• Journal of Internet of Things and Convergence
• /
• v.9 no.1
• /
• pp.1-7
• /
• 2023

Cases in which personal terminals or servers are infected by ransomware are rapidly increasing. Ransomware uses a self-developed encryption module or combines existing symmetric key/public key encryption modules to illegally encrypt files stored in the victim system using a key known only to the attacker. Therefore, in order to decrypt it, it is necessary to know the value of the key used, and since the process of finding the decryption key takes a lot of time, financial costs are eventually paid. At this time, most of the ransomware malware is included in a hidden form in binary files, so when the program is executed, the user is infected with the malicious code without even knowing it. Therefore, in order to respond to ransomware attacks in the form of binary files, it is necessary to identify the encryption module used. Therefore, in this study, we developed a mechanism that can detect and identify by reverse analyzing the encryption module applied to the malicious code hidden in the binary file.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.1-14
• /
• 2010

IEEE 802.15.4[1] has been standardized for the physical layer and MAC layer of LR-PANs(Low Rate-Wireless Personal Area Networks) as a technology for operations with low power on sensor networks. The standardization is applied to the variety of applications in the shortrange wireless communication with limited output and performance, for example wireless sensor or virtual wire, but it includes vulnerabilities for various attacks because of the lack of security researches. In this paper, we analyze the vulnerabilities against the denial of sleep attacks on the MAC layer of IEEE 802.15.4, and propose a detection mechanism against it. In results, we analyzed the possibilities of denial of sleep attacks by the modification of superframe, the modification of CW(Contention Window), the process of channel scan or PAN association, and so on. Moreover, we comprehended that some of these attacks can mount even though the standardized security services such as encryption or authentication are performed. In addition to, we model for denial of sleep attacks by Beacon/Association Request messages, and propose a detection mechanism against them. This detection mechanism utilizes the management table consisting of the interval and node ID of request messages, and signal strength. In simulation results, we can show the effect of attacks, the detection possibility and performance superiorities of proposed mechanism.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.79-85
• /
• 2022

Anomaly detection is a method to detect and block abnormal data flows in general users' data sets. The previously known method is a method of detecting and defending an attack based on a signature using the signature of an already known attack. This has the advantage of a low false positive rate, but the problem is that it is very vulnerable to a zero-day vulnerability attack or a modified attack. However, in the case of anomaly detection, there is a disadvantage that the false positive rate is high, but it has the advantage of being able to identify, detect, and block zero-day vulnerability attacks or modified attacks, so related studies are being actively conducted. In this study, we want to deal with these anomaly detection mechanisms, and we propose a new mechanism that performs both anomaly detection and classification while supplementing the high false positive rate mentioned above. In this study, the experiment was conducted with five configurations considering the characteristics of various algorithms. As a result, the model showing the best accuracy was proposed as the result of this study. After detecting an attack by applying the Extra Tree and Three-layer ANN at the same time, the attack type is classified using the Extra Tree for the classified attack data. In this study, verification was performed on the NSL-KDD data set, and the accuracy was 99.8%, 99.1%, 98.9%, 98.7%, and 97.9% for Normal, Dos, Probe, U2R, and R2L, respectively. This configuration showed superior performance compared to other models.

