• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.55-63
• /
• 2006

Recently, there is much abnormal traffic driven by several worms, such as Nimda, Code Red, SQL Stammer, and so on, making badly severe damage to networks. Meanwhile, diverse prevention schemes for defeating abnormal traffic have been studied in the academic and commercial worlds. In this paper, we present the structure of a stepwise intrusion prevention system that is designed with the feature of putting limitation on the network bandwidth of each network traffic and dropping abnormal traffic, and then compare the proposed scheme with a pre-existing scheme, which is a True/False based an anomaly prevention scheme for several worm-patterns. There are two criteria for comparison of the schemes, which are Normal Traffic Rate (NTR) and False Positive Rate (FPR). Assuming that the abnormal traffic rate of a specific network is $\beta$ during a predefined time window, it is known that the average NTR of our stepwise intrusion prevention scheme increases by the factor of (1+$\beta$)/2 than that of True/False based anomaly prevention scheme and the average FPR of our scheme decrease by the factor of (1+$\beta$)/2.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.59-68
• /
• 2006

Although the cryptographic algorithms in IC chip such as smart card are secure against mathematical analysis attack, they are susceptible to side channel attacks in real implementation. In this paper, we analyze the security of smart card using a developed experimental tool which can perform power analysis attacks and fault insertion attacks. As a result, raw smart card implemented SEED and ARIA without any countermeasure is vulnerable against differential power analysis(DPA) attack. However, in fault attack about voltage and clock on RSA with CRT, the card is secure due to its physical countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.691-705
• /
• 2012

Buffer overflow vulnerability is the most representative one that an attack method and its countermeasure is frequently developed and changed. This vulnerability is still one of the most critical threat since it was firstly introduced in middle of 1990s. Shellcode is a machine code which can be used in buffer overflow attack. Attackers make the shellcode for their own purposes and insert it into target host's memory space, then manipulate EIP(Extended Instruction Pointer) to intercept control flow of the target host system. Therefore, a lot of research to defend have been studied, and attackers also have done many research to bypass security measures designed for the shellcode defense. In this paper, we investigate shellcode defense and attack techniques briefly and we propose our new methodology which can hide shellcode in the 24bit BMP image. With this proposed technique, we can easily hide any shellcode executable and we can bypass the current detection and prevention techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.31-41
• /
• 2010

It is difficult to identify attacker's real location when the attacker spoofs IP address in current IPv4-based Internet environment. If the attacks such as DDoS happen in the Internet, we can hardly expect the protection scheme to respond to these attacks in active or real-time manner. Many traceback techniques have been proposed to protect against these attacks, but most traceback schemes were designed to work with the IPv4-based Internet and found to be lack of verification of whether the traceback related information is forged or not. Few traceback schemes for IPv6-based network environment have been suggested, but it has these disadvantages that needs more study. In this paper, we propose the reliable IP traceback scheme supporting integrity of traceback-related information in IPv6 network environment, simulate it, and compare our proposed scheme with exsisting traceback mechanisms in terms of overhead and functionality.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.10
• /
• pp.353-362
• /
• 2022

The Russian-Ukraine war is accompanied by a military armed conflict and cyberattacks are in progress. As Russia designated Korea as an unfriendly country, there is an urgent need to prepare countermeasures as the risk of cyberattacks on Korea has also increased. Accordingly, impact of 19 cyberattack cases were analyzed by their type, and characteristics and implications were derived by examining them from five perspectives, including resource mobilization and technological progress. Through this, a total of seven measures were suggested as countermeasures for the Korean government, including strengthening multilateral cooperation with value-sharing countries, securing cyberattack capabilities and strengthening defense systems, and preparing plans to connect with foreign security companies. The results of this study can be used to establish the Korean government's cybersecurity policy.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.6
• /
• pp.266-283
• /
• 2022

With the rapid development of autonomous vehicle technology, unexpected accidents are occurring. Therefore, it is necessary to minimize user accident damage through the development of autonomous traffic safety education. Since edge cases, accident type, and risk factor analysis are important for realistic education, overseas case studies and demonstrations were carried out, and based on this, two curriculum for service providers and general users were developed. The service provider curriculum consisted of OEDR, sudden stop, cut-in, take-over, defensive driving, system malfunction, policy and information security education, and the general user curriculum consisted of attention duty, take-over, operating design domain, accidents type, laws, functions, information security education.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.197-208
• /
• 2023

In the coming future, anyone using the Internet will have more than one NFT. Unlike FT, NFT can specify the owner, and tracking management is easier than FT. Even in the 2022 survey, WPA2 is the most widely used wireless protocol worldwide to date. As it is a protocol that came out in 2006, it is a protocol with various vulnerabilities at this time. In order to use WPA2-EAP or WPA3 (2018), which were released to compensate for the vulnerabilities of WPA2, additional equipment upgrades are required for STA (station) and AP (access point, router), which are connected devices. The use of expensive router equipment solves the security part, but it is economically inefficient to be introduced in Small Office Home Office (SOHO). This paper uses NFT as a means of authentication and uses the existing WPA2 as it is without equipment upgrade, defend crack tools of WPA2 that have been widely used so far and compared to the existing WPA2, it was shown that it was not difficult to actually use them in SOHO.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2023.05a
• /
• pp.338-338
• /
• 2023

