• Annual Conference of KIPS
• /
• 2023.11a
• /
• pp.170-172
• /
• 2023

최근 자동차는 자율주행차 혹은 스마트카로 진화하며 다양한 외부 통신 인터페이스를 포함하고 있습니다. 각 기능 통제를 위해 차량 소프트웨어의 복잡성과 자동차 기술 발전에 따라 통신 인터페이스의 증가로 인하여 자동차에 대한 사이버 공격 가능성 및 위험성이 꾸준히 증가하고 있습니다. 특히, 커넥티드카의 안전을 위한 V2X(Vehicle to Everything)통신이 보안 취약점을 가질 경우, 이는 탑승자의 생명에 직접적인 위협을 초래할 수 있습니다. 그러나, 지능형 교통 시스템에서는 익명성을 위해 일정 시간이 지나면 차량의 식별정보를 변경해 공격자를 찾는데 어려움이 있다. 따라서 본 논문에서는 지능형 교통 시스템 내에서 이상행위를 유발하는 차량을 탐지하기 위해 V2X에 활용되는 표준 메시지 정보를 통해 식별하여 추적하는 기술을 제안하고자 한다.

• Journal of the Korea Society for Simulation
• /
• v.17 no.3
• /
• pp.27-34
• /
• 2008

Wireless sensor networks are comprised of sensor nodes with resource-constrained hardware. Nodes in the sensor network without adequate protection may be compromised by adversaries. Such compromised nodes are vulnerable to the attacks like false reports injection attacks and false data injection attacks on legitimate reports. In false report injection attacks, an adversary injects false report into the network with the goal of deceiving the sink or the depletion of the finite amount of energy in a battery powered network. In false data injection attacks on legitimate reports, the attacker may inject a false data for every legitimate report. To address such attacks, the probabilistic voting-based filtering scheme (PVFS) has been proposed by Li and Wu. However, each cluster head in PVFS needs additional transmission device. Therefore, this paper proposes a fuzzy logic-based false report detection method (FRD) to mitigate the threat of these attacks. FRD employs the statistical en-route filtering scheme as a basis and improves upon it. We demonstrate that FRD is efficient with respect to the security it provides, and allows a tradeoff between security and energy consumption, as shown in the simulation.

• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.155-163
• /
• 2013

Connection hijacking attack using the vulnerability of the TCP protocol to redirect TCP stream goes through your machine actively (Active Attack). The SKEY such as one-time password protection mechanisms that are provided by a ticket-based authentication system such as Kerberos or redirection, the attacker can bypass.Someone TCP connection if you have access on TCP packet sniffer or packet generator is very vulnerable. Sniffer to defend against attacks such as one-time passwords and token-based authentication and user identification scheme has been used. Active protection, but these methods does not sign or encrypt the data stream from sniffing passwords over insecure networks, they are still vulnerable from attacks. For many people, an active attack is very difficult and so I think the threat is low, but here to help break the illusion successful intrusion on the UNIX host, a very aggressive attack is presented. The tools available on the Internet that attempt to exploit this vulnerability, known as the recent theoretical measures is required. In this paper, we propose analysis techniques on a wireless network intruder detection.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.8
• /
• pp.1581-1588
• /
• 2017

Recently, circulating ransomware is becoming intelligent and sophisticated through a spreading new viruses and variants, targeted spreading using social engineering attack, malvertising that circulate a large quantity of ransomware by hacking advertising server, or RaaS(Ransomware-as-a- Service), from the existing attack way that encrypt the files and demand money. In particular, it makes it difficult to track down attackers by bypassing security solutions, disabling parameter checking via file encryption, and attacking target-based ransomware with APT(Advanced Persistent Threat) attacks. For remove the threat of ransomware, various detection techniques are developed, but, it is very hard to respond to new and varietal ransomware. Accordingly, in this paper, find out a making Signature-based Detection Patterns and problems, and present a pattern automation model of ransomware detecting for responding to ransomware more actively. This study is expected to be applicable to various forms in enterprise or public security control center.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.27-34
• /
• 2020

