• Title/Summary/Keyword: Attack behavior analysis

Search Result 93, Processing Time 0.031 seconds

EXPERIMENTAL REPRODUCTION AND NUMERICAL ANALYSIS OF THE SIDE FORCE ON AN OGIVE FOREBODY AT A HIGH ANGLE OF ATTACK (고받음각 동체에 발생하는 측력의 실험적 재현 및 수치적 분석)

  • Lee, E.S.;Lee, J.I.;Lee, K.S.
    • Journal of computational fluids engineering
    • /
    • v.18 no.1
    • /
    • pp.28-35
    • /
    • 2013
  • Behavior of the side force generated at high angles of attack by two ogive-cylinder bodies of revolution with nose fineness ratio of 2.3 (B1) and 3.5 (B2) and the effect of a strip placed close the nose tip of each body (B1S and B2S) are analyzed through the wind tunnel test at ReD=200,000 and a=42~60 deg. The side force generated by B1 is increased by placing a strip. The side force generated by B2 is in the starboard direction and its magnitude is higher than that of the B1S. The effect of the strips with various dimensions placed on B2 is investigated. It is found that the 4-layer strip placed on the starboard reversed the direction of the side force into port direction. It is confirmed by numerical simulations that the strip promotes the flow separation and increases the average pressure on the side where it is placed and consequently produces the side force in the corresponding direction.

WORM-HUNTER: A Worm Guard System using Software-defined Networking

  • Hu, Yixun;Zheng, Kangfeng;Wang, Xu;Yang, Yixian
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.1
    • /
    • pp.484-510
    • /
    • 2017
  • Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.

Numerical characterization of real railway overhead cables

  • Sanchez-Rebollo, Cristina;Velez, Enrique;Jimenez-Octavio, Jesus R.
    • Wind and Structures
    • /
    • v.21 no.1
    • /
    • pp.105-117
    • /
    • 2015
  • This paper presents a numerical characterization of real railway overhead cables based on computational fluid dynamics (CFD). Complete analysis of the aerodynamic coefficients of this type of cross section yields a more accurate modelling of pressure loads acting on moving cables than provided by current approaches used in design. Thus, the characterization of certain selected commercial cables is carried out in this work for different wind speeds and angles of attack. The aerodynamic lift and drag coefficients are herein determined for two different types of grooved cables, which establish a relevant data set for the railway industry. Finally, the influence of this characterization on the fluid-structure interaction (FSI) is proved, the static behavior of a catenary system is studied by means of the finite element method (FEM) in order to analyze the effect of different wind angles of attack on the stiffness distribution.

An Efficient Network Attack Visualization Using Security Quad and Cube

  • Chang, Beom-Hwan;Jeong, Chi-Yoon
    • ETRI Journal
    • /
    • v.33 no.5
    • /
    • pp.770-779
    • /
    • 2011
  • Security quad and cube (SQC) is a network attack analyzer that is capable of aggregating many different events into a single significant incident and visualizing these events in order to identify suspicious or illegitimate behavior. A network administrator recognizes network anomalies by analyzing the traffic data and alert messages generated in the security devices; however, it takes a lot of time to inspect and analyze them because the security devices generate an overwhelming amount of logs and security events. In this paper, we propose SQC, an efficient method for analyzing network security through visualization. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacks. In addition, by providing a detailed analysis of network attacks, this method can more precisely detect and distinguish them from normal events.

Behavior and Script Similarity-Based Cryptojacking Detection Framework Using Machine Learning (머신러닝을 활용한 행위 및 스크립트 유사도 기반 크립토재킹 탐지 프레임워크)

  • Lim, EunJi;Lee, EunYoung;Lee, IlGu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.6
    • /
    • pp.1105-1114
    • /
    • 2021
  • Due to the recent surge in popularity of cryptocurrency, the threat of cryptojacking, a malicious code for mining cryptocurrencies, is increasing. In particular, web-based cryptojacking is easy to attack because the victim can mine cryptocurrencies using the victim's PC resources just by accessing the website and simply adding mining scripts. The cryptojacking attack causes poor performance and malfunction. It can also cause hardware failure due to overheating and aging caused by mining. Cryptojacking is difficult for victims to recognize the damage, so research is needed to efficiently detect and block cryptojacking. In this work, we take representative distinct symptoms of cryptojacking as an indicator and propose a new architecture. We utilized the K-Nearst Neighbors(KNN) model, which trained computer performance indicators as behavior-based dynamic analysis techniques. In addition, a K-means model, which trained the frequency of malicious script words for script similarity-based static analysis techniques, was utilized. The KNN model had 99.6% accuracy, and the K-means model had a silhouette coefficient of 0.61 for normal clusters.

Stability behavior of the transmission line system under incremental dynamic wind load

  • Sarmasti, Hadi;Abedi, Karim;Chenaghlou, Mohammad Reza
    • Wind and Structures
    • /
    • v.31 no.6
    • /
    • pp.509-522
    • /
    • 2020
  • Wind load is the principal cause for a large number of the collapse of transmission lines around the world. The transmission line is traditionally designed for wind load according to a linear equivalent method, in which dynamic effects of wind are not appropriately included. Therefore, in the present study, incremental dynamic analysis is utilized to investigate the stability behavior of a 400 kV transmission line under wind load. In that case, the effects of vibration of cables and aerodynamic damping of cables were considered on the stability behavior of the transmission line. Superposition of the harmonic waves method was used to calculate the wind load. The corresponding wind speed to the beginning of the transmission line collapse was determined by incremental dynamic analysis. Also, the effect of the yawed wind was studied to determine the critical attack angle by the incremental dynamic method. The results show the collapse mechanisms of the transmission line and the maximum supportable wind speed, which is predicted 6m/s less than the design wind speed of the studied transmission line. Based on the numerical modeling results, a retrofitting method has been proposed to prevent failure of the tower members under design wind speed.

