• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1225-1228
• /
• 2005

본 논문에서는 DDoS 공격 패킷을 사전에 탐지하고 트래픽 제어를 하기위한 방안을 제안한다. 제안된 모델은 공격대상에서 멀리 떨어 진 라우터에서 낮은 임계치를 적용하여 탐지 하게 되며 지역 연합 모델을 통한 지역적인 방어 행동을 취하게 된다. 사전에 취해지는 방어 행동으로 인해 본 시스템은 좋은 성능을 발휘 할 것이다. 시스템의 각 지역연합들은 DDoS 공격의 악의 적인 트래픽의 양을 줄이는 것에 기여 할 것이다.

• Information and Communications Magazine
• /
• v.33 no.2
• /
• pp.28-38
• /
• 2016

기존 인터넷의 보안 모델은 모든 통신 상대와 통신 환경에 대한 의심을 기반으로 외부의 공격으로부터 자신을 보호하는 모델이다. 그러나 이 보안 모델은 공격이 지능화됨에 따라 방어도 지속적으로 강화되어야 하는 악순환의 고리에 빠지게 된다. 이런 악순환의 고리를 끊기 위하여 상호 신뢰를 바탕으로 공격자체가 원천적으로 없어지는 신뢰통신 구조를 제안한다. 신뢰통신모델은 먼저 상호신뢰 관계를 가진 제한된 참여자들로 구성된 신뢰 도메인에서 시작하여 외부와의 통신은 잘 정의된 인증 절차에 따라 허용함으로써 도메인의 신뢰 수준을 유지하면서 신뢰 영역을 확장하는 방식을 채택한다. 이 신뢰 모델을 기반으로 신뢰 네트워크 구조를 제안하고 이 구조를 기존의 IP 네트워크에 적용하는 방안을 제시한다.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.66-75
• /
• 2023

Recently, the number of cloud web applications is increasing owing to the accelerated migration of enterprises and public sector information systems to the cloud. Traditional network attacks on cloud web applications are characterized by Denial of Service (DoS) attacks, which consume network resources with a large number of packets. However, HTTP DoS attacks, which consume application resources, are also increasing recently; as such, developing security technologies to prevent them is necessary. In particular, since low-bandwidth HTTP DoS attacks do not consume network resources, they are difficult to identify using traditional security solutions that monitor network metrics. In this paper, we propose a new detection model for detecting HTTP DoS attacks on cloud web applications by collecting the application metrics of web servers and learning them using machine learning. We collected 18 types of application metrics from an Apache web server and used five machine learning and two deep learning models to train the collected data. Further, we confirmed the superiority of the application metrics-based machine learning model by collecting and training 6 additional network metrics and comparing their performance with the proposed models. Among HTTP DoS attacks, we injected the RUDY and HULK attacks, which are low- and high-bandwidth attacks, respectively. As a result of detecting these two attacks using the proposed model, we found out that the F1 scores of the application metrics-based machine learning model were about 0.3 and 0.1 higher than that of the network metrics-based model, respectively.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.587-593
• /
• 2021

In this thesis, we will break away from the classic DDoS response system for large-scale denial-of-service attacks that develop day by day, and effectively endure intelligent denial-of-service attacks by utilizing artificial intelligence-based technology, one of the core technologies of the 4th revolution. A possible service model development plan was proposed. That is, a method to detect denial of service attacks and minimize damage through machine learning artificial intelligence learning targeting a large amount of data collected from multiple security devices and web servers was proposed. In particular, the development of a model for using artificial intelligence technology is to detect a Western service attack by focusing on the fact that when a service denial attack occurs while repeating a certain traffic change and transmitting data in a stable flow, a different pattern of data flow is shown. Artificial intelligence technology was used. When a denial of service attack occurs, a deviation between the probability-based actual traffic and the predicted value occurs, so it is possible to respond by judging as aggressiveness data. In this paper, a service denial attack detection model was explained by analyzing data based on logs generated from security equipment or servers.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.298-300
• /
• 2023

자율주행 및 robot navigation 시스템에서 물체 인식 성능향상을 위해 대부분 MSF(Multi-Sensor Fusion) 기반 설계를 한다. 따라서 각 센서로부터 들어온 정보를 정합하는 것은 정확한 MSF 알고리즘을 위한 필요조건이다. 다양한 선행 연구에서 2D 데이터에 대한 공격을 진행했다. 자율주행에서는 3D 데이터를 다루어야 하므로 선행 연구에서 하지 않았던 3D 데이터 공격을 진행했다. 본 연구에서는 스케일링 공격 기반 카메라-라이다 센서 간 정합 모델의 정확도를 저하시키는 공격 방법을 제안한다. 제안 방법은 입력 라이다의 포인트 클라우드에 스케일링 공격을 적용하여 다운스케일링 단계에서 공격하고자 한다. 실험 결과, 입력 데이터에 공격하였을 때 공격 전보다 평균제곱 이동오류는 56% 이상, 평균 사원수 각도 오류는 98% 이상 증가했음을 보였다. 다운스케일링 크기 별, 알고리즘별 공격을 적용했을 때, 10×20 크기로 다운스케일링 하고 lanczos4 알고리즘을 적용했을 때 가장 효과적으로 공격할 수 있음을 확인했다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1111-1123
• /
• 2023

