• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.91-92
• /
• 2021

최근 사물 인터넷 관련 해킹 우려 신고 건수가 증가하는 추세를 보이고 있다. 하지만 급격하게 늘어나는 IoT 환경에 따라서 관리자가 새로운 침입 탐지 공격패턴을 인식하는 것에 대한 어려움이 있으며, 대량의 공격이나 새로운 공격패턴이 등장할 경우 이에 맞는 특징을 재선정해야 할 경우도 발생한다. 본 논문에서는 운영 네트워크 상에 특정이상동작 파악 및 근원지 진단을 위한 목적을 가진 전반적인 네트워크 상태 분석 및 사용자 이슈 식별이 가능한 프레임워크를 설계하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.29-37
• /
• 2020

Work to improve network throughput has been focused on network coding as the utilization of IoT-based application services increases and network usage increases rapidly. In network coding, nodes transform packets received from neighboring nodes into a combination of encoded packets for transmission and decoding at the destination. This scheme is based on trust among nodes, but in the IoT environment where nodes are free to join, a malicious node can fabricate the packet if it legally participates in the configuration. It is difficult to identify the authenticity of the encoded packet since the packet received at destination is not a single source but a combination of packets generated by several nodes. In this paper, we propose a method to detect "look-like-valid" packets that have been attacked and disguised in packets received at destination, and to identify valid messages in the reconstructions. This method shows that network coding performance is significantly improved because the destination can reconstruct a valid message with only received packets without retransmission with a high probability, despite the presence of disguised packets.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.12
• /
• pp.483-490
• /
• 2019

In the Network Intrusion Detection System (NIDS), the function of classification is very important, and detection performance depends on various features. Recently, a lot of research has been carried out on deep learning, but network intrusion detection system experience slowing down problems due to the large volume of traffic and a high dimensional features. Therefore, we do not use deep learning as a classification, but as a preprocessing process for feature extraction and propose a research method from which classifications can be made based on extracted features. A stacked AutoEncoder, which is a representative unsupervised learning of deep learning, is used to extract features and classifications using the Random Forest classification algorithm. Using the data collected in the IOT environment, the performance was more than 99% when normal and attack traffic are classified into multiclass, and the performance and detection rate were superior even when compared with other models such as AE-RF and Single-RF.

• Journal of Internet of Things and Convergence
• /
• v.7 no.1
• /
• pp.9-19
• /
• 2021

The data mining design incorporated with big data based cloud computing system is investigated for the nuclear terrorism prevention where the conventional physical protection system (PPS) is modified. The networking of terror related bodies is modeled by simulation study for nuclear forensic incidents. It is needed for the government to detect the terrorism and any attempts to attack to innocent people without illegal tapping. Although the mathematical algorithm of the study can't give the exact result of the terror incident, the potential possibility could be obtained by the simulations. The result shows the shape oscillation by time. In addition, the integration of the frequency of each value can show the degree of the transitions of the results. The value increases to -2.61741 in 63.125th hour. So, the terror possibility is highest in later time.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.35-41
• /
• 2015

Internet of Things has a wide range of vulnerabilities are exposed to information security threats. However, this does not deal with the basic solution, the vaccine does not secure encryption for the data transmission. The encryption and authentication message transmitted from one node to the construction of the secure wireless sensor networks is required. In order to satisfy the constraint, and security requirements of the sensor network, lightweight encryption and authentication technologies, the light key management technology for the sensor environment it is required. Mandatory sensor network security technology, privacy protection technology subchannel attack prevention, and technology. In order to establish a secure wireless sensor networks encrypt messages sent between the nodes and it is important to authenticate. Lightweight it shall apply the intrusion detection mechanism functions to securely detect the presence of the node on the network. From the sensor node is not involved will determine the authenticity of the terminal authentication technologies, there is a need for a system. Network security technology in an Internet environment objects is a technique for enhancing the security of communication channel between the devices and the sensor to be the center.

