• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.83-97
• /
• 2021

Wireless sensors that make up the Wireless Sensor Network generally have extremely limited power and resources. The wireless sensor enters the sleep state at a certain interval to conserve power. The Sleep deflation attack is a deadly attack that consumes power by preventing wireless sensors from entering the sleep state, but there is no clear countermeasure. Thus, in this paper, using clustering-based binary search tree structure, the Sleep deprivation attack detection model is proposed. The model proposed in this paper utilizes one of the characteristics of both attack sensor nodes and normal sensor nodes which were classified using machine learning. The characteristics used for detection were determined using Long Short-Term Memory, Decision Tree, Support Vector Machine, and K-Nearest Neighbor. Thresholds for judging attack sensor nodes were then learned by applying the SVM. The determined features were used in the proposed algorithm to calculate the values for attack detection, and the threshold for determining the calculated values was derived by applying SVM.Through experiments, the detection model proposed showed a detection rate of 94% when 35% of the total sensor nodes were attack sensor nodes and improvement of up to 26% in power retention.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.437-447
• /
• 2018

Virtual Reality (VR) is becoming a new standard in the game industry. PokeMon GO is a representative example of VR technology. The day after the launch of PokeMon Go in the U.S, It has achieved the highest number of iOS App Store downloads. This is an example of the power of VR. VR comprises gyroscopes, acceleration, tactile sensors, and so on. This allow users could be immersed in the game. As new technologies emerge, new and different threats are created. So we need to research the security of VR technology and game system. In this paper, we conduct a threat analysis for information assurance of VR device (Oculus Rift) and game system (Quake). We systematically analyze the threats (STRIDE, attack library, and attack tree). We propose security measures through DREAD. In addition, we use Visual Code Grepper (VCG) tool to find out logic errors and vulnerable functions in source code, and propose a method to solve them.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.73-79
• /
• 2023

Cyber threats are evolving and becoming more sophisticated with the development of new technologies, and consequently the number of service failures caused by DDoS attacks are continually increasing. Recently, DDoS attacks have numerous types of service failures by applying a large amount of traffic to the domain address of a specific service or server. In this paper, after generating the data of the Syn Flooding attack, which is the representative attack type of bandwidth exhaustion attack, the data were compared and analyzed using Random Forest, Decision Tree, Multi-Layer Perceptron, and KNN algorithms for the effective detection of attacks, and the optimal algorithm was derived. Based on this result, it will be useful to use as a technique for the detection policy of Syn Flooding attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.652-654
• /
• 2021

Attacks such as DDoS are detected by the intrusion detection system and can be prevented early. DDoS attack traffic was analyzed using the decision tree. Deterministic features with high importance were found, and the accuracy was verified by proceeding the decision tree for only those properties. And the contents of false positive and false negative traffic were analyzed. As a result, the accuracy of one attribute was 98% and the two attributes were 99.8%, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.657-673
• /
• 2019

As various IT and OT systems such as Electronic Chart Display and Information System and Automatic Identification System are used for ships, security elements that take into account even the ship's construction and navigation environment are required. However, cyber security research on the ship and shipbuilding ICT equipment industries is still lacking, and there is a lack of systematic methodologies through threat modeling. In this paper, the Data Flow Diagram was established in consideration of stakeholders approaching the ship system. Based on the Attack Library, which collects the security vulnerabilities and cases of ship systems, STRIDE methodologies and threat modeling using the Attack Tree are designed to identify possible threats from ships and to present ship cyber security measures.

• ETRI Journal
• /
• v.37 no.6
• /
• pp.1108-1119
• /
• 2015

Multicast communication of mobile ad hoc networks is vulnerable to internal attacks due to its routing structure and high scalability of its participants. Though existing intrusion detection systems (IDSs) act smartly to defend against attack strategies, adversaries also accordingly update their attacking plans intelligently so as to intervene in successful defending schemes. In our work, we present a novel indirect internal stealthy attack on a tree-based multicast routing protocol. Such an indirect stealthy attack intelligently makes neighbor nodes drop their routing-layer unicast control packets instead of processing or forwarding them. The adversary targets the collision avoidance mechanism of the Medium Access Control (MAC) protocol to indirectly affect the routing layer process. Simulation results show the success of this attacking strategy over the existing "stealthy attack in wireless ad hoc networks: detection and countermeasure (SADEC)" detection system. We design a cross-layer automata-based stealthy attack on multicast routing protocols (SAMRP) attacker detection system to identify and isolate the proposed attacker. NS-2 simulation and analytical results show the efficient performance, against an indirect internal stealthy attack, of SAMRP over the existing SADEC and BLM attacker detection systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.591-605
• /
• 2022

As drones are widely used, attack attempts using drone vulnerabilities are increasing, and drone security is growing in importance. This paper derives security requirements for reconnaissance drone delivered to government office through threat modeling. Threats are analyzed by the data flow of the drone and collecting possible vulnerabilities. Attack tree is built by analyzed threats. The security requirements were derived from the attack tree and compared with the security requirements suggested by national organizations. Utilizing the security requirements derived from this paper will help in the development and evaluation of secure drones.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.8
• /
• pp.878-882
• /
• 2010

DaaS model that surrogates their data has a problem of privacy leakage by service provider. In this paper, we analyze inference attack that can occur on encrypted data that consist of multiple column through index, and we suggest b-anonymity to protect data against inference attack. We use R+-tree technique to minimize false-positive that can happen when we use an index for efficiency of data processing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.3-17
• /
• 2007

Receiver access control scheme is proposed to protect multicast distribution tree from DoS(Denial-of Service) attack induced by unauthorized use of IGMP(Internet group management protocol), by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP(Content Provider), NSP(Network Service Provider), and group members.