. Hybrid Regular Expression Matching for Deep Packet Inspection on Multi-Core Architecture

Author

Haiqin Liu, Victor C. Valgenti, Yan Sun, and Min Sik Kim

Subjects
TheoryofComputation_COMPUTATIONBYABSTRACTDEVICES, Finite-state machine, Network packet, Network security, business.industry, Computer science, Distributed computing, Deep packet inspection, Intrusion detection system, Load balancing (computing), Deterministic finite automaton, Header, Regular expression, Nondeterministic finite automaton, business
Abstract

Many network security applications in today's net- works are based on deep packet inspection, checking not only the header portion but also the payload portion of a packet. For example, traffic monitoring, layer-7 filtering, and network intrusion detection all require an accurate analysis of packet content in search for predefined patterns to identify specific classes of applications, viruses, attack signatures, etc. Regular expressions are often used to represent such patterns. They are implemented using finite automata, which take the payload of a packet as an input string. However, existing approaches, both non-deterministic finite automata (NFA) and deterministic finite automata (DFA), have limitations; NFAs have excessive time complexity while DFAs have excessive space complexity. In this paper, we propose an efficient algorithm for regular expression matching to implement deep packet inspection on multi-core architecture. A regular expression is split into NFA- friendly components and DFA-friendly components, which are then assigned to different cores. This hybrid method combines the merits of NFA and DFA implementations, and efficiently takes advantage of multi-core architecture. We evaluate our algorithm using rule sets provided by Snort, a popular open- source intrusion detection system. The simulation results show that our approach outperforms existing NFA/DFA and hybrid approaches. Furthermore, our algorithm performs well on the important issues on multi-core architecture design, such as load balancing, data locality and communication between cores. I. INTRODUCTION

Published
2010

24. Lightweight Traffic-Aware Packet Classification for Continuous Operation

Author

Min Sik Kim and Shariful Hasan Shaikot

Subjects
Link state packet, Computer science, Network packet, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Real-time computing, End-to-end delay, Packet generator, Packet segmentation, Packet analyzer, Fast packet switching, business, Processing delay, Computer network
Abstract

Packet classification is primarily used by network devices, such as routers and firewalls, to do additional processing for a specific subset of packets. Such additional processing includes packet filtering, quality of service (QoS), and differentiated services (DiffServ). Most of the existing packet classification algorithms reported in the literature exploits the characteristics of filtering or classifier rules in optimizing their techniques. However, the seminal observation made by Gupta and McKeown [1], [2] that a given packet matches only few rules in the classifier shows promise to another direction that packet classifier’s average performance can be improved by exploiting the locality in the incoming traffic pattern. In this paper, we undertook the investigation of finding the feasibility of exploiting the locality in traffic to improve packet classifier’s average performance. Our lightweight traffic-aware packet classifier reorganizes its internal data structure (rule tree) based on the traffic pattern to reduce the search time for the most frequently visited rules in the rule-set. Unlike existing traffic-adaptive packet classifier requiring a separate, offline reorganization phase, our approach performs reorganization online with little overhead, resulting in higher throughput without compromising the accuracy. Experimental results on our test bed show that our traffic-adaptive packet classifier incurs small number of memory accesses (i.e. less time per packet) in order to classify the packet.

Published
2010

25. Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition

Author

Haiqin Liu and Min Sik Kim

Subjects
business.industry, Computer science, Application layer DDoS attack, False positive paradox, Robust random early detection, Denial-of-service attack, Intrusion detection system, Data mining, business, computer.software_genre, computer, Decomposition of time series, Computer network
Abstract

Recently, many new types of distributed denial of service (DDoS) attacks have emerged, posing a great challenge to intrusion detection systems. In this paper, we introduce a new type of DDoS attacks called stealthy DDoS attacks, which can be launched by sophisticated attackers. Such attacks are different from traditional DDoS attacks in that they cannot be detected by previous detection methods effectively. In response to this type of DDoS attacks, we propose a detection approach based on time-series decomposition, which divides the original time series into trend and random components. It then applies a double autocorrelation technique and an improved cumulative sum technique to the trend and random components, respectively, to detect anomalies in both components. By separately examining each component and synthetically evaluating the overall results, the proposed approach can greatly reduce not only false positives and negatives but also detection latency. In addition, to make our method more generally applicable, we apply an adaptive sliding-window to our real-time algorithm. We evaluate the performance of the proposed approach using real Internet traces, demonstrating its effectiveness.

