• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.721-728
• /
• 2013

Big data is one of the most spotlighted technological trends in these days, enabling new methods to handle huge volume of complicated data for a broad range of applications. Real-time network traffic analysis essentially deals with big data, which is comprised of different types of log data from various sensors. To tackle this problem, in this paper, we devise a big data based platform, RENTAP, to detect and analyse malicious network traffic. Focused on military network environment such as closed network for C4I systems, leading big data based solutions are evaluated to verify which combination of the solutions is the best design for network traffic analysis platform. Based on the selected solutions, we provide detailed functional design of the suggested platform.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• Journal of Broadcast Engineering
• /
• v.28 no.3
• /
• pp.329-332
• /
• 2023

3D Object Detection using deep neural network has been developed a lot for obstacle detection in autonomous vehicles because it can recognize not only the class of target object but also the distance from the object. But in the case of 3D Object Detection models, the detection performance for distant objects is lower than that for nearby objects, which is a critical issue for autonomous vehicles. In this paper, we introduce a technique that increases the performance of 3D object detection models, particularly in recognizing distant objects, by generating virtual 3D vehicle data and adding it to the dataset used for model training. We used a spherical point tracing method that leverages the characteristics of 3D LiDAR sensor data to create virtual vehicles that closely resemble real ones, and we demonstrated the validity of the virtual data by using it to improve recognition performance for objects at all distances in model training.

• The KIPS Transactions:PartC
• /
• v.13C no.5 s.108
• /
• pp.541-548
• /
• 2006

Sensor network is a network for realizing the ubiquitous computing circumstances, which aggregates data by means of observation or detection deployed at the inaccessible places with the capacities of sensing and communication. To realize this circumstance, data which sensor nodes gathered from sensor networks are delivered to users, in which it is required to encrypt the data for the guarantee of secure communications. Therefore, it is needed to design key management scheme for encoding appropriate to the sensor nodes which feature continual data transfer, limited capacity of computation and storage and battery usage. We propose a key management scheme which is appropriate to sensor networks organizing hierarchical architecture. Because sensor nodes send data to their parent node, we can reduce routing energy. We assume that sensor nodes have different security levels by their levels in hierarchy. Our key management scheme provides different key establishment protocols according to the security levels of the sensor nodes. We reduce the number of sensor nodes which share the same key for encryption so that we reduce the damage by key exposure. Also, we propose key update protocols which take different terms for each level to update established keys efficiently for secure data encoding.

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.473-480
• /
• 2005

We can obtain useful information by deploying large scale sensor networks in various situations. Security is also a major concern in sensor networks, and we need to establish pairwise keys between sensor nodes for secure communication. In this paper, we propose new pairwise key establishment mechanism based on clustering and polynomial sharing. In the mechanism, we divide the network field into clusters, and based on the polynomial-based key distribution mechanism we create bivariate Polynomials and assign unique polynomial to each cluster. Each pair of sensor nodes located in the same cluster can compute their own pairwise keys through assigned polynomial shares from the same polynomial. Also, in our proposed scheme, sensors, which are in each other's transmission range and located in different clusters, can establish path key through their clusterheads. However, path key establishment can increase the network overhead. The number of the path keys and tine for path key establishment of our scheme depend on the number of sensors, cluster size, sensor density and sensor transmission range. The simulation result indicates that these schemes can achieve better performance if suitable conditions are met.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.57-66
• /
• 2021

Deep neural networks (DNNs) provide excellent performance for image, speech, and pattern recognition. However, DNNs sometimes misrecognize certain adversarial examples. An adversarial example is a sample that adds optimized noise to the original data, which makes the DNN erroneously misclassified, although there is nothing wrong with the human eye. Therefore studies on defense against adversarial example attacks are required. In this paper, we have experimentally analyzed the success rate of detection for adversarial examples by adjusting various parameters. The performance of the ensemble defense method was analyzed using fast gradient sign method, DeepFool method, Carlini & Wanger method, which are adversarial example attack methods. Moreover, we used MNIST as experimental data and Tensorflow as a machine learning library. As an experimental method, we carried out performance analysis based on three adversarial example attack methods, threshold, number of models, and random noise. As a result, when there were 7 models and a threshold of 1, the detection rate for adversarial example is 98.3%, and the accuracy of 99.2% of the original sample is maintained.

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.503-510
• /
• 2005

With the increasing importance of network protection from cyber threats, it is requested to develop a multi-gigabit rate pattern matching method for protecting against malicious attacks in high-speed network. This paper devises a high-speed pattern matching algorithm with TCAM by using an m-byte jumping window pattern matching scheme. The proposed algorithm significantly reduces the number of TCAM lookups per payload by m times with the marginally enlarged TCAM size which can be implemented by cascading multiple TCAMs. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload. It is shown by simulation that for the Snort nile with 2,247 patterns, our proposed algorithm supports more than 10 Gbps rate with a 9Mbit TCAM.

• The Korean Journal of Applied Statistics
• /
• v.29 no.6
• /
• pp.1025-1039
• /
• 2016

We introduce various methods to investigate the relations between innovation of technology and social changes by analyzing more than 4 millions of patents registered at United States Patent and Trademark Office(USPTO) from year 1985 to 2015. First, we review the history of patent law and its relation with the quantitative changes of registered patents. Second, we investigate the differences of technical innovations of several countries by use of cluster analysis based on the numbers of registered patents at several technical sectors. Third, we introduce the PageRank algorithm to define important nodes in network type data and apply the PageRank algorithm to find important technical sectors based on citation information between registered patents. Finally, we explain how to use the canonical correlation analysis to study relationship between technical innovation and social changes.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.5
• /
• pp.103-117
• /
• 2009

In MANET(Mobile Ad-Hoc Network), providing security to routing has been a significant issue recently. Existing studies, however, focused on either of secure routing or packet itself where malicious operations occur. In this paper, we propose SRPPnT(A Secure Routing Protocol in MANET based on Malicious Pattern of Node and Trust Level) that consider both malicious behavior on packet and secure routing. SRPPnT is identify the node where malicious activities occur for a specific time to compose trust levels for each node, and then to set up a routing path according to the trust level obtained. Therefore, SRPPnT is able to make efficient countermeasures against malicious operations. SRPPnT is based on AODV(Ad-Hoc On-Demand Distance Vector Routing). The proposed SRPPnT, from results of the NS-2 network simulation. shows a more prompt and accurate finding of malicious nodes than previous protocols did, under the condition of decreased load of networks and route more securely.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.72-83
• /
• 2006

It is not a practical solution that the DDoS attacks or worm propagations are protected and responded within a domain itself because it clogs access of legitimate users to share communication lines beyond the boundary a domain. Especially, the DDoS attacks with spoofed source address or with bogus packets that the destination addresses are changed randomly but has the valid source address does not allow us to identify access of legitimate users. We propose a scheme of distributed network security management to protect access of legitimate users from the DDoS attacks exploiting randomly spoofed source IP addresses and sending the bogus packets. We assume that Internet is divided into multiple domains and there exists one or more domain security manager in each domain, which is responsible for identifying hosts within the domain. The domain security manager forwards information regarding identified suspicious attack flows to neighboring managers and then verifies the attack upon receiving return messages from the neighboring managers. Through the experiment on a test-bed, the proposed scheme was verified to be able to maintain high detection accuracy and to enhance the. normal packet survival rate.