• Review of KIISC
• /
• v.32 no.4
• /
• pp.7-17
• /
• 2022

운전자 보조 시스템을 통한 차량의 전자적인 제어를 위하여, 최근 차량에 탑재된 전자 제어 장치 (ECU; Electronic Control Unit)의 개수가 급증하고 있다. ECU는 효율적인 통신을 위해서 차량용 내부 네트워크인 CAN(Controller Area Network)을 이용한다. 하지만 CAN은 기밀성, 무결성, 접근 제어, 인증과 같은 보안 메커니즘이 고려되지 않은 상태로 설계되었기 때문에, 공격자가 네트워크에 쉽게 접근하여 메시지를 도청하거나 주입할 수 있다. 악의적인 메시지 주입은 차량 운전자 및 동승자의 안전에 심각한 피해를 안길 수 있기에, 최근에는 주입된 메시지를 식별하기 위한 침입 탐지 시스템(IDS; Intrusion Detection System)에 대한 연구가 발전해왔다. 특히 최근에는 AI(Artificial Intelligence) 기술을 이용한 IDS가 다수 제안되었다. 그러나 제안되는 기법들은 특정 공격 데이터셋에 한하여 평가되며, 각 기법에 대한 탐지 성능이 공정하게 평가되었는지를 확인하기 위한 평가 프레임워크가 부족한 상황이다. 따라서 본 논문에서는 machine learning/deep learning에 기반하여 제안된 차랑용 IDS 5가지를 선정하고, 기존에 공개된 데이터셋을 이용하여 제안된 기법들에 대한 비교 및 평가를 진행한다. 공격 데이터셋에는 CAN의 대표적인 4가지 공격 유형이 포함되어 있으며, 추가적으로 본 논문에서는 메시지 주기 유형을 활용한 공격 유형을 제안하고 해당 공격에 대한 탐지 성능을 평가한다.

• Review of KIISC
• /
• v.30 no.6
• /
• pp.31-38
• /
• 2020

2019년 NAS기반 5G 서비스가 국내에서 상용화 된지 1년 반이 지났다. 그동안 5G로의 전환에 따라 발생 될 수 있는 새로운 보안 위협에 대한 우려가 지속적으로 제기되었고, 현재 보안기술의 한계를 극복하기 위한 다양한 5G 보안 연구들이 다 각도로 시도되고 있다. 5G 보안은 이전 세대 보안과는 강한 보안 기능의 설계가 요구된다. 특히 5G 보안 위협 요소들을 식별하고 분석을 통한 5G 네트워크 및 서비스의 보안 아키텍처 설계가 중요한데, 이는 인증, 암호화, 침입탐지 등 기존 보안 메커니즘들이 새로운 5G 기술을 통합되고 수용될 수 있도록 유연하게 설계가 되어야 하기 때문이다. 본 논문에서는 해외 3GPP, NGMN, 5G Americas 분석한 5G 보안 요구사항을 살펴보고, 5G 네트워크의 구성요소별 보안 요구사항을 고찰하고자 한다.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.27 no.2
• /
• pp.198-207
• /
• 2016

Bistatric radar can perform detection and identification for stealth targets that are rarely detected by the conventional monostatic radar. However, high resolution range profile(HRRP) generated from the received signal in the bistatic radar cannot show exact range information of the target because the bistatic geometry lead to the distortions of the bistatic HRRP. In addition, electromagnetic scattering mechanisms of the target are varied depending on the bistatic geometry. Thus, efficient database construction is a crucial factor to achieve successful classification capability in bistatic target identification. In this paper, a database construction method based on realistic flight scenarios of a target, which provides a reliable identification performance for the monostatic radar, is applied to bistatic target identification. Then, the capability and efficiency of the method is analyzed. Simulation results show that reliable identification performance can be achieved using the database construction based on the flight scenarios when the target is a considerable distance away from the bistatic radar.

• The Journal of the Korea Contents Association
• /
• v.10 no.5
• /
• pp.45-51
• /
• 2010

Appearance of a cloned AP(Access Point) causes MS(Mobile Station) to break an association with a normal AP(Access Point). If signal power of the cloned AP is stronger than that of the normal AP, MS associates with the cloned AP. Therefore, MS is easily exposed to attackers who installed the cloned AP. In this paper, we distinguish cloned AP from normal AP by using the association time and frame sequence number between normal AP and MS, then isolates the cloned AP. The simulation by NS-2 shows that our mechanism isolates efficiently a cloned AP and builds safer wireless LAN environment.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.61-68
• /
• 2019

Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.