Abstract: According to an embodiment of the present disclosure, there is provided a method for providing a virtual private network service in ICN name-based networking. The method comprising: receiving an interest packet; checking whether or not the interest packet includes a forwarding hint; checking, when the interest packet includes the forwarding hint, whether or not the forwarding hint includes a specific keyword; generating, when the forwarding hint includes the specific keyword, a VRF ID by extracting a VRF name from a name of the interest packet; selecting an FIB by using the generated VRF ID; executing a lookup for the FIB by using an interest name extracted from the interest packet; determining an output port by using the lookup; and transmitting the interest packet to the output port.

Abstract: Disclosed herein a source routing apparatus and method in ICN. The method includes: receiving an interest packet; extracting a current entry value when the received interest packet includes a forwarding hint; using the extracted current entry value as an index of a path list; extracting a name of the interest packet; reducing the current entry value when the interest packet is transmitted to a network area of the path list; performing a FIB lookup with the extracted name; determining an output port using the FIB lookup; and transmitting the interest packet to the output port.

Abstract: Provided are a MapReduce apparatus and a MapReduce control apparatus and method. The MapReduce apparatus includes a map calculator configured to perform a map calculation, a combiner configured to aggregate and summarize map calculation results of the map calculator, a rack combiner configured to aggregate and summarize map calculation results of MapReduce apparatuses connected to the same rack switch according to a policy of a MapReduce control apparatus, and a reduce calculator configured to receive the aggregated and summarized results of the combiner or the rack combiner and perform a reduce calculation.

Abstract: Provided are a MapReduce apparatus and a MapReduce control apparatus and method. The MapReduce apparatus includes a map calculator configured to perform a map calculation, a combiner configured to aggregate and summarize map calculation results of the map calculator, a rack combiner configured to aggregate and summarize map calculation results of MapReduce apparatuses connected to the same rack switch according to a policy of a MapReduce control apparatus, and a reduce calculator configured to receive the aggregated and summarized results of the combiner or the rack combiner and perform a reduce calculation.

Abstract: A method of controlling congestion of network equipment that connects networks with each other, includes determining a type of congestion based on a location of the network equipment; and identifying a network connection section having a strong possibility of occurrence of congestion based on the type of congestion, and setting a critical congestion bandwidth that is used to determine the occurrence of congestion. Further, the method includes identifying users required for equal distribution of traffic upon occurrence of congestion based on the critical congestion bandwidth; and equally distributing traffic to the identified users based on the critical congestion bandwidth, and then dropping an excess of arriving traffic over the equally distributed traffic, thereby performing avoidance of the congestion.

Abstract: A method of controlling congestion of network equipment that connects networks with each other, includes determining a type of congestion based on a location of the network equipment; and identifying a network connection section having a strong possibility of occurrence of congestion based on the type of congestion, and setting a critical congestion bandwidth that is used to determine the occurrence of congestion. Further, the method includes identifying users required for equal distribution of traffic upon occurrence of congestion based on the critical congestion bandwidth; and equally distributing traffic to the identified users based on the critical congestion bandwidth, and then dropping an excess of arriving traffic over the equally distributed traffic, thereby performing avoidance of the congestion.

Abstract: Routing apparatus and method for detecting a server attack are disclosed. The routing apparatus includes: a reception unit configured to receive a packet transmitted in a network; a transmission unit configured to transmit the packet along a transmission path; a memory unit configured to store data and/or information required for an operation; and a controller configured to set the transmission path of the packet in the network and perform packet switching along the set transmission path, wherein the reception unit receives server state information from servers at every certain time, the memory unit stores the received server state information, and the controller calculates a change in the state of the servers based on the received server state information, and determines that a server is attacked when a change in the state of the server is greater than a certain threshold value.

Abstract: Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.

Abstract: A memory mapping apparatus for a multi-processing unit includes at least one memory matching unit configured to perform matching between a plurality of processing units and a plurality of memories, a memory controller configured to perform access control and arbitration for the respective memories, a memory mapping unit configured to include a window map for the respective processing units, make correspond the memories to the respective processing units with reference to the window map, and assign part of the entire address region of the corresponding memory, and a window map change unit configured to change a window map for a processing unit in which a request to use the memory has occurred in response to a request to use the memory from any one of the processing units.