최근 특정 지역에 짧은 시간동안 많은 강우가 내리는 국지성 집중호우가 빈번히 발생하고 있으나, 이에 대한 예측과 대비에도 불구하고 피해는 지속적으로 증가하고 있다. 지속적인 강우량 증가 추이로 시간최대 및 일최대 강우량 관측기록이 해마다 갱신되고, 도시, 하천 및 주요 홍수방어 시설의 설계용량을 초과하는 피해가 발생하고 있다. 다수의 인구가 거주하고 대규모 기반시설이 집중된 도시지역에서 발생하는 집중호우는 심각한 인명 및 재산피해로 이어질 수 있다. 따라서, 부처별 재난의 저감대책은 정량적인 피해규모의 피해금액 예측보다는 설계 빈도에 대한 규모의 크기로 대책을 마련하고 있다. 국내에서는 풍수해 피해를 저감시키기 위해 개발에 따르는 재해영향요인을 개발 사업 시행 이전에 예측·분석하고 적절한 저감대책안을 수립·시행하고 있으나 설계빈도에 대한 규모일 뿐 정량적인 저감대책으로 예방되는 피해금액은 알 수 없다. 본 연구에서는 재해연보를 기반으로 호우재해(호우, 태풍)에 대한 시군구-재해기간의 피해데이터를 1999년부터 2019년까지 총 20년의 빅데이터와 전국 68개 강우관측소를 대상으로 총 20년(1999년 ~ 2019년)의 강우자료를 구축하였다. 머신러닝의 학습별 알고리즘을 조사하여 호우재해 피해데이터의 적용성이 높고 다양한 분야에 적용이 가능한 Neural networks의 분석기술인 ANN기법을 선정하였다 피해데이터의 재해발생기간별 총강우량, 일최대강우량, 총피해금액에 대하여 1999년 ~ 2018년을 학습하고 2019년에 대하여 강우특성과 피해특성의 분석하였다. 분석결과 Neural Networks의 지도학습은 총 6,902개 중 2019년을 제외한 6,414개를 학습하였으며 분석 타깃은 호우재해의 피해규모를 분석할 수 있는 총강우량, 일최대강우량, 총피해금액에 대하여 은닉노드 5개씩 2계층에 대하여 분석하였다.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.30 no.2C
• /
• pp.119-131
• /
• 2010

In this study, beneficial use of ocean contaminated sediments were investigated by laboratory and environmental tests, and their prototypes were released. Dredged material from Ulsan port is used for making cement treated samples and lightweight foamed samples, and various engineering tests were performed to identify the compressibility and stress-strain behaviors. Environmental tests were also performed for the beneficial uses. The values of Cu are a little higher than the suggested standard possible for reusing dredged material and equal to the suggested standard alarming for reusing dredged material, which shows environmental harmfulness for the reuse of construction material. In addition, particle size distribution, compaction test, Atterberg limit tests, specific gravity test, and unit weight test were performed to investigate the use of landfill cover materials. The shear strengths of cement treated soils were found to be enough for reclamation works.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.20 no.1
• /
• pp.109-118
• /
• 2024

Recently, a social issue has arisen involving RDDoS attacks following the sending of threatening emails to security administrators of companies and institutions. According to a report published by the Korea Internet & Security Agency and the Ministry of Science and ICT, survey results indicate that DDoS attacks are increasing. However, the top response in the survey highlighted the difficulty in countering DDoS attacks due to issues related to security personnel and costs. In responding to DDoS attacks, administrators typically detect anomalies through traffic monitoring, utilizing security equipment and programs to identify and block attacks. They also respond by employing DDoS mitigation solutions offered by external security firms. However, a challenge arises from the initial failure in early response to DDoS attacks, leading to frequent use of detection and mitigation measures. This issue, compounded by increased costs, poses a problem in effectively countering DDoS attacks. In this paper, we propose a system that creates detection rules, periodically collects traffic using mail detection and IDS, notifies administrators when rules match, and Based on predefined threshold, we use IPS to block traffic or DDoS mitigation. In the absence of DDoS mitigation, the system sends urgent notifications to administrators and suggests that you apply for and use of a cyber shelter or DDoS mitigation. Based on this, the implementation showed that network traffic was reduced from 400 Mbps to 100 Mbps, enabling DDoS response. Additionally, due to the time and expense involved in modifying detection and blocking rules, it is anticipated that future research could address cost-saving through reduced usage of DDoS mitigation by utilizing artificial intelligence for rule creation and modification, or by generating rules in new ways.