• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.1-13
• /
• 2022

As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

• The Journal of Korean society of community based occupational therapy
• /
• v.6 no.2
• /
• pp.31-38
• /
• 2016

Purpose : The purpose of this study was to know the relationship of stress and aggression of children with physical disability. The study also tried to search the factors affecting aggression and offer the information to the department of occupational therapy for intervention. Method : We distributed questionnaire to 105 children who have disability grades from hospitals in Gyeongsangbukdo, Gyeongsangnamdo, Daegu, and Busan and collected the data. We used descriptives for analysis of general characteristics, t-test and one-way ANOVA for stress and aggression according to characteristics, and Pearson correlation coefficient and stepwise regression for stress and aggression. Result : The first, stress score was 2.65, aggression was 2.53, and physical aggression was 3.01 that is the highest score in the items. The second, there was a significant difference of physical aggression(p=.021) in comparison of the grades. There was a significant difference of stress(p=.048), total aggression(p=.040), and physical aggression(p=.047) in comparison of gender. There was significant difference of stress(p=.035) and total aggression(p=.042) in satisfaction of school. The third, there was a significant correlation of total aggression(r=.475), physical aggression(r=.568), language aggression(r=.311), anger(r=.397), and hostility (r=.491) quantitatively in correlation of stress and aggression. The fourth, the factors affecting aggression of children with physical disability were stress, male, and satisfaction of school(F=61.187, p<.01). Conclusion : We knew that factors affecting aggression of children with physical disability were their stress and some of general characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.19-26
• /
• 2003

Recently, the number of internet service companies is increasing and so is the number of malicious attackers. Damage such as distrust about credit and instability of the service by these attacks may influence us fatally as it makes companies image failing down. One of the frequent and fatal attacks is DoS(Denial-of-Service). Because the attacker performs IP spoofing for hiding his location in DoS attack it is hard to get an exact location of the attacker from source IP address only. and even if the system recovers from the attack successfully, if attack origin has not been identified, we have to consider the possibility that there may be another attack again in near future by the same attacker. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Martins Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin we were able to decrease the number of needed packets to traceback the IP address.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.373-376
• /
• 2002

본 논문에서는 여러 가지 연산에 대해서 Hamming weight를 이용한 DPA 공격이 어떻게 가능하고, 그 결과는 어떠한가를 살펴본다. 각 연산에 대해서 먼저 1, 2차 DPA 공격이 어떻게 가능한지를 보인다. 각 연산 별로 얻어지는 결과들을 비교해 보고, 연산들이 DPA 공격에 대해 내부 정보를 얼마나 유출하며, 공격에 대해 안전한지를 알아본다.

• Nuclear industry
• /
• v.35 no.6
• /
• pp.56-58
• /
• 2015

원전에 대한 사이버 공격이 날로 늘어나고 있는 현 상황에서 원전업계가 스스로 이를 방어해 낼 수 있는 방법은 무엇인가? 한 조직이 혼자서 자기의 사이버 영역에 대한 공격에 대비할 수는 없다. 그런 식으로는 언제나 사이버 공격보다 한 발 늦을 뿐이다. 이 싸움은 일종의 군비 경쟁 같은 것이기 때문에 서로 간의 협력을 통해 우리를 위협하는 사이버 공격자들보다 유리한 고지를 선점하고 있어야 하는 것이다.

• Review of KIISC
• /
• v.30 no.1
• /
• pp.23-33
• /
• 2020

암호시스템에 대한 부채널분석 공격은 기기에 대한 훼손이 없이 비교적 저렴한 비용으로 적용이 가능한 반면에 공격결과는 보안에 매우 치명적일 수 있다. 따라서 암호시스템의 구현에 있어서 성능적인 측면과 함께 부채널분석 공격에 대한 안전성 역시 반드시 고려되어야 한다. 본 논문에서는 부채널분석 공격 대응기법 중에서 하드웨어 기반 마스킹 기법의 연구동향에 대해서 알아보고자 한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.55-62
• /
• 2018

The MTD-based approach changes various operating parameters dynamically so that the vulnerability of the system can be protected from the malicious attack. In this paper, random/serial scanning/jamming attack success probabilities have been mathematically analyzed and verified through simulation to improve the security of the wireless communication systems in which the MTD-SDR technologies are applied. As a result, for random scanning attacks, attack success probability increases as the change period of transmission channel increases, while for random jamming attacks there is no change. The attack success probability patterns for serial attacks are similar to those of random attacks, but when the change period of transmission channel approaches to the total number of transmission channels, the success probability of serial attack is getting greater than that of random attack, up to twice in jamming attacks and up to 36% in scanning attacks.

• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.45-54
• /
• 2007

As one of the most threatening attacks, DDoS attack makes distributed multiple agents consume some critical resources at the target within the short time, thus the extent and scope of damage is serious. Against the problems, the existing defenses focus on detection, traceback (identification), and filtering. Especially, in the hierarchical networks, the traffic congestion of a specific node could incur the normal traffic congestion of overall lower nodes, and also block the control traffic for notifying the attack detection and identifying the attack agents. In this paper, we introduce a DDoS attack tolerant network structure using a hierarchical overlay for hierarchical networks, which can convey the control traffic for defense such as the notification for attack detection and identification, and detour the normal traffic before getting rid of attack agents. Lastly, we analyze the overhead of overlay construction, the possibility of speedy detection notification, and the extent of normal traffic transmission in the attack case through simulation.