• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1021-1026
• /
• 2015

Increasing of damage by phishing, government and organization response more rapidly. So phishing use malware and vulnerability for attack. Recently attack that use patch analysis is increased when Microsoft announce patches. Cause of that, researcher for security on defense need technology of patch analysis. But most patch analysis are develop for Microsoft's product. Increasing of mobile environment, necessary of patch analysis on mobile is increased. But ordinary patch analysis can not use mobile environment that there is many file and small size. So we suggest this research that use code filtering instead of Control Flow Graph and Abstract Syntax Tree.

• Journal of information and communication convergence engineering
• /
• v.12 no.1
• /
• pp.33-38
• /
• 2014

This paper investigates the shaping operation problem introduced by Callahan et al., namely the k-fragility maximization problem (k-FMP), whose goal is to find a subset of personals within a terrorist group such that the regeneration capability of the residual group without the personals is minimized. To improve the impact of the shaping operation, the degree centrality of the residual graph needs to be maximized. In this paper, we propose a new greedy algorithm for k-FMP. We discover some interesting discrete properties and use this to design a more thorough greedy algorithm for k-FMP. Our simulation result shows that the proposed algorithm outperforms Callahan et al.'s algorithm in terms of maximizing degree centrality. While our algorithm incurs higher running time (factor of k), given that the applications of the problem is expected to allow sufficient amount of time for thorough computation and k is expected to be much smaller than the size of input graph in reality, our algorithm has a better merit in practice.

• International Journal of Aeronautical and Space Sciences
• /
• v.18 no.3
• /
• pp.522-534
• /
• 2017

According to the characteristics of salvo attack for the multiple flight vehicles (MFV), the design of cooperative guidance law can be converted into the consensus problem of multi-vehicle system through the concept of multi-agent cooperative control. The flight vehicles can be divided into leader and followers depending on different functions, and the flight conditions of leader are independent of the ones of followers. The consensus problem of leader-follower multi-vehicle system is researched by graph theory, and the consensus protocol is also presented. Meanwhile, the finite time guidance law is designed for the flight vehicles via the finite time control method, and the system stability is also analyzed. Whereby, the guidance law can guarantee the line of sight (LOS) angular rates converge to zero in finite time, and hence the cooperative attack of the MFV can be realized. The effectiveness of the designed cooperative guidance method is validated through the simulation with a stationary target and a moving target, respectively.

• ETRI Journal
• /
• v.42 no.3
• /
• pp.433-445
• /
• 2020

A denial-of-service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application- and business-layer attacks, and vulnerability-analysis tools are unable to detect business-layer vulnerabilities (logic-related vulnerabilities). This paper presents the business-layer dynamic application security tester (BLDAST) as a dynamic, black-box vulnerability-analysis approach to identify the business-logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.123-128
• /
• 2010

Graph expression of attack scenarios is a necessary method for analysis of vulnerability in server as well as the design for defence against attack. Although various requirement analysis model are used for this expression, they are restrictive to express combination of complex scenarios. Role Based Petri Net suggested in this paper offer an efficient expression model based role on Petri Net which has the advantage of concurrency and visuality and can create unknown scenarios.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4176-4197
• /
• 2020

Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a similar target and activity pattern is called bot group activities. The detection of bot group activities using intrusion detection models can only detect single bot activities but cannot detect bots' behavioral relation on bot group attack. Detection of bot group activities could help network administrators isolate an activity or access a bot group attacks and determine the relations between bots that can measure the correlation. This paper proposed a new model to measure the similarity between bot activities using the intersections-probability concept to define bot group activities called as B-Corr Model. The B-Corr model consisted of several stages, such as extraction feature from bot activity flows, measurement of intersections between bots, and similarity value production. B-Corr model categorizes similar bots with a similar target to specify bot group activities. To achieve a more comprehensive view, the B-Corr model visualizes the similarity values between bots in the form of a similar bot graph. Furthermore, extensive experiments have been conducted using real botnet datasets with high detection accuracy in various scenarios.

• Journal of Convergence for Information Technology
• /
• v.11 no.4
• /
• pp.55-63
• /
• 2021

Recently, the incidence rate of malicious codes is over tens of thousands of cases, and it is known that it is almost impossible to detect/respond all of them. This study proposes a method for detecting multiple behavior patterns based on a graph database as a new method for dealing with malicious codes. Traditional dynamic analysis techniques and has applied a method to design and analyze graphs of representative associations malware pattern(process, PE, registry, etc.), another new graph model. As a result of the pattern verification, it was confirmed that the behavior of the basic malicious pattern was detected and the variant attack behavior(at least 5 steps), which was difficult to analyze in the past. In addition, as a result of the performance analysis, it was confirmed that the performance was improved by about 9.84 times or more compared to the relational database for complex patterns of 5 or more steps.

• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.205-213
• /
• 2019

Network robustness is one of the most important characteristics needed as the network. Over the military tactical communication network, robustness is a key function for maintaining attack phase constantly. Tactical Information Communication Network, called TICN, has mixed characteristics of lattice- and tree-type network topology, which looks somewhat weak in the viewpoint of network robustness. In this paper, we search articulation points and bridges in a current Tactical Information Communication Network using graph theory. To improve the weak points empirically searched, we try to add links to create the concrete network and then observe the change of network-based verification values through diminishing nodes. With these themes, we evaluate the generated networks through SNA techniques. Experimental results show that the generated networks' robustness is improved compared with current network structure.

• Journal of Convergence for Information Technology
• /
• v.9 no.8
• /
• pp.35-44
• /
• 2019

The purpose of this study is to find out quantitative vulnerability assessment about COTS(Commercial Off The Shelf) O/S based I&C System. This paper analyzed vulnerability's lifecycle and it's impact. this paper is to develop a quantitative assessment of overall cyber security risks and vulnerabilities I&C System by studying the vulnerability analysis and prediction method. The probabilistic vulnerability assessment method proposed in this study suggests a modeling method that enables setting priority of patches, threshold setting of vulnerable size, and attack path in a commercial OS-based measurement control system that is difficult to patch an immediate vulnerability.