In recent years, as generative models have developed, research that threatens them has also been actively conducted. We propose a new membership inference attack against text-to-image model. Existing membership inference attacks on Text-to-Image models produced a single image as captions of query images. On the other hand, this paper uses personalized embedding in query images through Textual Inversion. And we propose a membership inference attack that effectively generates multiple images as a method of generating Adversarial Prompt. In addition, the membership inference attack is tested for the first time on the Stable Diffusion model, which is attracting attention among the Text-to-Image models, and achieve an accuracy of up to 1.00.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.4
• /
• pp.69-75
• /
• 2000

This paper proposes a network intrusion detection model which can detect the insertion and evasion attacks. These attacks can be prevented when some kind of information are available in the network intrusion detection system. We classified these information with three categories and used each category at setup phase and executing Phase. Within the proposed model, all necessary information which are related with networks and operating systems are maintained in the database and created as a table. This table is used during intrusion detection. The overheads of database and table may be simple in this model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1081-1090
• /
• 2022

The face recognition model is used for identity recognition of smartphones, providing convenience to many users. As a result, the security review of the DNN model is becoming important, with adversarial attacks present as a well-known vulnerability of the DNN model. Adversarial attacks have evolved to decision-based attack techniques that use only the recognition results of deep learning models to perform attacks. However, existing decision-based attack technique[14] have a problem that requires a large number of queries when generating adversarial examples. In particular, it takes a large number of queries to approximate the gradient. Therefore, in this paper, we propose a method of generating adversarial examples using orthogonal space sampling and dimensionality reduction sampling to avoid wasting queries that are consumed to approximate the gradient of existing decision-based attack technique[14]. Experiments show that our method can reduce the perturbation size of adversarial examples by about 2.4 compared to existing attack technique[14] and increase the attack success rate by 14% compared to existing attack technique[14]. Experimental results demonstrate that the adversarial example generation method proposed in this paper has superior attack performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2041-2044
• /
• 2003

네트워크에서 발생하는 다양한 침입 중에서 서비스거부공격(DoS Attack. Denial-of-Service Attack)이란 공격자가 침입대상 시스템의 시스템 자원과 네트워크 자원을 악의적인 목적으로 소모시키기 위하여 대량의 패킷을 보냄으로써 정상 사용자로 하여금 시스템이 제공하는 서비스를 이용하지 못하도록 하는 공격을 의미한다. 기존 연구에서는 시스템과 네트워크가 수신한 패킷을 분석한 후 네트워크 세션정보를 생성하여 DoS 공격을 탐지하였다. 그러나 이 기법은 공격자가 분산서비스거부공격(DDoS Attack: Distributed DoS Attack)을 하게 되면 분산된 세션정보가 생성되기 때문에 침입을 실시간으로 탐지하기에는 부적절하다. 본 논문에서는 시스템이 가지고 있는 자윈 중에서 DDoS 공격을 밭을 때 가장 민감하게 반응하는 시스템 자원을 모니터링 함으로써 DDoS 공격을 실시간으로 탐지할 수 있는 모델을 제안한다 제안 모델은 시스템이 네트워크에서 수신한 패킷을 처리하는 과정에서 소모되는 커널 메모리 소비량을 감사자료로 이용한 네트워치기반 비정상행위탐지(networked-based anomaly detection)모델이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.817-826
• /
• 2022

AI technology is being successfully introduced in many fields, and models deployed as a service are deployed with black box environment that does not expose the model's information to protect intellectual property rights and data. In a black box environment, attackers try to steal data or parameters used during training by using model output. This paper proposes a method of inferring the type of model to directly find out the composition of layer of the target model, based on the fact that there is no attack to infer the information about the type of model from the deep learning model. With ResNet, VGGNet, AlexNet, and simple convolutional neural network models trained with MNIST datasets, we show that the types of models can be inferred using the output values in the gray box and black box environments of the each model. In addition, we inferred the type of model with approximately 83% accuracy in the black box environment if we train the big and small relationship feature that proposed in this paper together, the results show that the model type can be infrerred even in situations where only partial information is given to attackers, not raw probability vectors.