• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.622-627
• /
• 2022

This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1209-1212
• /
• 2010

본 논문은 클라우드 컴퓨팅 시스템을 안전하게 보호하기 위한 보안 시스템을 제안한다. 클라우드 컴퓨팅은 방대한 자원을 보유하고 있으며, 자원 가상화를 통해 다수의 사용자에게 그들이 원하는 서비스를 제공하는 시스템이다. 클라우드 컴퓨팅은 보유한 자원과 시스템내에 저장된 사용자들의 정보로 인해 공격자의 공격 대상이 되기 쉬우며, 공격이 성공할 경우 단일 컴퓨팅 시스템이나, 엔터프라이즈 컴퓨팅 시스템에서의 피해 규모에 비할 수 없는 막대한 손실을 일으킬 수 있다. 본 논문에서는 클라우드 컴퓨팅의 보안을 위협하는 다양한 공격들로부터 클라우드 컴퓨팅 시스템을 보호하기 위한 보안 시스템을 설계하고 제안한다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.5
• /
• pp.429-437
• /
• 2015

DDoS attacks have been used for paralyzing popular Internet services. Especially, amplification attacks have grown dramatically in recent years. Defending against amplification attacks is challenging since the attacks usually generate extremely hugh amount of traffic and attack traffic is coming from legitimate servers, which is hard to differentiate from normal traffic. Moreover, some of protocols used by amplification attacks are widely adopted in IoT devices so that the number of servers susceptible to amplification attacks will continue to increase. This paper studies on the analysis of amplification attack mechanisms in detail and proposes defense methodologies for scenarios where attackers, abused servers or victims are in a monitoring network.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.655-658
• /
• 2013

최근 피싱의 한 유형으로 등장한 파밍은 웹 사이트를 위조하여 개인정보를 탈취하는 공격이다. 신뢰받는 기관(금융, 정부 등)의 사이트로 위장하여 개인정보를 탈취하는 방식은 같으나 차이점은 피싱의 경우 유사 도메인을 이용하는 경우가 많아 사용자가 주의를 기울이면 공격을 피할 수 있다. 하지만, 파밍의 경우 DNS 스푸핑을 이용하여 사용자가 정확한 도메인주소(URL)를 입력 하더라도 공격자가 미리 만들어둔 위장 웹 서버로 접속이 되기 때문에 사용자가 주의 깊게 살펴보아도 공격을 인지하기 어렵다. 본 논문에서는 파밍 공격에 사용되는 DNS 스푸핑에 대해 논의하고 파밍 탐지기법에 대해 소개한다. 궁극적으로는 파밍 탐지기법들을 비교 및 분석한 후 실제 구현을 위해서 극복해야 할 한계점을 알아본다.

• Journal of the Korea Convergence Society
• /
• v.6 no.1
• /
• pp.85-91
• /
• 2015

Recently government has distributed precautionary measure and response procedures for smishing(SMS phishing), pharming, phishing, memory hacking and intensified Electronic Financial Transaction Act because of the sharp increase of electronic bank frauds. However, the methods of electronic bank frauds also developed and changed accordingly so much it becomes hard to cope with them. In contrast to earlier voice phishing targeted randomizing object, these new methods find out the personal information of targets and analyze them in detail making a big data base. And they are progressed into new kind of electronic bank frauds using those analyzed informations for voice phishing. This study analyze the attack method of voice phishing blended with the Big Data of personal informations and suggests response procedures for electronic bank frauds increasingly developed. Using the method to save meaningless data in a memory, attackers cannot deduct accurate information and try voice phishing properly even though they obtain personal information based on the Big Data. This study analyze newly developed social technologic attacks and suggests response procedures for them.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2021.06a
• /
• pp.4-6
• /
• 2021

MPEG(Moving Pictures Experts Group)에서는 딥러닝을 포함한 머신 비전과 관련하여 Video for machines 란 이름의 새로운 부호화 표준에 대한 논의를 진행하고 있다. VCM 에서는 기존의 비디오 부호화와 달리 머신을 기준으로 한 비디오 부호화를 목표로 한다. 본 논문에서는 적대적 공격 모델을 이용하여 VCM 부호화에 대해서 분석을 하고자 한다. 적대적 공격 모델 관점에서 비디오 부호화의 특성에 대해서 살펴보고, 이를 고려한 부호화 개발 방향에 대해 살펴본다.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.41 no.3
• /
• pp.59-72
• /
• 2004

In this paper, we classify various attacks that may damage the embedded watermark signal into waveform attack and synchronization attack. And for the specialized defense against the two kinds of attacks we propose a new watermarking scheme named as two layer watermarking method. It consists of a synchronization layer to prepare for the geometrical attack such as rotation and shift and a marking layer 0 embed the watermark signal actually. Namely, the synchronization layer only determines the target region where the watermark signal will be embedded or extracted. And the marking layer spreads the watermark signal over the image as the conventional watermarking methods do. Using the layered structure, the proposed method overcomes the problem that the conventional watermarking methods that do not use the original image at the verification side are most vulnerable to geometrical attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.924-926
• /
• 2011

악성코드의 지속적인 진화와 확대로 인해 악성코드 자체의 은닉 및 봇넷의 구성, C&C 서버의 구조뿐만 아니라 좀비 PC 를 이용한 DDoS 공격 방식에도 변화가 지속되고 있으며, 이에 대한 대등이 서비스 제공자에게 있어 가장 중요한 보호 이슈 중 하나로 대두되고 있다. 최근 이러한 DDoS 공격의 가장 일반적인 형태인 GET flooding 공격의 경우 리다이렉션 방법을 이용하여 회피하였지만, 최근들어 공격자가 일부 좀비 PC 를 이용하여 공격을 수행한 후 리다이렉션 페이지의 주소를 확보, C&C 서버를 통해 리다이렉션된 실제 응답페이지를 직접 공격하게 함으로써 이를 무력화 시키는 방법을 사용하고 있다. 본 논문은 호스트이름 변경, 페이지 주소 변경 등을 상황에 맞게 지속적으로 변경 적용하는 다이내믹 리다이렉션(Dynamic Redirection) 기법을 사용하여 효과적으로 리다이렉션 무력화 공격에 대응하는 방법을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.119-129
• /
• 2011

TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is $7{\times}10^{-6}$ seconds and we show 2Gbps wire-speed performance through a benchmark test.

• Journal of the Korea Society for Simulation
• /
• v.19 no.4
• /
• pp.139-149
• /
• 2010

Internet was designed for network scalability and best-effort service which makes all hosts connected to Internet to be vulnerable against attack. Many papers have been proposed about attack detection algorithms against the attack using IP spoofing and DoS/DDoS attack. Purpose of DoS/DDoS attack is achieved in short period after the attack begins. Therefore, DoS/DDoS attack should be detected as soon as possible. Attack detection algorithms using false alarm rates consist of the false negative rate and the false positive rate. Moreover, they are important metrics to evaluate the attack detections. In this paper, we analyze the performance of the attack detection algorithms using the impact of false negative rate and false positive rate variation to the normal traffic and the attack traffic by simulations. As the result of this, we find that the number of passed attack packets is in the proportion to the false negative rate and the number of passed normal packets is in the inverse proportion to the false positive rate. We also analyze the limits of attack detection due to the relation between the false negative rate and the false positive rate. Finally, we propose a solution to minimize the limits of attack detection algorithms by defining the network state using the ratio between the number of packets classified as attack packets and the number of packets classified as normal packets. We find the performance of attack detection algorithm is improved by passing the packets classified as attacks.