• Journal of the Korea Society of Computer and Information
• /
• v.21 no.4
• /
• pp.31-38
• /
• 2016

The interface between servers and clients and system management in the cloud computing environment is different from the existing computing environment. The technology for information protection. Management and user authentication has become an important issue. For providing a more convenient service to users, SSO technology is applied to this cloud computing service. In the SSO service environment, system access using a single key facilitates access to several servers at the same time. This SSO authentication service technology is vulnerable to security of several systems, once the key is exposed. In this paper, we propose a technology to solve problems, which might be caused by single key authentication in SSO-based cloud computing access. This is a distributed agent authentication technology using a multiple SSO agent to reinforce user authentication using a single key in the SSO service environment. For user authentication reinforcement, phased access is applied and trackable log information is used when there is a security problem in system to provide a safe cloud computing service.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.25-30
• /
• 2011

MANET has a weak construction in security more because it is consisted of only moving nodes and doesn't have central management system. The DDoS attack is a serious attack among these attacks which threaten wireless network. The DDoS attack has various object and trick and become intelligent. In this paper, we propose the technique to raise DDoS detection rate by classifying abnormal traffic pattern. Cluster head performs sentinel agent after nodes which compose MANET are made into cluster. The decision tree is applied to detect abnormal traffic pattern after the sentinel agent collects all traffics and it judges traffic pattern and detects attack also. We confirm high attack detection rate of proposed detection technique in this study through experimentation.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.37 no.5
• /
• pp.117-124
• /
• 2000

As network security is coming up with significant problem after the major Internet sites were hacked nowadays, IDS (Intrusion Detection System) is considered as a next generation security solution for more trusted network and system security We propose the new IDS model which can detect intrusion in the expanded distribute environment in host level, drawback of existing IDS, and implement prototype. We used pattern extraction agent so that we extract automatically audit file needed in intrusion detection even in other Platforms.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.676-679
• /
• 2001

As network security is coning up with significant problem after the major Internet sites were hacked nowadays, IDS(Intrusion Detection System) is considered as a next generation security solution for more reliable network and system security rather than firewall. In this paper, we propose the new IDS model which tan detect intrusion in different systems as well as which ran make real-time detection of intrusion in the expanded distributed environment in host level of drawback of existing IDS. We implement its prototype and verify its validity. We use pattern extraction agent so that we can extract automatically audit file needed in distributed intrusion detection even in other platforms.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.431-439
• /
• 2010

The security systems using signatures cannot protect servers from new types of Internet worms. To protect servers from Internet worms, this paper proposes a system removing malicious processes and executable files without using signatures. The proposed system consists of control servers which offer the same services as those on protected servers, and agents which are installed on the protected servers. When a control server detects multicasting attacks of Internet worm, it sends information about the attacks to an agent. The agent kills malicious processes and removes executable files with this information. Because the proposed system do not use signatures, it can respond to new types of Internet worms effectively. When the proposed system is integrated with legacy security systems, the security of the protected server will be further enhanced.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.1
• /
• pp.71-81
• /
• 2009

To the cause of the development of IT technology and the Internet, information leakage of industry is also facing a serious situation. However, most of the existing techniques to prevent leakage of information disclosure after finding the cause of defense. Therefore, in this paper by adding information about the Hardware to offer a way to protect the information. User authentication information to access the data according to different security policies to reflect a little more to strengthen security. And the security agent for the data by using a log of all actions by the record was so easy to analyze. It also analyzes and apply the different scenarios possible. And the analysis of how to implement and how to block. The future without the use of security agents to be able to control access to data and H/W information will be updated for the study will be done.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.471-484
• /
• 2004

Recently. many projects have been actively implementing IPsec on the various Operating Systems for security of IPv6 network. But there is no existing tool that checks the IPsec-based systems, which provide IPsec services, work Properly and provide their network security services well In the IPv6 network. In this paper, we design SERDL(Security Evaluation Rule Description Language) and rule execution tool for evaluating security of the IPv6 network, and we provide implementation details. The system Is divided into following parts : User Interface part, Rule Execution Module part, DBMS part and agent that gathering information needed for security test.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1167-1177
• /
• 2019

In this paper, the improved security operation model based on the vulnerability database is studied. The proposed model consists of information protection equipment, vulnerability database, and a dashboard that visualizes and provides the results of interworking with detected logs. The evaluation of the model is analyzed by setting up a simulated attack scenario in a virtual infrastructure. In contrast to the traditional method, it is possible to respond quickly to threats of attacks specific to the security vulnerabilities that the asset has, and to find redundancy between detection rules with a secure agent, thereby creating an optimal detection rule.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.457-469
• /
• 2018

This study aimed to investigate the fundamental reasons for the presence of multi-homed host and the risks associated with such risky system. Furthermore, multi-homed host detection methods that have been researched and developed so far were compared and analyzed to determine areas for improvement. Based on the results, we propose the model of an improved automatic detection system and we implemented it. The experimental environment was configured to simulate the actual network configuration and endpoints of an organization employing network segmentation. And the functionality and performance of the detection system were finally measured while generating multi-homed hosts by category, after the developed detection system had been installed in the experiment environment. We confirmed that the system work correctly without false-positive, false-negative in the scope of this study. To the best of our knowledge, the presented detection system is the first academic work targeting multi-homed host under agent-based.

• Journal of Advanced Navigation Technology
• /
• v.11 no.2
• /
• pp.203-208
• /
• 2007

Because the networks and systems become more complex, the implementation of the security countermeasures for important Information Systems becomes more critical consideration. The designers and developers of the security policy should recognize the importance of building security countermeasures by using both technical and non-technical methods, such as personnel and operational facts. Security countermeasures may be made for formulating an effective overall security solution to address threats at all layers of the information infrastructure. But all these works can be done after assuming who is the threat agent. In this paper we identify the treat agents for information systems, summarize the characteristics of threat agents, and apply weighting factors to them.