• The KIPS Transactions:PartA
• /
• v.12A no.2 s.92
• /
• pp.87-94
• /
• 2005

Pattern matching is one of critical parts of Network Intrusion Prevention Systems (NIPS) and computationally intensive. To handle a large number of attack signature fattens increasing everyday, a network intrusion prevention system requires a multi pattern matching method that can meet the line speed of packet transfer. In this paper, we analyze Snort, a widely used open source network intrusion prevention/detection system, and its pattern matching characteristics. A multi pattern matching method for NIPS should efficiently handle a large number of patterns with a wide range of pattern lengths and case insensitive patterns matches. It should also be able to process multiple input characters in parallel. We propose a multi pattern matching hardware accelerator based on Shift-OR pattern matching algorithm. We evaluate the performance of the pattern matching accelerator under various assumptions. The performance evaluation shows that the pattern matching accelerator can be more than 80 times faster than the fastest software multi-pattern matching method used in Snort.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.177-188
• /
• 2024

As technology evolves, Internet usage continues to grow, resulting in a geometric increase in network traffic and communication volumes. The network path selection process, which is one of the core elements of the Internet, is becoming more complex and advanced as a result, and it is important to effectively manage and analyze it, and there is a need for a representation and visualization method that can be intuitively understood. To this end, this study designs a framework that analyzes network data using BGP, a network path selection method, and applies it to the cyber common operating picture for situational awareness. After that, we analyze the visualization elements required to visualize the information and conduct an experiment to implement a simple visualization. Based on the data collected and preprocessed in the experiment, the visualization screens implemented help commanders or security personnel to effectively understand the network situation and take command and control.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.267-281
• /
• 2012

SCADA system is a computer system that monitors and controls the national infrastructure or industrial process including transportation facilities, water treatment and distribution, electrical power transmission and distribution, and gas pipelines. The SCADA system has been operated in a closed network, but it changes to open network as information and communication technology is developed rapidly. As the way of connecting with outside user extends, the possibility of exploitation of vulnerability of SCADA system gets high. The methodology to protect the possible huge damage caused by malicious user should be developed. In this paper, we proposed anomaly detection based intrusion detection methodology by estimating self-similarity of SCADA system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.5
• /
• pp.165-170
• /
• 2023

With the recent rise of blockchain technology, cryptocurrency platforms using it are increasing, and currency transactions are being actively conducted. However, crimes that abuse the characteristics of cryptocurrency are also increasing, which is a problem. In particular, phishing scams account for more than a majority of Ethereum cybercrime and are considered a major security threat. Therefore, effective phishing scams detection methods are urgently needed. However, it is difficult to provide sufficient data for supervised learning due to the problem of data imbalance caused by the lack of phishing addresses labeled in the Ethereum participating account address. To address this, this paper proposes a phishing scams detection method that uses both Trans2vec, an effective graph embedding techique considering Ethereum transaction networks, and semi-supervised learning model Tri-training to make the most of not only labeled data but also unlabeled data.

• Journal of IKEEE
• /
• v.28 no.1
• /
• pp.6-13
• /
• 2024

This paper proposes an approach to detect abnormal data in automotive controller area network (CAN) using an unsupervised learning model, i.e. autoencoder and Gaussian kernel density estimation function. The proposed autoencoder model is trained with only message ID of CAN data frames. Afterwards, by employing the Gaussian kernel density estimation function, it effectively detects abnormal data based on the trained model characterized by the optimally determined number of frames and a loss threshold. It was verified and evaluated using four types of attack data, i.e. DoS attacks, gear spoofing attacks, RPM spoofing attacks, and fuzzy attacks. Compared with conventional unsupervised learning-based models, it has achieved over 99% detection performance across all evaluation metrics.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.208-211
• /
• 2018

