• Journal of KIISE:Information Networking
• /
• v.31 no.5
• /
• pp.438-449
• /
• 2004

With the growing deployment of network and internet, the importance of security is also increased. But, recent intrusion detection systems which have an important position in security countermeasure can't provide proper analysis and effective defence mechanism. Instead, they have overwhelmed human operator by large volume of intrusion detection alerts. In this paper, we propose an efficient alert analysis system that can produce high level information by analyzing and processing the large volume of alerts and can detect large-scale attacks such as DDoS in early stage. And we have measured processing rate of each elementary module and carried out a scenario-based test in order to analyzing efficiency of our proposed system.

• Information and Communications Magazine
• /
• v.20 no.8
• /
• pp.89-99
• /
• 2003

• Proceedings of the KAIS Fall Conference
• /
• 2004.06a
• /
• pp.155-157
• /
• 2004

본 논문에서는 최근의 가장 대표적인 해킹 방법인 DDoS 공격도구들을 분석하고, DDoS 공격에 대한 기존에 제시된 대응방안들을 검토하여 보다 적절한 대응을 할 수 있는 DDoS 공격 탐지 및 대응 시스템을 설계한다. 제안된 시스템은 탐지 모듈에서 탐지된 공격에 대해 관리자에게 보고하여 적절한 대응을 하고 침입으로 판정되는 패킷들에 대해서는 필터링을 실시하여 네트워크 레벨에서 필터링하고 차단할 수 있는 장점을 살릴 수 있다.

• Journal of Korea Multimedia Society
• /
• v.10 no.8
• /
• pp.1052-1059
• /
• 2007

Network security system used in the large scale network composes individual security system which protects only own domain. Problems of individual security system are not to protect the backbone network and to be hard to cope with in real-time. In this paper we proposed a security system which includes security function at the router, and the access point, which exist at the backbone network, to solve the problems. This security system sends the alert messages to an integrated security management system after detecting intrusions. The integrated security management system releases confrontation plan to each suity system. Thus the systematic and immediate confrontation is possible. We analyzed function verification and efficiency by using the security system and the integrated security management system suggested in this paper. We confirmed this integrated security management system has a possibility of a systematic and immediate confrontation.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.13 no.2
• /
• pp.169-174
• /
• 2003

The trial and success of malicious cyber attacks has been increased rapidly with spreading of Internet and the activation of a internet shopping mall and the supply of an online, or an offline internet, so it is expected to make a problem more and more. The goal of intrusion detection is to identify unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators in real time. In fact, the general security system based on Internet couldn't cope with the attack properly, if ever. other regular systems have depended on common vaccine softwares to cope with the attack. But in this paper, we will use the positive selection and negative selection mechanism of T-cell, which is the biologically distributed autonomous system, to develop the self/nonself recognition algorithm and AIS (Artificial Immune System) that is easy to be concrete on the artificial system. For making it come true, we will apply AIS to the network environment, which is a computer security system.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.5
• /
• pp.411-416
• /
• 2002

Recently, the trial and success of malicious cyber attacks has been increased rapidly with spreading of Internet and the activation of a internet shopping mall and the supply of an online internet, so it is expected to make a problem more and more. Currently, the general security system based on Internet couldn't cope with the attack properly, if ever, other regular systems have depended on common softwares to cope with the attack. In this paper, we propose the positive selection mechanism and negative selection mechanism of T-cell, which is the biological distributed autonomous system, to develop the self/non-self recognition algorithm, the anomalous behavior detection algorithm, and AIS (Artificial Immune System) that is easy to be concrete on the artificial system. The proposed algorithm can cope with new intrusion as well as existing one to intrusion detection system in the network environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.412-415
• /
• 2004

As computers and networks become popular, corporation or country organization composes security network including various kinds information protection system to protect informations and resources from internet and is operating system and network. But current firewall and IDS(Intrusion Detection System) of the network level suffers from many vulnerabilities in internal computing informations and resources. In this paper, we design of ICMP-based Traceback System using a ICMP Traceback Message for efficiently traceback without change structure of routers. ICMP-based Traceback System. Create of ICMP message is managed by “Traceback Agent” mirroring port for router. Victim's systems that are received the message store it and “Traceback Manager” is detect a attack(like a DDoS). Using a information of this message starting a traceback and detecting a source of attacker, so response a attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.373-385
• /
• 2021

To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.1 s.33
• /
• pp.27-34
• /
• 2005

Current security reinforcement systems are Passive defense system that only blocks filter to all traffic from the attacker. So, Those are weak re-attack and Stepping Stones attack because active response about attacker is lacking. Also, present techniques of traceback need much time and manpower by log information collection and trace through the personal inspection and active response is lacking. In this paper, We propose technique for TCP connection traceback that can apply in present internet and trace to inserted marking on IP header to correspond re-attack and Stepping Stones attack. Therefore, Proposed technique is unnecessary correction of existing network component and can reduce size of marked information and overhead of resources.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.1049-1052
• /
• 2001

고가용 E-Business모델을 위해 구축된 나중 웹 클러스터 모델은 구조적 특성상 내부 시스템 노드들이 노출되어 있으며, 불법적인 3자에 의한 고의적인 방해와 공격으로 정상적인 작업수행이 불가능할 가능성을 지고 있다. 따라서 구성된 시스템 노드들을 보호하고 불법적인 사용자로부터의 정보유출과 부당한 서비스 요구를 효과적으로 대응할 수 있는 보안 시스템이 필요하나 제안한 분산 침입 탐지 시스템은 불법적인 침입을 탐지하기 위하여 일차적으로 Detection Agent를 이용한 작업요구 패킷의 검사를 수행하려, 이후 작업이 진행되었을 때 Monitoring Agent를 동하여 작업과정을 관찰하며 허용되지 않는 자원의 접근 및 요구가 발생하였을 때, 다른 시스템 노트와의 긴밀한 협조작업을 동해 침입여부를 판단한다.