• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.990-993
• /
• 2012

SCADA(Supervisory Control and Data Acquisition) 시스템은 국가중요기반망인 전력, 가스 등을 제어하기 위해 사용되어 왔다. 최근에는 기존의 폐쇄적인 통신 환경과 달리 외부망과 연결된 개방 통신 환경을 사용함에 따라 안전한 통신을 위한 암호화 기술이 연구되고 있다. 기존 시스템에 적용되고 있는 프로토콜들은 공유키를 갱신하기 위해 수동적으로 설정해야했다. 본 논문에서는 SCADA 시스템을 구성하는 Server와 RTU가 상호 인증하여 무리수 기반의 스트림 암호화 통신과 타임스탬프를 이용한 키 갱신 프로토콜을 제시하여 재사용공격과 가장공격이 불가능한 실시간 암호화통신 프로토콜을 연구하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10c
• /
• pp.327-329
• /
• 1999

미래의 정보전에서는 자신의 정보 시스템에 대한 침해 방지, 복구 등의 수동적인 형태의 보호뿐 아니라 상대방의 정보 하부 구조(Information Infrastructure)에 대한 공격같은 적극적인 형태의 보호가 요구된다. 본 논문에서는 미행에 의한 부정 행위자 신분 확인 시스템을 제시한다. 신분 확인 시스템은 부정행위자에 대한 신분정보를 생성, 유지함으로써 침해 사고를 예방하고 부정시스템은 부정 행위자에 대한 역공격도 가능하게 한다. 또한 부정 행위자의 접속 경로에 따른 미행을 통하여 침입자의 행위를 실시간으로 분석, 보고함으로서 보다 정확한 신분 확인이 가능하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.119-132
• /
• 2006

The network based security techniques well-known until now have week points to be passive in attacks and susceptible to roundabout attacks so that the misuse detection based intrusion prevention system which enables positive correspondence to the attacks of inline mode are used widely. But because the Misuse detection based Intrusion prevention system is proportional to the detection rules, it causes excessive false alarm and is linked to wrong correspondence which prevents the regular network flow and is insufficient to detect transformed attacks, This study suggests an Intrusion prevention system which uses Support Vector machines(hereinafter referred to as SVM) as one of rule based Intrusion prevention system and Anomaly System in order to supplement these problems, When this compared with existing intrusion prevention system, show performance result that improve about 20% and could through intrusion prevention system that propose false positive minimize and know that can detect effectively about new variant attack.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.19-25
• /
• 2023

The current network environment provides a real-time interactive service from an initial one-way information prov ision service. Depending on the form of web-based information sharing, it is possible to provide various knowledge a nd services between users. However, in this web-based real-time information sharing environment, cases of damage by illegal attackers who exploit network vulnerabilities are increasing rapidly. In particular, for attackers who attempt a phishing attack, a link to the corresponding web page is induced after actively generating a forged web page to a user who needs a specific web page service. In this paper, we analyze whether users directly and actively forge a sp ecific site rather than a passive server-based detection method. For this purpose, it is possible to prevent leakage of important personal information of general users by detecting a disguised webpage of an attacker who induces illegal webpage access using traceback information

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.2
• /
• pp.287-293
• /
• 2009

This paper would suggest about data communicate using RF Transmitter-Receiver and about PC protection method authenticate using software of PC which Receiver is connected. Older PC protection system is demanded manual operation of the user but the suggesting method protect PC automatically with judge existing of the user who has Tag approaches the distance which gets near. And it is impossible about the forgery and it is safe about sniffing attack and spoofing.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.815-824
• /
• 2003

Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.4-6
• /
• 2002

네트워크의 광역화와 새로운 공격 유형의 발생으로 침입 탐지 시스템에서 새로운 시퀀스의 추가나 침입탐지 모델 구축의 수동적인 접근부분이 문제가 되고 있다. 특히 기존의 침입탐지 시스템들은 대량의 네트워크 하부구조를 가진 네트워크 정보를 수집 및 분석하는데 있어 각각 전담 시스템들이 담당하고 있다. 따라서 침입탐지 시스템에서 증가하는 많은 양의 감사데이터를 분석하여 다양한 공격 유형들에 대해서 능동적으로 대처할 수 있도록 하는 것이 필요하다. 최근, 침입 탐지 시스템에 데이터 마이닝 기법을 적용하여 능동적인 침입탐지시스템을 구축하고자 하는 연구들이 활발히 이루어지고 있다. 이 논문에서는 대량의 감사 데이터를 정확하고 효율적으로 분석하기 위한 마이닝 시스템을 설계하고 구현한다. 감사데이터는 트랜잭션데이터베이스와는 다른 특성을 가지는 데이터이므로 이를 고려한 마이닝 시스템을 설계하였다. 구현된 마이닝 시스템은 연관규칙 기법을 이용하여 감사데이터 속성간의 연관성을 탐사하고, 빈발 에피소드 기법을 적용하여 주어진 시간 내에서 상호 연관성 있게 발생한 이벤트들을 모음으로써 연속적인 시간간격 내에서 빈번하게 발생하는 사건들의 발견과 알려진 사건에서 시퀀스의 행동을 예측하거나 기술할 수 있는 규칙을 생성한 수 있다. 감사데이터의 마이닝 결과 생성된 규칙들은 능동적인 보안정책을 구축하는데 활용필 수 있다. 또한 데이터양의 감소로 침입 탐지시간을 최소화하는데도 기여한 것이다.

• The KIPS Transactions:PartC
• /
• v.10C no.7
• /
• pp.867-878
• /
• 2003

In thls Paper, we Propose a new scheme, protecting information about the location of a mobile user against attacks from inside users of the mobile communication, especially the network providers. There have already been some proposals about how to protect location information of user in mobile communication environments〔1-5〕. Among them, Kesdogan et al.〔2, 3〕 proposed a new method, using so-called temporary pseudonyms and also described protection method against a passive and an active attack of network providers. However, the description of protection method against the active attack between the two is not clear. Moreover, there is an additional load that it should append a reachability manager〔1, 6〕 to the proposed system. Therefore, we propose a new scheme improving the above method of Kesdogan et al. and analyze its security and effectiveness.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.4
• /
• pp.797-803
• /
• 2012

Recently demands in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on and much attention has been paid to the application of MANET as a Ubiquitous network which is growing fast. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing, but have vulnerable points, such as lack of network scalability and dynamic network topology due to mobility, passive attacks, active attacks, which make continuous security service impossible. In this study, hashed AODV routing is used to protect from counterfeiting messages by malicious nodes in the course of path finding and setting, and disguising misrouted messages as different mobile nodes and inputting them into the network.