R2NET: Storage and Analysis of Attack Behavior Patterns

  • M.R., Amal;P., Venkadesh
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.2
    • /
    • pp.295-311
    • /
    • 2023
  • Cloud computing has evolved significantly, intending to provide users with fast, dependable, and low-cost services. With its development, malicious users have become increasingly capable of attacking both its internal and external security. To ensure the security of cloud services, encryption, authorization, firewalls, and intrusion detection systems have been employed. However, these single monitoring agents, are complex, time-consuming, and they do not detect ransomware and zero-day vulnerabilities on their own. An innovative Record and Replay-based hybrid Honeynet (R2NET) system has been developed to address this issue. Combining honeynet with Record and Replay (RR) technology, the system allows fine-grained analysis by delaying time-consuming analysis to the replay step. In addition, a machine learning algorithm is utilized to cluster the logs of attackers and store them in a database. So, the accessing time for analyzing the attack may be reduced which in turn increases the efficiency of the proposed framework. The R2NET framework is compared with existing methods such as EEHH net, HoneyDoc, Honeynet system, and AHDS. The proposed system achieves 7.60%, 9.78%%, 18.47%, and 31.52% more accuracy than EEHH net, HoneyDoc, Honeynet system, and AHDS methods.

Numerical technique for chloride ingress with cover concrete property and time effect

  • Lee, Bang Yeon;Ismail, Mohamed A.;Kim, Hyeok-Jung;Yoo, Sung-Won;Kwon, Seung-Jun
    • Computers and Concrete
    • /
    • v.20 no.2
    • /
    • pp.185-196
    • /
    • 2017
  • Durability problems initiated from steel corrosion are unseen but critical issues, so that many researches are focused on chloride penetration evaluation. Even if RC (Reinforced Concrete) structures are exposed to normal environment, chloride ingress varies with concrete surface conditions and exposed period. This paper presents an analysis technique for chloride behavior evaluation considering time effect on diffusion and surface conditions assumed as double-layered system. For evaluation of deteriorated surface condition, field investigation was performed for concrete pavement exposed to deicing agent for 18 years. In order to consider enhanced surface concrete, chloride profiles in surface-impregnated concretes exposed to chloride attack for 2 years from previous research were investigated. Through reverse analysis, effectively deteriorated/enhanced depth of surface and the related reduced/enlarged diffusion coefficient in the depth are simulated. The proposed analysis technique was evaluated to handle the chloride behavior more accurately considering changes of chloride ingress within surface layer and decreased diffusion coefficient with time. For the concrete surface exposed to deicing agent, the deteriorated depth and enlarged diffusion coefficient are evaluated to be 12.5~15.0 mm and 200% increasing diffusion coefficient, respectively. The results in concrete containing enhanced cover show 10.0~12.5 mm of impregnated depth and 85% reduction of chloride diffusion in tidal and submerged conditions.

Graph Database based Malware Behavior Detection Techniques (그래프 데이터베이스 기반 악성코드 행위 탐지 기법)

  • Choi, Do-Hyeon;Park, Jung-Oh
    • Journal of Convergence for Information Technology
    • /
    • v.11 no.4
    • /
    • pp.55-63
    • /
    • 2021
  • Recently, the incidence rate of malicious codes is over tens of thousands of cases, and it is known that it is almost impossible to detect/respond all of them. This study proposes a method for detecting multiple behavior patterns based on a graph database as a new method for dealing with malicious codes. Traditional dynamic analysis techniques and has applied a method to design and analyze graphs of representative associations malware pattern(process, PE, registry, etc.), another new graph model. As a result of the pattern verification, it was confirmed that the behavior of the basic malicious pattern was detected and the variant attack behavior(at least 5 steps), which was difficult to analyze in the past. In addition, as a result of the performance analysis, it was confirmed that the performance was improved by about 9.84 times or more compared to the relational database for complex patterns of 5 or more steps.

A Study on the Change of Capability and Behavior against Phishing Attack by Continuous Practical Simulation Training (지속적 실전형 모의훈련을 통한 피싱공격 대응역량 및 행동변화에 관한 연구)

  • Yoon, Duck-sang;Lee, Kyung-ho;Lim, Jong-in
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.267-279
    • /
    • 2017
  • This study emulated unscheduled phishing e-mails over a long period of time by imitating the manner in which external hackers attacked a group of employees in a company. We then measured and analyzed the recipient's ability to identify and respond to phishing e-mails as training progressed. In addition, we analyzed the changes in participants' response behavior when changing the external control condition between the training. As a result of the analysis, it was confirmed that the training duration had a positive (+) relationship with the employees' ability to identify phishing e-mails and the infection rate, and more employees read emails and infected with phishing attacks using social issues and seasonal events. It was also confirmed that reinforcement of internal control policy on infected persons affects positively (+) on the phishing attack response behavior of employees. Based on these results, we would like to suggest the right training method for each organization to enhance the ability of employees to cope with phishing attacks.