• Title/Summary/Keyword: Attack Detection

Search Result 887, Processing Time 0.031 seconds

Seamless Lawful Interception Handover for 3G IP Multimedia Subsystem (IMS)

  • In, Hoh Peter;Lee, Myoung-Rak;Kim, Do-Hoon;Kim, Nung-Hoe;Yoon, Byung-Sik
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.7
    • /
    • pp.1329-1345
    • /
    • 2011
  • After the 9.11 terror attack, lawful Interception (LI) has emerged as an important tool for anti-terrorist activity. Law enforcement agents and administrative government bodies effectively monitor suspicious target users of permanent IP-based network devices by LI in Packet Data Networks (PDNs). However, it is difficult to perform LI in monitoring migrating users from a location to another, who change their IPs due to the proliferation of portable Internet devices enabling 3G IP Multimedia Subsystems (IMS). The existing, manual handover technique in 3G IMS makes it even more difficult to continue the LI activities due to time-lag reissuance of LI authority warrants when the target users move to a new LI jurisdiction via a roaming service. Our proposed model is a seamless LI handover mechanism in 3G IMS to support mobility detection of the target users. The LI warrants are transferred to the new LI agent automatically with the target users when they move to a new LI jurisdiction. Thus, time-lag human intervention of reissuance of the LI warrants is removed and enables the LI authorities to continue monitoring. In the simulation of our proposed mechanism, the quality of lawful interception achieves a mean score of over 97.5% out of the possible 100% maximum score, whereas the quality of the existing mechanism has a mean score of 22.725%.

Ransomware Detection and Recovery System Based on Cloud Storage through File System Monitoring (파일 시스템 모니터링을 통한 클라우드 스토리지 기반 랜섬웨어 탐지 및 복구 시스템)

  • Kim, Juhwan;Choi, Min-Jun;Yun, Joobeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.2
    • /
    • pp.357-367
    • /
    • 2018
  • As information technology of modern society develops, various malicious codes with the purpose of seizing or destroying important system information are developing together. Among them, ransomware is a typical malicious code that prevents access to user's resources. Although researches on detecting ransomware performing encryption have been conducted a lot in recent years, no additional methods have been proposed to recover damaged files after an attack. Also, because the similarity comparison technique was used without considering the repeated encryption, it is highly likely to be recognized as a normal behavior. Therefore, this paper implements a filter driver to control the file system and performs a similarity comparison method that is verified based on the analysis of the encryption pattern of the ransomware. We propose a system to detect the malicious process of the accessed process and recover the damaged file based on the cloud storage.

A Study on Online Fraud and Abusing Detection Technology Using Web-Based Device Fingerprinting (웹 기반 디바이스 핑거프린팅을 이용한 온라인사기 및 어뷰징 탐지기술에 관한 연구)

  • Jang, Seok-eun;Park, Soon-tai;Lee, Sang-joon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1179-1195
    • /
    • 2018
  • Recently, a variety of attacks on web services have been occurring through a multiple access environment such as PC, tablet, and smartphone. These attacks are causing various subsequent damages such as online fraud transactions, takeovers and theft of accounts, fraudulent logins, and information leakage through web service vulnerabilities. Creating a new fake account for Fraud attacks, hijacking accounts, and bypassing IP while using other usernames or email addresses is a relatively easy attack method, but it is not easy to detect and block these attacks. In this paper, we have studied a method to detect online fraud transaction and obsession by identifying and managing devices accessing web service using web-based device fingerprinting. In particular, it has been proposed to identify devices and to manage them by scoring process. In order to secure the validity of the proposed scheme, we analyzed the application cases and proved that they can effectively defend against various attacks because they actively cope with online fraud and obtain visibility of user accounts.

Enhancement of Sampling Based DDoS Detecting System for SDN (소프트웨어 정의 네트워크를 위한 샘플링 기반 서비스거부공격 탐지 시스템 개선)

  • Nguyen, Sinhngoc;Choi, Jintae;Kim, Kyungbaek
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2017.04a
    • /
    • pp.315-318
    • /
    • 2017
  • Nowadays, Distributed Denial of Service (DDoS) attacks have gained increasing popularity and have been a major factor in a number of massive cyber-attacks. It could easily exhaust the computing and communicating resources of a victim within a short period of time. Therefore, we have to find the method to detect and prevent the DDoS attack. Recently, there have been some researches that provide the methods to resolve above problem, but it still gets some limitations such as low performance of detecting and preventing, scope of method, most of them just use on cloud server instead of network, and the reliability in the network. In this paper, we propose solutions for (1) handling multiple DDoS attacks from multiple IP address and (2) handling the suspicious attacks in the network. For the first solution, we assume that there are multiple attacks from many sources at a times, it should be handled to avoid the conflict when we setup the preventing rule to switches. In the other, there are many attacks traffic with the low volume and same destination address. Although the traffic at each node is not much, the traffic at the destination is much more. So it is hard to detect that suspicious traffic with the sampling based method at each node, our method reroute the traffic to another server and make the analysis to check it deeply.