과학기술, 정보통신과 같은 기술들이 발전함에 따라 혁신적인 기술들 또한 대거 등장하였다. 이러한 기술들을 기반으로 새로운 서비스들이 등장하여 사람들의 삶의 질 또한 꾸준히 향상되고 있다. 그러나 기술발전 이면에는 해킹, 바이러스, 취약점 공격과 같은 역기능들의 기술 또한 지속해서 발전하고 있다. 공격자들은 이러한 기술들을 이용하여 정보자산의 침해, 사이버 테러, 금전적인 피해와 같은 사회 문제를 꾸준히 일으키고 있으며, 기업적으로는 개인정보 유출 및 산업 기밀 유출과 같은 정보보안 사고 또한 꾸준히 발생하고 있다. 이와 같은 이유로 SIEM(Security Information & Event Management)은 24시간 365일 네트워크와 시스템에 대한 지속적인 모니터링을 통해 외부로부터의 침입이나 각종 바이러스 등에 대해 적절한 대책을 통해 고객의 자산을 보호한다. 따라서 본 논문에서는 과거에서부터 현재까지의 내부 네트워크 기술의 발전을 살펴본 후 정보보안 사고 및 이상징후 탐지를 위한 통합 보안시스템 로그 관리 솔루션인 SIEM의 시대적 변화와 솔루션 동향에 대해 살펴 보고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.10A
• /
• pp.784-795
• /
• 2009

An accurate positioning estimation in the wireless sensor networks (WSN) is very important in which each sensor node is aware of neighbor conditions. The multi-hop positioning estimation technique is considered as one of the suitable techniques for the WSN with many low power devices. However geographical holes, where there is no sensor node, may severely decrease the positioning accuracy so that the positioning error can be beyond the tolerable range. Therefore in this paper, we analyze error factors of DV-hop and hole effect to obtain node's accurate position. The proposed methods include boundary node detection, distance level adjustment, and unreliable anchor elimination. The simulation results show that the proposed method can achieve higher positioning accuracy using the hole detection and enhanced distance calculation methods compared with the conventional DV-hop.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.11
• /
• pp.251-262
• /
• 2019

In this paper, we propose a simulator that provides various algorithms of RBF networks on neuromorphic chips. To develop algorithms based on neuromorphic chips, the disadvantages of using simulators are that it is difficult to test various types of algorithms, although time is fast. This proposed simulator can simulate four times more types of network architecture than existing simulators, and it provides an additional a two-layer structure algorithm in particular, unlike RBF networks provided by existing simulators. This two-layer architecture algorithm is configured to be utilized for multiple input data and compared to the existing RBF for performance analysis and validation of utilization. The analysis showed that the two-layer structure algorithm was more accurate than the existing RBF networks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04b
• /
• pp.1061-1064
• /
• 2001

ICMP는 두개의 호스트(host)간에 혹은 단일 호스트와 라우터와 같은 네트워크 장비 간에 에러 메시지를 주고 받을 때 사용된다. 이러한 ICMP는 특히 비 연결 지향 프로토콜인 UDP와 IP의 에러 메세지 전송 시 사용된다. DDoS 도구인 Stacheldraht는 TCMP 패킷을 통해 상호 존재 확인과 위장된 패킷 사용이 가능한지를 테스트하는 수단으로 ICMP ECHO REPLY와 ICMP ECHO REQUEST를 사용한다. 이러한 Stacheldraht에서의 ICMP 패킷을 통한 과정에 보안 채널인 Loki 프로젝트를 적용하면 ICMP 패킷 이동에 따른 마스터와 에이전트의 존재 여부를 확인하고 탐지하는데 효율적이다.

• Proceedings of the Korea Contents Association Conference
• /
• 2014.11a
• /
• pp.223-224
• /
• 2014

최근 빅데이터 시대에 다가와서 소셜 네트워크 서비스(Social Network Service)가 중요한 정보 공유의 수단으로 발전함에 따라 그에 따른 예측분석, 동향분석, 이슈탐지 등이 증가하고 있으며, 콘텐츠 분야에서 빅데이터 기법 사례가 증가하는 추세이다. 모바일기기 보급이 빠르게 확산되면서 SNS 활성화와 함께 많은 양의 데이터가 증가하고 있으며, 인스타그램과 같은 해시태그 사용 가능 SNS 서비스에서 해시태그의 동시출현은 해시태그만의 연관성이 있음을 의미한다. 본 논문에서는 대상 SNS의 동시출현 해시태그를 분석하기 위해 발생되는 데이터를 가지고 현재 트렌드에 맞게 분석하여 정보를 제공하는 방법을 제시한다.