• Journal of Internet Computing and Services
• /
• v.24 no.6
• /
• pp.137-144
• /
• 2023

Cyberattack technology is evolving to an unpredictable degree, and it is a situation that can happen 'at any time' rather than 'someday'. Infrastructure that is becoming hyper-connected and global due to cloud computing and the Internet of Things is an environment where cyberattacks can be more damaging than ever, and cyberattacks are still ongoing. Even if damage occurs due to external influences such as cyberattacks or natural disasters, intelligent self-recovery must evolve from a cyber resilience perspective to minimize downtime of cyber assets (OS, WEB, WAS, DB). In this paper, we propose an intelligent self-recovery technology to ensure sustainable cyber resilience when cyber assets fail to function properly due to a cyberattack. The original and updated history of cyber assets is managed in real-time using timeslot design and snapshot backup technology. It is necessary to secure technology that can automatically detect damage situations in conjunction with a commercialized file integrity monitoring program and minimize downtime of cyber assets by analyzing the correlation of backup data to damaged files on an intelligent basis to self-recover to an optimal state. In the future, we plan to research a pilot system that applies the unique functions of self-recovery technology and an operating model that can learn and analyze self-recovery strategies appropriate for cyber assets in damaged states.

• Journal of Digital Convergence
• /
• v.19 no.9
• /
• pp.463-468
• /
• 2021

Although the IoT is showing explosive growth due to the development of technology and the spread of IoT devices and activation of services, serious security risks and financial damage are occurring due to the activities of various botnets. Therefore, it is important to accurately and quickly detect the activities of these botnets. As security in the IoT environment has characteristics that require operation with minimum processing performance and memory, in this paper, the minimum characteristics for detection are selected, and KNN (K-Nearest Neighbor), Naïve Bayes, Decision Tree, Random A comparative study was conducted on the performance of machine learning algorithms such as Forest to detect botnet activity. Experimental results using the Bot-IoT dataset showed that KNN can detect DDoS, DoS, and Reconnaissance attacks most effectively and efficiently among the applied machine learning algorithms.

• Journal of the Korea Convergence Society
• /
• v.10 no.5
• /
• pp.35-42
• /
• 2019

Recently, as the Internet and various wearable devices have appeared, Internet technology has contributed to obtaining more convenient information and doing business. However, as the internet is used in various parts, the attack surface points that are exposed to attacks are increasing, Attempts to invade networks aimed at taking unfair advantage, such as cyber terrorism, are also increasing. In this paper, we propose a feature selection method to improve the classification performance of the class to classify the abnormal behavior in the network traffic. The UNSW-NB15 dataset has a rare class imbalance problem with relatively few instances compared to other classes, and an undersampling method is used to eliminate it. We use the SVM, k-NN, and decision tree algorithms and extract a subset of combinations with superior detection accuracy and RMSE through training and verification. The subset has recall values of more than 98% through the wrapper based experiments and the DT_PSO showed the best performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.281-288
• /
• 2024

The sixth generation(6G) wireless communication technology is advancing toward ultra-high speed, ultra-high bandwidth, and hyper-connectivity. With the development of communication technologies, the formation of a hyper-connected society is rapidly accelerating, expanding from the IoT(Internet of Things) to the IoE(Internet of Everything). However, at the same time, security threats targeting IoT devices have become widespread, and there are concerns about security incidents such as unauthorized access and information leakage. As a result, the need for security-enhancing solutions is increasing. In this paper, we implement an autoencoder-based anomaly detection model utilizing real-time collected network traffics in respond to IoT security threats. Considering the difficulty of capturing IoT device traffic data for each attack in real IoT environments, we use an unsupervised learning-based autoencoder and implement 6 different autoencoder models based on the use of noise in the training data and the dimensions of the latent space. By comparing the model performance through experiments, we provide a performance evaluation of the anomaly detection model for detecting abnormal network traffic.

• KIPS Transactions on Software and Data Engineering
• /
• v.11 no.5
• /
• pp.197-202
• /
• 2022

IoT (Internet of Things) devices are being attacked by malware due to many security vulnerabilities, such as the use of weak IDs/passwords and unauthenticated firmware updates. However, due to the diversity of CPU architectures, it is difficult to set up a malware analysis environment and design features. In this paper, we design time series features using the byte sequence of executable files to represent independent features of CPU architectures, and analyze them using recurrent neural networks. The proposed feature is a fixed-length time series pattern extracted from the byte sequence by calculating partial entropy and applying linear interpolation. Temporary changes in the extracted feature are analyzed by RNN and LSTM. In the experiment, the IoT malware detection showed high performance, while low performance was analyzed in the malware family classification. When the entropy patterns for each malware family were compared visually, the Tsunami and Gafgyt families showed similar patterns, resulting in low performance. LSTM is more suitable than RNN for learning temporal changes in the proposed malware features.