Fragile Watermarking for Image Authentication and Detecting Image Modification (영상 인증과 변형 검출을 위한 Fragile 워터마킹)

  • Woo, Chan-Il;Jeon, Se-Gil
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.3
    • /
    • pp.459-465
    • /
    • 2009
  • Digital watermarking is a technique to insert a visually imperceptible information into an image so that the information can be extracted for the purposes of ownership verification or authentication. And watermarking techniques can be classified as either fragile or robust. Robust watermarks are useful for copyright and ownership assertion purposes. They cannot be easily removed and should resist common image manipulation procedures such as rotation, scaling, cropping, etc. On the other hand, fragile watermarks are easily corrupted by any image processing procedure, it can detect any change to an image as well as localizing the areas that have been changed. In this paper, we propose a fragile watermarking algorithm using a special hierarchical structure for integrity verification of image and detection of manipulated location. In the proposed method, the image to be watermarked is divided into blocks in a multi-level hierarchy and calculating block digital signatures in this hierarchy. The proposed method thwarts the cut-and-paste attack and the experimental results to demonstrate the effectiveness of the proposed method.

  • PDF

Detection of Forgery of Mobile App and Study on Countermeasure (모바일 단말기 앱의 위·변조 탐지 및 대응방안 연구)

  • Jung, Hyun Soo;Chae, Gyoo-Soo
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.3
    • /
    • pp.27-31
    • /
    • 2015
  • As the number of smartphone users is increasing with the development of mobile devices, the range of monetary transaction from the individual use is increasing. Therefore, hacking methods are diversified and the information forgery of mobile devices has been a current issue. The forgery via apps in mobile devices is a hacking method that creates an app similar to well-known apps to deceive the users. The forgery attack corresponds to the violation of integrity, one of three elements of security. Due to the forgery, the value and credibility of an app decreases with the risk increased. With the forgery in app, private information and data can be stolen and the financial losses can occur. This paper examined the forgery, and suggested a way to detect it, and sought the countermeasure to the forgery.

  • PDF

The danger and vulnerability of eavesdropping by using loud-speakers (스피커를 이용한 도청 위험에 대한 연구)

  • Lee, Seung Joon;Ha, Young Mok;Jo, Hyun Ju;Yoon, Ji Won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1157-1167
    • /
    • 2013
  • The development of electronic devices has recently led to many problems such as personal information rape and leakage of business information. Conventional loud-speakers have been generally used to output devices. It can be, however, operated as a micro-phone which was abused as a means for eavesdropping since the speaker and microphone have basically the equivalent structure. Most importantly, the general peoples are not aware of the approaching danger about using speaker as microphone. And, traditional eavesdropping detection equipment does not check the attack. In this paper, we demonstrate that there is a serious danger and vulnerability in using loud-speakers since they can be used as eavesdropping devices.

The Detection System for Hosts infected Malware through Behavior information of NAC post-connect (NAC 의 post-connect에서 행위정보를 사용한 악성코드 감염 호스트 탐지 시스템)

  • Han, Myung-Mook;Sun, Jong-Hyun
    • The Journal of Korean Association of Computer Education
    • /
    • v.13 no.6
    • /
    • pp.91-98
    • /
    • 2010
  • NAC(Network Access Control) has been developed as a solution for the security of end-point user, to be a target computer of worm attack which does not use security patch of OS and install Anti-Virus, which spreads the viruses in the Intra-net. Currently the NAC products in market have a sufficient technology of pre-connect, but insufficient one of post-connect which detects the threats after the connect through regular authentication. Therefore NAC users have been suffered from Zero-day attacks and malware infection. In this paper, to solve the problems in the post-connect step we generate the normal behavior profiles using the traffic information of each host, host information through agent, information of open port and network configuration modification through network scanner addition to authentication of host and inspection of policy violation used before. Based on these we propose the system to detect the hosts infected malware.

  • PDF

Digital image watermarking techniques using multiresolution wavelet transform in Sequency domain (다해상도 웨이브렛 변환을 사용한 주파수 영역에서의 디지털 영상 워터마킹 기법)

  • 신종홍;연현숙;지인호
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.26 no.12A
    • /
    • pp.2074-2084
    • /
    • 2001
  • la this paper, a new digital watermarking algorithm using wavelet transform in frequency domain is suggested. The wavelet coefficients of low frequency subband are utilized to embed the watermark, After the original image is transformed using discrete wavelet transform, their coefficients are transformed into efficient1y in Sequency domain. DCT and FFT transforms are utilized in this processing. Watermark image of general image format is transformed using DCT and the hiding watermark into wavelet coefficients is equally distributed in frequency domain. Next, these wavelet coefficients are performed with inverse transform. The detection process of watermark is performed with reverse direction to insertion process. In this paper, we developed core watermark technologies which are a data hiding technology to hide unique logo mark which symbolizes the copyright and a robust protection technology to protect logo data from external attack like as compression, filtering, resampling, cropping. The experimental results show that two suggested watermarking technologies are invisible and robust.

  • PDF

Detection and Prevention Method by Analyzing Malignant Code of Malignant Bot (악성 Bot에 대한 악성코드 분석을 통한 탐지 및 대응방안)

  • Kim, Soeui;Choi, Duri;An, Beongku
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.13 no.2
    • /
    • pp.199-207
    • /
    • 2013
  • Recently, hacking is seen as a criminal activity beyond an activity associated with curiosity in the beginning. The malignant bot which is used as an attack technique is one of the examples. Malignant Bot is one of IRC Bots and it leaks user's information with attacker's command by attacking specified IP range. This paper will discuss an access method and a movement process by analyzing shadowbot which is a kind of a malignant Bot and will suggest possible countermeasure. This study has two distinct features. First, we analyze malignant Bot by analyzing tools such as VM ware. Second, we formulate a hypothesis and will suggest possible countermeasure through analyzing malignant Bot's access method and movement. Performance evaluation will be conducted by applying possible countermeasure to see if it can prevent attacks from malignant bot.