Published
2010

26. A Table-Based Algorithm for Pipelined CRC Calculation

Author

Min Sik Kim and Yan Sun

Subjects
CMOS, Polynomial code, Computer science, Computation, Pipeline (computing), Cyclic redundancy check, Lookup table, Parallel computing, Algorithm, Multiplexing
Abstract

In this paper, we present a fast cyclic redundancy check (CRC) algorithm that performs CRC computation for any length of message in parallel. For a given message with any length, the algorithm first chunks the message into blocks, each of which has a fixed size equal to the degree of the generator polynomial. Then it performs CRC computation using only lookup tables among the chunked blocks in parallel and the results are combined together by XOR operations. It was feedback in the traditional implementation that makes pipelining problematic. In the proposed algorithm, we solve this problem and implement a pipelined calculation of 32-bit CRC in SMIC 0.13μm CMOS technology. Our algorithm allows calculation over data that is not the full width of the input. Furthermore, the pipeline latency is very short in our algorithm, and this method allows easy scaling of the parallelism while only slightly affecting timing. The simulation results show that our proposed pipelined CRC is more efficient than the current CRC implementations.

Published
2010

27. Energy-Efficient Routing Protocol in Event-Driven Wireless Sensor Networks

Author

Min Sik Kim, Yan Sun, and Haiqin Liu

Subjects
Routing protocol, business.industry, computer.internet_protocol, Computer science, Network packet, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Real-time computing, Key distribution in wireless sensor networks, Sensor node, Mobile wireless sensor network, Wireless Application Protocol, business, computer, Wireless sensor network, Computer network, Efficient energy use
Abstract

Routing is critical in wireless sensor networks (WSNs). It has been widely studied in recent years and many new protocols have been proposed. In this paper, based on observations on event-driven wireless sensor networks, we propose algorithms to reduce power consumption and improve data quality in wireless sensor networks. In our algorithms, sensor nodes reduce the sampling frequency and number of hops when there is no event, and the positive feed-back scheme wakes up sensor nodes quickly to capture an event. Our algorithms add information in packets and use negative-ACK packets instead of ACK packets to reduce bandwidth consumption.

Published
2010

28. A Pipelined CRC Calculation Using Lookup Tables

Author

Min Sik Kim and Yan Sun

Subjects
Polynomial code, CMOS, Degree (graph theory), Computer science, Pipeline (computing), Computation, Cyclic redundancy check, ComputingMethodologies_SYMBOLICANDALGEBRAICMANIPULATION, Lookup table, Data_CODINGANDINFORMATIONTHEORY, Parallel computing, Longitudinal redundancy check
Abstract

We present a fast cyclic redundancy check (CRC) algorithm that performs CRC computation for any length of message in parallel. Traditional CRC implementations have feedbacks, which make pipelining problematic. In the proposed approach, we eliminate feedbacks and implement a pipelined calculation of 32-bit CRC in the SMIC 0.13µm CMOS technology. For a given message, the algorithm first chunks the message into blocks, each of which has a fixed size equal to the degree of the generator polynomial. Then it computes CRC for the chunked blocks in parallel using lookup tables, and the results are combined together by performing XOR operations. The simulation results show that our proposed pipelined CRC is more efficient than existing CRC implementations.

Published
2010

29. npf-a simple, traffic-adaptive packet classifier using on-line reorganization of rule trees

Author

Shariful Hasan Shaikot and Min Sik Kim

Subjects
Network administrator, Computer science, Network packet, business.industry, Network security, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Deep packet inspection, Throughput, Packet generator, Intrusion detection system, Packet switch, Differentiated services, Packet analyzer, Fast packet switching, business, Processing delay, Computer network
Abstract

Packet classification is one of the crucial components of application such as firewalls, intrusion detection, and differentiated services. For example, an intrusion detection system (IDS) classifies packets either as benign or malicious and alerts the network administrator when hostile traffic is detected. Since existing IDS spend the majority of CPU time in packet classification, an IDS fails to detect malicious packets under high load. Many ideas have been proposed to make the packet inspection faster so that an IDS spends less time in packet classification. However, because of the increasing number of security threats and vulnerabilities, the number of rules often exceeds thousands, requiring more than hundreds of megabytes of memory. As a result, an IDS spends longer time to classify packets since each packet incurs many memory accesses, and thus the throughput of an IDS is limited by memory bandwidth. The problem can be mitigated by exploiting locality in traffic patterns. In this paper, we propose npf, a fast and traffic-adaptive packet classifier which dynamically reorganizes the internal data structure based on the traffic pattern. Unlike existing approaches requiring a separate, off-line reorganization phase, npf performs reorganization on-line with little overhead, resulting in higher throughput without compromising accuracy. Experimental results on our test bed show that npf outperforms a traditional packet classifier by spending an order of magnitude less time per packet in order to classify the packet.