Abstract: A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided. The Distributed Denial of Service (DDoS) attack detection and defense apparatus includes: a flow information collection unit to collect, from one or more input packets with an IP address of an attack target system as a destination IP address, flow information including source IP addresses of the input packets and packet counts of one or more flows that are classified for each of the source IP addresses and each of different protocol types; an inspection unit to calculate packets per second (PPS) values of the flows based on the packet counts; and a response unit to determine a DDoS attack response method for each of the flows based on the PPS value and the protocol type of a corresponding flow and to process the corresponding flow using the determined DDoS attack response method.

Abstract: A method and an apparatus for fairly allocating resources to network users are provided. The method for fair resource allocation to network users allows the resource allocation apparatus to collect flow information between a user terminal and a service server and aggregates the flow information based on at least one of a user terminal address, a service server address, a user terminal, a service server address, and a service. The allocation resource of the user is controlled to the predetermined recommended bandwidth by using the ratio of the aggregated flow information.

Abstract: The present disclosure relates to a system and a method for managing filtering information of attack traffic, and more particularly, to a system and a method for managing filtering information of attack traffic that may block attack traffic in a front end from which the attack traffic is transmitted by transmitting traffic filtering information, to a first autonomous system of the front end from which the attack traffic is transmitted, through a border gateway protocol (BGP) and by applying, to a relevant router, the transmitted traffic filtering information in the corresponding first autonomous system, when an edge router of a second autonomous system (AS) positioned in a rear end sets the traffic filtering information by detecting the attack traffic.

Abstract: A virtual network operating apparatus and method are provided. The virtual network operating method includes configuring, by a virtual network operating apparatus, a plurality of virtual networks identified by domain names, setting, by the virtual network operating apparatus, representative virtual routers representing each of the virtual networks for each virtual network, setting, by the virtual network operating apparatus, representative routing information including an IP address of each of the representative virtual routers in each virtual router included in the virtual networks, and transmitting, by each virtual router, a packet using the set representative routing information.

Abstract: Disclosed is a network bandwidth distribution device which includes an information collector which collects information associated with a connection environment; a controller which judges a state of a connection environment according to the collected information and collects information of each user to judge whether an occupied bandwidth of each user is exceeded; and a bandwidth allotter which limits an occupied bandwidth of each user based on the judged state of a connection environment and whether an occupied bandwidth of each user is exceeded.

Abstract: A packet forwarding apparatus forwards packets by hardware implementation in a packet switch system for an internet protocol service. In the packet forwarding apparatus, an interface transmits/receives a packet through interfacing with a data link layer. A bus operator converts the packet received from the interface by a pre-set logic. A header parser parses a header of the converted packet. A network search engine controller receives a parsed result and the packet from the header parser and controls a command for forwarding the packet by interworking with an external network search engine and a processor.

Abstract: Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.

Abstract: A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided.

Abstract: Routing apparatus and method for detecting a server attack are disclosed. The routing apparatus includes: a reception unit configured to receive a packet transmitted in a network; a transmission unit configured to transmit the packet along a transmission path; a memory unit configured to store data and/or information required for an operation; and a controller configured to set the transmission path of the packet in the network and perform packet switching along the set transmission path, wherein the reception unit receives server state information from servers at every certain time, the memory unit stores the received server state information, and the controller calculates a change in the state of the servers based on the received server state information, and determines that a server is attacked when a change in the state of the server is greater than a certain threshold value.

Abstract: A method and an apparatus for fairly allocating resources to network users are provided. The method for fair resource allocation to network users allows the resource allocation apparatus to collect flow information between a user terminal and a service server and aggregates the flow information based on at least one of a user terminal address, a service server address, a user terminal, a service server address, and a service. The allocation resource of the user is controlled to the predetermined recommended bandwidth by using the ratio of the aggregated flow information.

Abstract: Disclosed are a method and system for distributed denial of service (DDoS) attack detection and traffic mitigation using flow statistics. The method for DDoS attack detection and traffic mitigation using flow statistics includes: collecting first statistics for each flow based on flow information generated by traffic flow of a network connection device; and grouping the first statistics for each flow on a per-flow basis and processing the same into second statistics containing at least one of the number of bytes, the number of packets, and the number of flows per unit time.