• Journal of the Korea Society of Computer and Information
• /
• v.25 no.3
• /
• pp.65-72
• /
• 2020

With the development of information technology and the growth of the scale of system and network, cyber threats and crimes continue to increase. To cope with these threats, cybersecurity training based on actual attacks and defenses is required. However, cybersecurity training requires expert analysis and attack performance, which is inefficient in terms of cost and time. In this paper, we propose a cyber attack simulator that automatically executes attack techniques. This simulator generates attack scenarios by combining attack techniques modeled to be implemented and executes the attack by sequentially executing the derived scenarios. In order to verify the effectiveness of the proposed attack simulator, we experimented by setting an example attack goal and scenarios in a real environment. The attack simulator successfully performed five attack techniques to gain administrator privileges.

• Journal of Korea Multimedia Society
• /
• v.13 no.4
• /
• pp.594-600
• /
• 2010

Many studies are DDoS in Internet network, but the study is the fact that is not enough in a voice network. Therefore, we designed the extended TRW algorithm that was a DDoS attack traffic detection algorithm for the voice network which used an IP data network to solve upper problems in this article and evaluated it. The algorithm that is proposed in this paper analyzes TRW algorithm to detect existing DDoS attack in Internet network and, design connection and end connection to apply to a voice network, define probability function to count this. For inspect the algorithm, Set a threshold and using NS-2 Simulator. We measured detection rate by an attack traffic type and detection time by attack speed. At the result of evaluation 4.3 seconds for detection when transmitted INVITE attack packets per 0.1 seconds and 89.6% performance because detected 13,453 packet with attack at 15,000 time when transmitted attack packet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.335-344
• /
• 2016

It is known that power analysis is one of the most powerful attack in side channel analysis. Among power analysis single trace attack is widely studied recently since it uses one power consumption trace to recover secret key of public cryptosystem. Recently Sim et al. proposed new exponentiation algorithm for RSA cryptosystem with higher attack complexity to prevent single trace attack. In this paper we analyze the vulnerability of exponentiation algorithm described by Sim et al. Sim et al. applied message blinding and random exponentiation splitting method on $2^t-ary$ for higher attack complexity. However we can reveal private key using information exposed during pre-computation generation. Also we describe modified algorithm that provides higher attack complexity on collision attack. Proposed algorithm minimized the reuse of value that are used during exponentiation to provide security under single collision attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.11
• /
• pp.2199-2205
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• Convergence Security Journal
• /
• v.7 no.1
• /
• pp.63-75
• /
• 2007

Most of computer systems to be connected to network have been exposed to some network attacks and became to targets of system attack. System managers have established the IDS to prevent the system attacks over network. The previous IDS have decided intrusions detecting the requested connection packets more than critical values in order to detect attacks. This techniques have False Positive possibilities and have difficulties to detect the slow scan increasing the time between sending scan probes and the coordinated scan originating from multiple hosts. We propose the port scan detection rules detecting the RST/ACK flag packets to request some abnormal connections and design the data structures capturing some of packets. This proposed system is decreased a False Positive possibility and can detect the slow scan, because a few data can be maintained for long times. This system can also detect the coordinated scan effectively detecting the RST/ACK flag packets to be occurred the target system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.152-155
• /
• 2018

Over the past years, Link Flooding Attacks (LFAs) have been introduced as new network threats. LFAs are indirect DDoS attacks that selectively flood intermediate core links, while legacy DDoS attacks directly targets end points. Flooding bandwidth in the core links results in that a wide target area is affected by the attack. In the traditional network, mitigating LFAs is a challenge since an attacker can easily construct a link map that contains entire network topology via traceroute. Security researchers have proposed many solutions, however, they focused on reactive countermeasures that respond to LFAs when attacks occurred. We argue that this reactive approach is limited in that core links are already exposed to an attacker. In this paper, we present SDHoneyNet that prelocates vulnerable links by computing static and dynamic property on Software-defined Networks (SDN). SDHoneyNet deploys Honey Topology, which is obfuscated topology, on the nearby links. Using this approach, core links can be hidden from attacker's sight, which leads to effectively building proactive method for mitigating LFAs.

• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.17-27
• /
• 2017

Recently, as cyber attacks have been activated, many such attacks have come into contact with various media. Research on security engineering and reverse engineering is active, but there is a lack of research that integrates them and applies attack systems through cost effective attack engineering. In this paper, security - enhanced information systems are developed by security engineering and reverse engineering is used to identify vulnerabilities. Using this vulnerability, we compare and analyze lifecycle models that construct or remodel attack system through attack engineering, and specify structure and behavior of each system, and propose more effective modeling. In addition, we extend the existing models and tools to propose graphical attack specification models that specify attack methods and scenarios in terms of models such as functional, static, and dynamic.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39A no.11
• /
• pp.660-674
• /
• 2014

RFID system has been used in a variety of services. So, a lot of attacks like a free ride on the service, leakage of property or personal information are known. Therefore, the solutions that address these attacks have been proposed. Among the attacks, mafia fraud, a kind of relay attack, can not be addressed by common authentication protocol. So, Hancke and Kuhn used distance bounding protocol for RFID authentication. After that, Munilla and Peinado modified HK protocol by adding void challenge. So the mafia fraud success probability of adversary is lower than probability of HK protocol. Ahn et al. proposed a protocol that reduces number of a hash computation and traffic than MP protocol. Here, we show that MP protocol can not defend the terrorist fraud and is vulnerable to noise. And we show that also AYBN protocol is vulnerable to mafia fraud and key leakage. Moreover, we propose a new protocol and our experimental results show that our protocol is secure to terrorist and mafia fraud.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.306-309
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• Journal of KIISE
• /
• v.42 no.8
• /
• pp.1049-1056
• /
• 2015

Runtime Intrusion Prevention Evaluator (RIPE), published in 2011, is a benchmark suite for evaluating mitigation techniques against 850 attack patterns using only buffer overflow. Since RIPE is built as a single process, defense and attack routines cannot help sharing process states and address space layouts when RIPE is tested. As a result, attack routines can access the memory space for defense routines without restriction. We separate RIPE into two independent processes of defense and attacks so that mitigations based on confidentiality such as address space layout randomization are properly evaluated. In addition, we add an execution mode to test robustness against brute force attacks. Finally, we extend RIPE by adding 38 attack forms to perform format string attacks and virtual table (vtable) hijacking attacks. The revised RIPE contributes to the diversification of attack patterns and precise evaluation of the effectiveness of mitigations.