Published
2009

30. Machine Learning Algorithm Selection for Forecasting Behavior of Global Institutional Investors

Author

Tae Yoon Kim, Min Sik Kim, Jae Joon Ahn, Sukjun Lee, Kyong Joo Oh, and Hyoung Yong Lee

Subjects
Computer science, business.industry, Institutional investor, Early warning system, Stock market, Artificial intelligence, Machine learning, computer.software_genre, business, computer, Classifier (UML), Algorithm Selection
Abstract

Recently Son et al. [32] proposed early warning system (EWS) monitoring the behaviors of global institutional investors (GII) against their possible massive pullout from the local emerging stock market. They used machine learning algorithm for lag l classifier to forecast the behavior of GII. The main aim of this article is to implement various machine learning algorithms in constructing the EWS and to compare their performances to select the proper one. Our results address various important issues for machine learning forecasting problem. In particular, a proper machine learning algorithm will be recommended for both long term and short term forecasting. This is empirically studied for the Korean stock market.

Published
2009

31. Rule Hashing for Efficient Packet Classification in Network Intrusion Detection

Author

Min Sik Kim, A. Yoshioka, and Shariful Hasan Shaikot

Subjects
Theoretical computer science, Memory management, Network packet, Computer science, business.industry, Hash function, Graph (abstract data type), Intrusion detection system, Cache, business, Computer network
Abstract

A rule-based intrusion detection system compares the incoming packets against rule set in order to detect intrusion. Unfortunately, it spends the majority of CPU time in packet classification to search for rules that match each packet. A common approach is to build a graph such as rule trees or finite automata for a given rule set, and traverse it using a packet as an input string. Because of the increasing number of security threats and vulnerabilities, the number of rules often exceeds thousands requiring more than hundreds of megabytes of memory. Exploring such a huge graph becomes a major bottleneck in high-speed networks since each packet incurs many memory accesses with little locality. In this paper, we propose rule hashing for fast packet classification in intrusion detection systems. The rule hashing, combined with hierarchical rule trees, saves memory and reduce the number of memory accesses by allowing the whole working set to be accommodated in a cache in most of the time, and thus improves response times in finding matching rules. We implement our algorithm in Snort, a popular open-source intrusion detection system. Experimental results show that our implementation is faster than original Snort to deal with the same real packet traces while consuming an order of magnitude less memory.

Published
2008

32. Bandwidth-adaptive Clustering for Mobile Ad Hoc Networks

Author

Yong Wang and Min Sik Kim

Subjects
Vehicular ad hoc network, Bandwidth allocation, Adaptive quality of service multi-hop routing, Optimized Link State Routing Protocol, Wireless ad hoc network, business.industry, Computer science, Distributed computing, Mobile ad hoc network, Ad hoc wireless distribution service, business, Cluster analysis, Computer network
Abstract

In this paper, we propose a new clustering approach, bandwidth-adaptive clustering (BAC), for MANETs. BAC forms and maintains clusters using only local topology information. To adapt to network conditions and reduce the message overhead, BAC makes members forward the maintenance messages probabilistically based on available bandwidth. The multi-hop nature and Merge operation of BAC reduce the changes in case of mobility and achieve fewer consistent clusters. By bounding cluster size and the number of hops between members and clusterheads, BAC achieves more control on the number of formed clusters and the compactness of clusters. Simulation results demonstrate BAC's better performance on construction and maintenance of clusters in case of mobility, adaptiveness to network conditions, and effectiveness in reducing message overhead with nearly no performance degradation.

Published
2007

33. Traffic-aware packet matching for intrusion detection systems

Author

Min Sik Kim and Atsushi Yoshioka

Subjects
Host-based intrusion detection system, Matching (statistics), Network packet, business.industry, Computer science, Anomaly-based intrusion detection system, Real-time computing, CPU time, Pattern matching, Intrusion detection system, business, Airfield traffic pattern, Computer network
Abstract

Intrusion detection systems spend the majority of CPU time on matching packets against rules. Hence, fast identification of matches is crucial. Previous approaches may result in poor performance under certain traffic conditions because they either do not respond to traffic pattern or require setup time to organize rules whenever traffic pattern changes. We propose a two-stage packet matching to reduce matching time with little overhead. The first stage applies a small number of most-frequently matched rules. Only a fraction of packets are passed to the second stage, experiencing longer processing time. Rules in the first stage are constantly updated as their frequencies change.

