• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.125-144
• /
• 2022

When a variable message signs (VMS) system displays false information related to traffic safety caused by malicious attacks, it could pose a serious risk to drivers. If the normal message patterns displayed on the VMS system are learned, it would be possible to detect and respond to the anomalous messages quickly. This paper proposes a method for detecting anomalous messages by learning the normal patterns of messages using a bi-directional generative pre-trained transformer (GPT) network. In particular, the proposed method was trained using the normal messages and their system parameters to minimize the corresponding negative log-likelihood (NLL) values. After adequate training, the proposed method could detect an anomalous message when its NLL value was larger than a pre-specified threshold value. The experiment results showed that the proposed method could detect malicious messages and cases when the system error occurs.

• Proceedings of the KAIS Fall Conference
• /
• 2011.05a
• /
• pp.53-56
• /
• 2011

지난 7.7 DDoS(Distributed Denial of Service), 3.3 DDoS 대란을 통해서 보여주듯 DDoS 공격이 네트워크 주요 위협요소로 매우 부각되고 있으나, 공격에 대해서 실시간으로 감지하고 대응하기에 어렵다. 그리고 현재 여러 분야에서 매우 많은 용도로 사용되는 SMS(Short Message Service)도 DDoS 공격 수단으로 사용되어 이동전화 시스템에 큰 혼란을 야기할 수 있다. 기존의 Bloom Filter 탐지 기법은 구조가 간단하고 실시간 탐지가 가능한 장점을 갖지만 오탐지율에 대한 문제점을 가진다. 본 논문에서는 목적지 기반의 다중의 해시함수를 사용한 Counting Bloom Filter 기법을 이용하여 임계치 이상 카운트된 동일한 목적지로 발송되는 SMS에 대하여 공격으로 탐지하고 SMSC에 통보하여 차단시키는 시스템을 제안한다.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.191-200
• /
• 2021

Artificial intelligence technology is developing in an environment where a lot of data is produced due to the development of computing technology, a cloud environment that can store data, and the spread of personal mobile phones. Among these artificial intelligence technologies, the deep neural network provides excellent performance in image recognition and image classification. There have been many studies on image detection for forest fires and fire prevention using such a deep neural network, but studies on detection of cigarette smoking were insufficient. Meanwhile, military units are establishing surveillance systems for various facilities through CCTV, and it is necessary to detect smoking near ammunition stores or non-smoking areas to prevent fires and explosions. In this paper, by reflecting experimentally optimized numerical values such as activation function and learning rate, we did the detection of smoking pictures and non-smoking pictures in two cases. As experimental data, data was constructed by crawling using pictures of smoking and non-smoking published on the Internet, and a machine learning library was used. As a result of the experiment, when the learning rate is 0.004 and the optimization algorithm Adam is used, it can be seen that the accuracy of 93% and F1-score of 94% are obtained.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.670-672
• /
• 2002

최근에 인터넷을 통한 해킹이나 바이러스 침투로 인한 피해 사례들이 지속적으로 증가하고 있다. 20000년 2월, 야후, 아마존, CNN에 발생했던 DDoS(Distributed Denial of Service)[1,2] 공격으로 인해 각 웹사이트들은 큰 피해를 입었던 사례가 있다. 야후의 경우 초당 수 기가 비트의 서비스 요청으로 인해 무려 3시간 이상 동안 서비스가 중지되는 사태까지 이르렀다. 이 사건은 분산 환경에서의 서비스 거부 공격의 위험성을 보여주고 있다. 본 논문에서는 지금까지 개발된 분산 서비스 공격 도구를 분석하고 이들이 사용하는 패킷을 탐지하여 공격을 위해 사용되는 경로를 파악하는 방법을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.545-552
• /
• 2012

The rapid development of information technology is making large changes in our lives today. Also the infrastructure and services are combinding with information technology which predicts another huge change in our environment. However, the development of information technology brings various types of side effects and these side effects not only cause financial loss but also can develop into a nationwide crisis. Therefore, the detection and quick reaction towards these side effects is critical and much research is being done. Intrusion detection systems can be an example of such research. However, intrusion detection systems mostly tend to focus on judging whether particular traffic or files are malicious or not. Also it is difficult for intrusion detection systems to detect newly developed malicious codes. Therefore, this paper proposes a method which determines whether the present network model is normal or abnormal by comparing it with past network situations.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.115-120
• /
• 2013

There are lots of vulnerability and chance to be attacked in wireless sensor networks, which has many applications. Among those attacks, sybil attack is to generate a lot of false node and to inject false information into networks. When a user uses such false information without recognizing the attack, there might be a disaster. Although authentication method can be used to protect such attack, the method is not a good choice in wireless sensor networks, where sensor nodes have a limited battery and low power. In this paper, we propose a novel method to detect sybil attack with a little extra overhead. The proposed method use the characteristics that there is a weak connection between a group of normal nodes and a group of false nodes. In addition, the method uses energy aware routing based on random routing and adds a little information into the routing. Experimental results show that the proposed method detects false node by more than 90% probability with a little energy overhead.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.641-653
• /
• 2013

Recent cyber attacks targeting control systems are getting sophisticated and intelligent notoriously. As the existing signature based detection techniques faced with their limitations, a whitelist model with security techniques is getting attention again. However, techniques that are being developed in a whitelist model used at the application level narrowly and cannot provide specific information about anomalism of various cases. In this paper, we classify abnormal cases that can occur in control systems of enterprises and propose a new whitelist model for detecting abnormal cases.

• Journal of Korea Multimedia Society
• /
• v.9 no.8
• /
• pp.1030-1036
• /
• 2006

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. Anomaly detection is a pattern recognition task whose goal is to report the occurrence of abnormal or unknown behavior in a given system being monitored. This paper presents an efficient rough set based anomaly detection method that can effectively identify a group of especially harmful internal masqueraders in cellular mobile networks. Our scheme uses the trace data of wireless application layer by a user as feature value. Based on the feature values, the use pattern of a mobile's user can be captured by rough sets, and the abnormal behavior of the mobile can be also detected effectively by applying a roughness membership function considering weighted feature values. The performance of our scheme is evaluated by a simulation. Simulation results demonstrate that the anomalies are well detected by the method that assigns different weighted values to feature attributes depending on importance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.279-286
• /
• 2013

The recent power shortages due to surge in demand for electricity highlights the importance of smart grid technologies for efficient use of power. The experimental content for vulnerability against availability of smart meter, an essential component in smart grid networks, has been reported. Designing availability protection mechanism to boost the realization possibilities of the secure smart grid is essential. In this paper, we propose a mechanism to detect the availability infringement attack for smart meter and also to find anomaly nodes through analyzing smart grid structure and traffic patterns. The proposed detection mechanism uses approximate entropy technique to decrease the detection load and increase the detection rate with few samples and utilizes the signal information(CIR or RSSI, etc.) that the anomaly node can not be changed to find the anomaly nodes. Finally simulation results of proposed method show that the detection performance and the feasibility.