• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.467-470
• /
• 2012

This paper proposes a technique of sybil attack detection using an ID-based certificate on sensor network. First, it can solve the broadcast storm problem happening when keys are distributed to sensor nodes. Second, it prevents the replay attack by periodically generating and changing the keys of sensor nodes with Key-chain technique. Third, it authenticates sensor node's ID using hash function. So, it maximizes sensor node's memory usage, reduces communication overhead. Finally it detects Sybil attack through ID-based certificate. Therefore, the proposed technique of Sybil attack detection using ID-based certificate consider simultaneously energy efficiency and stability on sensor network environment, and can trust the provided information through sensor network.

• Journal of the Korea Institute of Building Construction
• /
• v.11 no.3
• /
• pp.276-282
• /
• 2011

The construction industry has achieved many benefits through the mechanization of the construction. However, due to accidents for construction machinery, the mortality rate has increased rapidly. Thus, the objective of this study is to develop of tilt modules for object detection system of excavator. The modified laser sensor that increase the efficiency of object detection system was tested. Based on these results, tilt modules were developed through the conceptual design and detailed design. Then, this tilt modules can be applied to the safety management system of excavator and using this tilt modules will be able to improve the efficiency of the system.

• The Korean Journal of Applied Statistics
• /
• v.29 no.4
• /
• pp.699-706
• /
• 2016

Outlier detection methods without performing a test often do not succeed in detecting multiple outliers because they are structurally vulnerable to a masking effect or a swamping effect. This paper considers testing procedures supplemented to a clustering-based method of identifying the group with a minority of the observations as outliers. One of general steps is performing a variety of t-test on individual outlier-candidates. This paper proposes a sequential procedure for searching for outliers by changing cutoff values on a cluster tree and performing a test on a set of outlier-candidates. The proposed method is illustrated and compared to existing methods by an example and Monte Carlo studies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.321-330
• /
• 2015

There have been found many modified malwares which could avoid detection simply by replacing a sequence of characters or a part of code. Since the existing anti-virus program performs signature-based analysis, it is difficult to detect a malware which is slightly different from the well-known malware. This paper suggests a method of detecting modified malwares by extending a hash-value based code comparison. We generated hash values for individual functions and individual code blocks as well as the whole code, and thus use those values to find whether a pair of codes are similar in a certain degree. We also eliminated some numeric data such as constant and address before generating hash values to avoid incorrectness incurred from them. We found that the suggested method could effectively find inherent similarity between original malware and its derived ones.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.427-432
• /
• 2014

The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.279-286
• /
• 2013

The recent power shortages due to surge in demand for electricity highlights the importance of smart grid technologies for efficient use of power. The experimental content for vulnerability against availability of smart meter, an essential component in smart grid networks, has been reported. Designing availability protection mechanism to boost the realization possibilities of the secure smart grid is essential. In this paper, we propose a mechanism to detect the availability infringement attack for smart meter and also to find anomaly nodes through analyzing smart grid structure and traffic patterns. The proposed detection mechanism uses approximate entropy technique to decrease the detection load and increase the detection rate with few samples and utilizes the signal information(CIR or RSSI, etc.) that the anomaly node can not be changed to find the anomaly nodes. Finally simulation results of proposed method show that the detection performance and the feasibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.115-122
• /
• 2006

The most methods for intrusion detection are based on the misuse detection which accumulates hewn intrusion information and makes a decision of an attack against any behavior data. However it is very difficult to detect a new or modified aoack with only the collected patterns of attack behaviors. Therefore, if considering that the method of anomaly behavior detection actually has a high false detection rate, a new approach is required for very huge intrusion patterns based on sequence. The approach can improve a possibility for intrusion detection of known attacks as well as modified and unknown attacks in addition to the similarity measurement of intrusion patterns. This paper proposes a method which applies the multiple sequence alignments technique to the similarity matching of the sequence based intrusion patterns. It enables the statistical analysis of sequence patterns and can be implemented easily. Also, the method reduces the number of detection alerts and false detection for attacks according to the changes of a sequence size.

• Journal of the military operations research society of Korea
• /
• v.32 no.2
• /
• pp.114-130
• /
• 2006

This paper deals with complexity theory to describe amphibious warfare situation using EINSTein (Enhanced ISAAC Neural Simulation Tool) simulation model. EINSTein model is an agent-based artificial "laboratory" for exploring self-organized emergent behavior in land combat. Many studies have shown that existing Lanchester equations used in most war simulation models does not describe changes of combat. Future warfare will be information warfare with various weapon system and complex combat units. We have compared and tested combat results with Lanchester models and EINSTein model. Furthermore, the EINSTein model has been applied and analyzed to amphibious warfare model such as amphibious assault and amphibious sudden attack. The results show that the EINSTein model has a possibility to apply and analyze amphibious warfare more properly than Lanchester models.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.1
• /
• pp.171-178
• /
• 2021

In this paper, the author proposes a method for detecting modification of transmitted messages in C/C++ based Discrete Event System Specification (DEVS) simulation. When a message generated by a model instance is delivered to other model instances, it may be modified by some of the recipients. Such modifications may corrupt simulation results, which may lead to wrong decision making. In the proposed method, every model instance stores a copy of every transmitted message. Before the deletion of the transmitted message, the instance compares them. Once a modification has been detected, the method interrupt the current simulation run. The procedure is automatically performed by a simulator instance. Thus, the method does not require programmers to follow secure coding or to add specific codes in their models. The performance of the method is compared with a DEVS simulator.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.707-724
• /
• 2024

Recently, Golang has been gaining attention in programming language rankings each year due to its cross-compilation capabilities and high code productivity. However, malware developers have also been increasingly using it to distribute malware such as ransomware and backdoors. Interestingly, Golang, being an open-source language, frequently changes the important values and configuration order of a crucial structure called Pclntab, which includes essential values for recovering deleted symbols whenever a new version is released. While frequent structural changes may not be an issue from a developer's perspective aiming for better code readability and productivity, it poses challenges in cybersecurity, as new versions with modified structures can be exploited in malware development. Therefore, this paper proposes GoAsap, a detection and analysis system for Golang executables targeting the new versions, and validates the performance of the proposed system by comparing and evaluating it against six existing binary analysis tools.