Published
2007

34. Scalable Clustering of Internet Paths by Shared Congestion

Author

Yong-June Shin, T. Kim, Min Sik Kim, Edward J. Powers, and Simon S. Lam

Subjects
Wavelet, Theoretical computer science, Computer science, Dimensionality reduction, Wavelet transform, Overhead (computing), Cluster analysis, Time complexity, Bottleneck, Curse of dimensionality
Abstract

Internet paths sharing the same bottleneck can be identified using several shared congestion detection techniques. However, all of these techniques have been designed to detect shared congestion between a pair of paths. To cluster N paths by shared congestion, a straightforward approach of using pairwise tests would require O(N) time complexity. In this paper, we present a scalable approach to cluster Internet paths based on DCW (Delay Correlation with Wavelet denoising) which does not require a common end point between paths. We present a function to map each path’s measurement data into a point in a multidimensional space such that points are close to each other if and only if the corresponding paths share congestion. Because points in the space are indexed using a tree-like structure, the computational complexity of clustering N paths can be reduced to O(N log N). The indexing overhead can be further improved by reducing dimensionality of the space through wavelet transform. Computation cost is kept low by reusing for dimensionality reduction the same wavelet coefficients obtained in DCW. Our approach is evaluated by simulations and found to be effective for a large N . The tradeoff between dimensionality and clustering accuracy is shown empirically.

Published
2006

35. Application of wavelet denoising to the detection of shared congestion in overlay multimedia networks

Author

Min Sik Kim, Taekhyun Kim, Edward J. Powers, Yong-June Shin, and Simon S. Lam

Subjects
Queueing theory, Offset (computer science), Multimedia, Network packet, Computer science, Real-time computing, Wavelet transform, Overlay network, Overlay, computer.software_genre, Synchronization, Computer Science::Networking and Internet Architecture, Unicast, computer
Abstract

The overlay network approach is an emerging technique to satisfy the strict requirements for various real-time multimedia services. However, overlay networks suffer from a shared congestion problem since each unicast flow may interfere with each other in the common underlying links. Most previous techniques to detect shared congestion have limitations when applied as a general solution, since they assume perfect synchronization between probing packets. However, our recent work shows that a technique based on wavelet denoising can overcome the limitations by mitigating the interfering effects such as synchronization offset and the random fluctuations of queueing delay; the proposed technique provides a more robust and accurate detection in the presence of a large amount of synchronization offset In this paper, wavelet denoising is tailored to the characteristics of queueing delay on packet networks. The wavelet denoising based technique is verified through extensive simulations. The efficacy of the proposed approach is demonstrated by the detection accuracy and convergence speed.

Published
2005

36. Optimal distribution tree for internet streaming media

Author

Simon S. Lam, Min Sik Kim, and Dong-Young Lee

Subjects
Protocol Independent Multicast, Multicast, Computer science, business.industry, computer.internet_protocol, Node (networking), Distributed computing, Throughput, Application layer, Tree (data structure), Bandwidth allocation, Distributed algorithm, Convergence (routing), IP multicast, Xcast, business, computer, Network model, Computer network
Abstract

Internet radio and television stations require significant bandwidth to support delivery of high quality audio and video streams to a large number of receivers. IP multicast is an appropriate delivery model for these applications. However, widespread deployment of IP multicast on the Internet is unlikely in the near future. An alternative is to build a multicast tree in the application layer Previous studies have addressed tree construction in the application layer However most of them focus on reducing delay. Few systems have been designed to achieve a high throughput for bandwidth-intensive applications. In this paper we present a distributed algorithm to build an application-layer tree. We prove that our algorithm finds a tree such that the average incoming rate of receivers in the tree is maximized (under certain network model assumptions). We also describe protocols that implement the algorithm. For implementation on the Internet, there is a tradeoff between the overhead of available bandwidth measurements and fast convergence to the optimal tree. This tradeoff can be controlled by tuning some parameters in our protocols. Our protocols are also designed to maintain a small number, O(log n), of soft states per node to adapt to network changes and node failures.

Published
2004

37. Efficient memory layout for packet classification system on multi-core architecture.

Author

Shaikot, Shariful Hasan and Min Sik Kim

Abstract

Packet classification is primarily used by network devices, such as routers and firewalls, to do additional processing such as packet filtering, and Quality-of-Service (QoS) for a specific subset of network packets. In decision tree based packet classification system, packets are classified by searching in the tree data structure. Tree search presents significant challenges because it requires a number of unpredictable and irregular memory accesses. Since packet classification is per-packet operation and memory latency (caused by cache and TLB misses) is considerably high, any technique that can reduce cache and TLB misses can be useful in practice for improving lookup time in packet classification. In this paper, we present an efficient memory layout for the tree data structure which ensures the movement of data optimally among the different levels of the memory hierarchy on general purpose processors. In particular, for a given node size, the number of accessed cache lines (and memory pages) is minimized by our proposed memory layout resulting in less number of cache and TLB misses. This reduction directly contributes in improving the look up performance. The decision tree laid out in the proposed layout can also exploit the strong computing power of multi-core architecture by leveraging data- and thread-level parallelism. Experimental results on two different state-of-the-art processors show that significant performance improvements (40–55% faster) and near-linear speedup (3.8× on quad cores) on multi-core architecture is achievable by applying our proposed memory layout for the packet classification tree data structure. [ABSTRACT FROM PUBLISHER]

Published
2012
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results