• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.11-18
• /
• 2017

Now the ways in which information is exchanged by computers are changing, a variety of this information exchange method also requires corresponding change of responding to an illegal attack. Among these illegal attacks, the IP spoofing attack refers to the attack whose process are accompanied by DDoS attack and resource exhaustion attack. The way to detect an IP spoofing attack is by using traceback information. The basic traceback information analysis method is implemented by comparing and analyzing the normal router information from client with routing information existing in routing path on the server. There fore, Such an attack detection method use all routing IP information on the path in a sequential comparison. It's difficulty to responding with rapidly changing attacks in time. In this paper, all IP addresses on the path to compute in a coordinate manner. Based on this, it was possible to analyze the traceback information to improve the number of traceback required for attack detection.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.31-36
• /
• 2016

Sniffing attack is a passive attack which is reassembling packets to collect personal information, bank accounting number, and other important information. Sniffing attack happens in LAN and uses promiscuous mode which is opening filtering by pass all packets in LAN, attackers could catch any packets in LAN, so they can manipulate packets. They are Switch Jamming, Port mirroring, ARP Redirect, and ICMP Redirect attack. To defend these attacks, I proposed to use SSL packet encryption, reconfiguration of switching environment, DNS, and decoy method for defending all kinds of Sniffing attacks.

• Journal of Convergence Society for SMB
• /
• v.5 no.1
• /
• pp.25-30
• /
• 2015

The APT attacks are hackers created a variety of security threats will continue to attack applied to the network of a particular company or organization. It referred to as intelligent sustained attack. After securing your PC after a particular organization's internal staff access to internal server or database through the PC or remove and destroy the confidential information. The APT attack is so large, there are two zero-day attacks and rootkits. APT is a process of penetration attack, search, acquisition, and is divided into outlet Step 4. It was defined in two ways how you can respond to APT through the process. Technical descriptions were divided into ways to delay the attacker's malicious code attacks time and plan for attacks to be detected and removed through.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.9-19
• /
• 2015

The Android operating system is exposed to a phishing attack of stealing private information that a user enters into a web page. We have discovered two security vulnerabilities of the phishing attack. First, an always-on-top scheme allows malware to place a transparent user interface (UI) on the current top screen and intercept a user input. Second, the Android provides some APIs that allow malware to obtain the information of a currently visited web page. This paper introduces a phishing that attacks a web page by exploiting the two vulnerabilities. The attack detects a visit to a security-relevant web page and steals private information from the web page. Our experiments on popular web sites reveal that the attack is significantly accurate and dangerous.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.41-46
• /
• 2013

Routing protocol using in the existing wire network cannot be used as it is for efficient data transmission in MANET. Because it consists of only mobile nodes, network topology is changing dynamically. Therefore, each mobile node must perform router functions. Variety of routing attack like DoS in MANET is present owing to these characteristic. In this paper, we proposed cooperative-based detection method to improve detection performance of flooding attack which paralyzes network by consuming resource. Accurate attack detection is done as per calculated adaptively threshold value considered the amount of all network traffic and the number of nodes. All the mobile nodes used a table called NHT to perform collaborative detection and apply cluster structure to the center surveillance of traffic.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.52-57
• /
• 2019

DNS stands for 'Domain Name System' and uses IP addresses to identify devices connected to the network on the network. IP is a protocol that registers and manages aliases such as IPs because it is difficult for general users to remember. In recent years, the abuse of such DNS is increasing abroad, and behind the scenes, called 'DNS pionage,' are developing and evolving new rules and malware. DNSpionage attack is abusing DNS system such as Increasing hacking success rate, leading to fake sites, changing or forged data. As a result it is increasing the damage cases. As the global DNS system is expanding to the extent that it is out of control. Therefore, in this research, the countermeasures of DNSpionage attack is proposed to contribute to build a secure and efficient DNS system.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.33-43
• /
• 2018

In this paper, we want to solve the problems that users want to search the progress of attack, continuity of attack, association between attackers and victims, blocking priority and countermeasures by using visualization interface with multi-rotational axis and radial axis structure. It is possible to effectively monitor and track security events by arranging a time series event based on a multi-rotational axis structured by an event generation order, a subject of an event, an event type, and an emission axis, which is an objective time indicating progress of individual events. The proposed interface is a practical visualization interface that can apply attack blocking and defense measures by providing the progress and progress of the whole attack, the details and continuity of individual attacks, and the relationship between attacker and victim in one screen.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3671-3689
• /
• 2019

Software defined networking brings unique security risks such as control plane saturation attack while enhancing the performance of wireless sensor networks. The attack is a new type of distributed denial of service (DDoS) attack, which is easy to launch. However, it is difficult to detect and hard to defend. In response to this, the attack threat model is discussed firstly, and then a DDoS attack prevention extension, called FuzzyGuard, is proposed. In FuzzyGuard, a control network with both the protection of data flow and the convergence of attack flow is constructed in the data plane by using the idea of independent routing control flow. Then, the attack detection is implemented by fuzzy inference method to output the current security state of the network. Different probabilistic suppression modes are adopted subsequently to deal with the attack flow to cost-effectively reduce the impact of the attack on the network. The prototype is implemented on SDN-WISE and the simulation experiment is carried out. The evaluation results show that FuzzyGuard could effectively protect the normal forwarding of data flow in the attacked state and has a good defensive effect on the control plane saturation attack with lower resource requirements.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.103-110
• /
• 2019

Recently security related attacks occur in very diverse ways, aiming at people who operate the system rather than the system itself by exploiting vulnerabilities of the system. However, to the our best knowledge, there has been very few works to analyze and strategically to deal with the risks of social engineering attacks targeting people. In this paper, in order to access risks of social engineering attacks we analyze those attacks in terms of attack routes, attack means, attack steps, attack tools, attack goals. Then, with the purpose of accessing the organizational risks we consider the characteristics and environments of the organizations because the impacts of attacks on the organizations obviously depend on the characteristics and environments of the organizations. In addition, we analyze general attack risk assessment methods such as CVSS, CWSS, and OWASP Risk Rating Methodolog. Finally, we propose the risk access scheme of social engineering attacks for the organizations. The proposed scheme allows each organization to take its own proper actions to address social engineering attacks according to the changes of its environments.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.279-285
• /
• 2015

In this paper, we present the design and implementation of a realtime DNS Query Analysis System to detect and to protect from DNS attacks. The proposed system uses mirroring to collect data in DMZ, then analizes the collected data. As a result of the analysis, if the proposed system finds attack information, the information is used as a filtering information of firewall. statistic of the collected data is viewed as a realtime monitoring information on the web. To verify the effictiveness of the proposed system, we have built the proposed system and conducted some experiments. As the result, Our proposed system can be used effectively to defend DNS spoofing, DNS flooding attack, DNS amplification attack, can prevent interior network's attackers from attacking and provides realtime DNS query statistic information and geographic information for monitoring DNS query using GeoIP API and Google API. It can be useful information for ICT convergence and the future work.