Recently, the fourth industrial revolution technology has not only changed everyday life greatly through technological development, but has also become a major keyword in the establishment of defense policy. In particular, Internet of Things, cloud, big data, mobile and cybersecurity technologies, called ICBMS, were selected as core leading technologies in defense information policy along with artificial intelligence. Amid the growing importance of the fourth industrial revolution technology, research is being carried out to develop the C4I system, which is currently operated separately by the Joint Chiefs of Staff and each military, including the KJCCS, ATCIS, KNCCS and AFCCS, into an integrated system in preparation for future warfare. This is to solve the problem of reduced interoperability for joint operations, such as information exchange, by operating the C4I system for each domain. In addition, systems such as the establishment of an integrated C4I system and the U.S. military's Risk Management Framework (RMF) are essential for efficient control and safe operation of weapons systems as they are being developed into super-connected and super-intelligent systems. Therefore, in this paper, the intelligent cyber threat detection, management of users' access to information, and intelligent management and visualization of cyber threat are presented in the future C4I system based on big data/cloud.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.24 no.5
• /
• pp.495-503
• /
• 2014

In recent days, a study of the intrusion detection system collecting and analyzing network data, packet or logs, has been actively performed to response the network threats in computer security fields. In particular, Bayesian network has advantage of the inference functionality which can infer with only some of provided data, so studies of the intrusion system based on Bayesian network have been conducted in the prior. However, there were some limitations to calculate high detection performance because it didn't consider the problems as like complexity of the relation among network packets or continuos input data processing. Therefore, in this paper we proposed two methodologies based on K-menas clustering to improve detection rate by reforming the problems of prior models. At first, it can be improved by sophisticatedly setting interval range of nodes based on K-means clustering. And for the second, it can be improved by calculating robust CPT through applying weighted-leaning based on K-means clustering, too. We conducted the experiments to prove performance of our proposed methodologies by comparing K_WTAN_EM applied to proposed two methodologies with prior models. As the results of experiment, the detection rate of proposed model is higher about 7.78% than existing NBN(Naive Bayesian Network) IDS model, and is higher about 5.24% than TAN(Tree Augmented Bayesian Network) IDS mode and then we could prove excellence our proposing ideas.

• Journal of the Korea Society for Simulation
• /
• v.19 no.4
• /
• pp.151-159
• /
• 2010

Currently, by using the Internet, We can do varius things such as Web surfing, email, on-line shopping, stock trading on your home or office. However, as being out of the concept of security from the beginning, it is the big social issues that malicious user intrudes into the system through the network, on purpose to steal personal information or to paralyze system. In addition, network intrusion by ordinary people using network attack tools is bringing about big worries, so that the need for effective and powerful intrusion detection system becomes very important issue in our Internet environment. However, it is very difficult to prevent this attack perfectly. In this paper we proposed the algorithm for the detection of DoS attacks, and developed attack detection tools. Through learning in a normal state on Step 1, we calculate thresholds, the number of packets that are coming to each port, the median and the average utilization of each port on Step 2. And we propose values to determine how to attack detection on Step 3. By programing proposed attack detection algorithm and by testing the results, we can see that the difference between the median of packet mounts for unit interval and the average utilization of each port number is effective in detecting attacks. Also, without the need to look into the network data, we can easily be implemented by only using the number of packets to detect attacks.

• Journal of Radiation Protection and Research
• /
• v.34 no.3
• /
• pp.115-120
• /
• 2009

Since 1990s, some events - detection of a dirty bomb in a Russian nation park in 1995, 9/11 terrorist attack to WTC in 2001, discovery of Al-Qaeda's experimentation to build a dirty bomb in 2003 etc - have showed that nuclear or radiological terrorism relating to radioactive materials (hereinafter "radioactive materials" is referred to as "nuclear material, nuclear spent fuel and radioactive source") is not incredible but serious and credible threat. Thus, to respond to the new threat, the international community has not only strengthened security and physical protection of radioactive materials but also established prevention of and response to illicit trafficking of radioactive materials. In this regard, our government has enacted or revised the national regulatory framework with a view to improving security of radioactive materials and joined the international convention or agreement to meet this international trend. For the purpose of prevention of nuclear/radiological terrorism, this paper reviews physical characteristics of nuclear material and existing detection instruments used for prevention of illicit trafficking. Finally, national detection regime against nuclear/radiological terrorism based on paths of the smuggled radioactive materials to terrorist's target building/area, national topography and road networks, and defence-in-depth concept is suggested in this paper. This study should contribute to protect people's health, safety and environment from nuclear/radiological terrorism.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.