• Journal of information and communication convergence engineering
• /
• v.6 no.3
• /
• pp.294-300
• /
• 2008

This study was conducted to investigate what to consider for active response in the intrusion detection system, how to implement active response, and 6-phase response models to respond actively, including the active response scheme to detect unknown attacks by using a traffic measuring engine and an anomaly detection engine.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.67-74
• /
• 2011

In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.1
• /
• pp.19-26
• /
• 2018

Recently, DDoS amplification attacks using servers that provide Microsoft Active Directory information using CLDAP protocol are increasing. Because CLDAP is an open standard application that allows a wide range of directory information to be accessed and maintained in a network, the server is characterized by its openness to the Internet. This can be exploited by the Reflector server to perform an amplification attack by an attacker. In addition, this attack can be attacked with a packet that is amplified 70 times more than the conventional UDP-based flooding attack, and it can block service to small and medium sized server. Therefore, in this paper, we propose an algorithm that can reduce the DDoS amplification attack using CLDAP server and implement the corresponding CLDAP server environment virtually, and implement and demonstrate the corresponding algorithm. This provides a way to ensure the availability of the server.

• Journal of Communications and Networks
• /
• v.15 no.1
• /
• pp.31-37
• /
• 2013

Mobile ad hoc networks (MANET) refers to a network designed for special applications for which it is difficult to use a backbone network. In MANETs, applications are mostly involved with sensitive and secret information. Since MANET assumes a trusted environment for routing, security is a major issue. In this paper we analyze the vulnerabilities of a pro-active routing protocol called optimized link state routing (OLSR) against a specific type of denial-of-service (DOS) attack called node isolation attack. Analyzing the attack, we propose a mechanism called enhanced OLSR (EOLSR) protocol which is a trust based technique to secure the OLSR nodes against the attack. Our technique is capable of finding whether a node is advertising correct topology information or not by verifying its Hello packets, thus detecting node isolation attacks. The experiment results show that our protocol is able to achieve routing security with 45% increase in packet delivery ratio and 44% reduction in packet loss rate when compared to standard OLSR under node isolation attack. Our technique is light weight because it doesn't involve high computational complexity for securing the network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.179-183
• /
• 2008

Recently, an efficient password-authenticated key exchange protocol based on RSA has been proposed by Park et al. with formal security proof. In this letter, we analyze their protocol, and show that it is not secure against an active adversary who performs a dictionary attack. Moreover, we analyze the performance of the proposed attack and show that the attack is a threatening attack against the protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4C
• /
• pp.559-569
• /
• 2004

It has become more difficult to correspond an cyber attack quickly as a pattern of attack becomes various and complex. And, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture make possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service) using active packet technology including a mobile sensor on active network. Active Security Management System based on proposed security architecture consists of active security node and active security server in a security zone, and is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of Active Security Management System. The experimentation results are analyzed.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.959-970
• /
• 2004

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current so curity mechanisms just have passive defense functionalities. In this paper, we propose new network suity architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We im-plemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.3
• /
• pp.30-37
• /
• 2005

Ad hoc network is a collection of mobile nodes without using any infrastructure, it , is using in the various fields. Because ad hoc network is vulnerable to attacks such as routing disruption and resource consumption, it is in need of routing protocol security. In this paper, we propose two secure route-discovery protocols. One is a protocol using hash function. This protocol is weak in active attack but has some merits such as small data of transmission packet and small computation at each hop. The other is a protocol using hash function and public key cryptography. This protocol is strong in active attack.

• Journal of Internet Computing and Services
• /
• v.16 no.2
• /
• pp.27-40
• /
• 2015

Inferring firewall policy is to discover firewall policy by analyzing response packets as results of active probing without any prior information. However, a brute-force approach for generating probing packets is unavailable because the probing packets may be regarded as attack traffic and blocked by attack detection threshold of a firewall. In this paper, we propose a firewall policy inference method using an efficient probing algorithm which considers the number of source IP addresses, maximum probing packets per second and interval size of adjacent sweep lines as inference parameters to avoid detection. We then verify whether the generated probing packets are classified as network attack patterns by a firewall, and present the result of evaluation of the correctness by comparing original firewall policy with inferred firewall policy.

• Journal of the Chungcheong Mathematical Society
• /
• v.21 no.3
• /
• pp.403-411
• /
• 2008

In 2005, A. Saxena, B. Soh and S. Priymak [10] proposed a two-flow blind identification protocol. But it has a weakness of the active-intruder attack and uses the pairing operation that causes slow implementation in smart cards. In 2008, Y. W. Lee [9] made a method of the active-intruder attack on their identification scheme and proposed a new zero-knowledge blind identification protocol for smart cards. In this paper, we give more simple and fast protocols than above protocols such that the prover using computationally limited devices such as smart cards has no need of computing the bilinear pairings. Computing the bilinear pairings is needed only for the verifier and is secure assuming the hardness of the Discrete-Logarithm Problem (DLP).