• Journal of Korea Multimedia Society
• /
• v.9 no.8
• /
• pp.1037-1044
• /
• 2006

It's difficult to check cyber attacks and the performance of a security system in a real large-scale network. Generally, a new security system or the effect of a new security attack are checked by simulation. We use SSFNet to simulate our security system and cyber attack. SSFNet is an event-driven simulation tools based on process, which has a strength to be capable of expressing a large-scale network. But it doesn't offer any API's which can manipulate not only the related function of security but also the packet. In this paper, we developed a firewall and IPS class, used for a security system, and added to them components of SSFNet. The firewall is modelled a security system based on packet filtering. We checked the function of the firewall and the IPS with network modelled as using our SSFNet. The firewall blocks packets through rules of an address and port of packets. The result of this simulation shows that we can check a status of packets through a log screen of IPS installed in a router and confirm abnormal packet to be dropped.

• KIISE Transactions on Computing Practices
• /
• v.23 no.7
• /
• pp.397-407
• /
• 2017

Wireless networks make the users' work more convenient and efficient, but such networks can impair the availability of network resources and can cause leakage of important corporate information when there are security threats. In particular, damage has increased because of security attacks that take advantage of the vulnerabilities created by a wireless AP (Access Point). Public organizations and companies have gradually selected the WIPS (Wireless Intrusion Prevention System) to block wireless security threats and protect the internal network. However, it is very costly for other organizations and companies to introduce the WIPS solution. This paper proposes implementing a WIPS Sensor by using Raspberry Pi to reduce these costs and to block the various wireless LAN security threats. This implementation would protect corporate information and provide consistent services at a relatively reasonable price.

• Journal of Digital Contents Society
• /
• v.8 no.4
• /
• pp.483-489
• /
• 2007

The high availability of information security system shall be primarily studied in relation to the Next Generation Network(NGN) Information Security infrastructure, because it is very important to maintain availability at each moment as a variety of intrusions occur continuously. The high availability of the security system can be realized with the topology and configuration properly defined to fully utilize the recovery function of the security system in the thoroughly planned optimized method. The active-active high availability on the NGN information security infrastructure system in is assured by letting the failover mechanism operate upon the entire structure through the structural design and the implementation of functions. The proposed method reduces the system overload rating due to trouble packets and improves the status of connection by SNMP polling trap and the ICMP transport factor by ping packet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1129-1140
• /
• 2017

Unidirectional data transmission system, which allows physical one way transmission, removes the backward link physically to prevent the intrusion from the outside through the network. However, the system is difficult to apply to the environment requiring either backward transmissions or bi-directional communications. In this paper, we proposed Limited Two-way communications system, called as LimTway, which only allows outbound TCP two-way communications. LimTway uses two one-way links(forward, backward). While the forward one-way link is staying to be activated so that an allowed outbound UDP traffic could be transmitted one-way always, the backward one-way link is activated while allowed outbound TCP sessions are established. In order to prevent the intrusion from the outside during the period, the software of LimTway is designed to allow only the transmissions of both outbound TCP two-way communication traffics and outbound UDP traffics.

• Journal of Internet Computing and Services
• /
• v.14 no.2
• /
• pp.61-71
• /
• 2013

Until now, there have been various studies against Internet worms. Most of intrusion detection and prevention systems against Internet worms use detection rules, but these systems cannot respond to new Internet worms. For this reason, a malicious process control system which uses the fact that Internet worms multicast malicious packets was proposed. However, the greater the number of servers to be protected increases the cost of the malicious process control system, and the probability of detecting Internet worms attacking only some predetermined IP addresses is low. This paper presents a security framework that can reduce the cost of the malicious process control system and increase the probability of detecting Internet worms attacking only some predetermined IP addresses. In the proposed security framework, virtual machines are used to reduce the cost of control servers and unused IP addresses are used to increase the probability of detecting Internet worms attacking only some predetermined IP addresses. Therefore the proposed security framework can effectively respond to a variety of new Internet worms at lower cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.101-110
• /
• 2011

Recently, an attack to an application incapacitates the intrusion detection rule, the defense policy for a network and database and induces intrusion incidents. Thus, it is necessary to study integration security to ensure the security of an internal network and database from that attack. This article is about building an integration security system to prevent an attack to an application set with intrusion detection rules. It responds to network-based attack through detection, disperses attack with the internal integration security system through virtual clustering and load balancing, and sets up defense policy for attacking destination packets, analyzes and records attack packets, and updates rules through monitoring and analysis. Moreover, this study establishes defense policy according to attacking types to settle access traffic through virtual machine partition policy and suggests an integration security system applied to prevent attack and tests its defense. The result of this study is expected to provide practical data for integration security defense for hacking attack from outside.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.19-24
• /
• 2008

Common Criteria is a standard to estimate safety of information protection product such as network-level firewall system and intrusion detection system. Recently, CC version is changed from CC v.2.3 to CC v.3.1. CC v.3.1 estimation methodology requires a secured dictionary accomodation preparation for information protection product. In this research, progressed CC v3 base composition product test and research about vulnerability analysis method. Further, this paper presents specific plan sorting composition style information protection product examination methodology to existing principle and detailed methodology.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.1
• /
• pp.49-56
• /
• 2004

With the growing usage of the networks, the users in the Internet uses some kinds of web server. They confused that each web server uses the different user ID and passwords. To solve these problems, SSO (Single Sign-On) solution is introduced. We presents the modeling methods which are efficiently constructed the network management models. We constructed the intrusion detection systems and firewalls using the SSO. This architecture is efficient to manage the network usage and control. SSO solution designed on the small scale Intranet. CA server in the 550 that depends on PKI (Public Key Infrastructure) is used to issue the certificates. SHTTP based on SSL (Secure Socket Layer) is used to protect the data between certificate server and the intranet users.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.13 no.2
• /
• pp.449-456
• /
• 2018

The advent of cryptography has become a means of obtaining real monetary benefits to hackers, which has recently led to a surge in the number of Ransomware and the associated damage has increased significantly. It is expected that malicious codes will be expanded to new areas by meeting passwords, and Ransomware will be further increased in the future. To solve these problems, we need a model that can detect and block intrusion of Ransomware by analyzing the intrusion path of Ransomware. In this paper, we collect and analyze the data of Ransomware, and create and analyze Ransomware's color Petri net model.