• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.179-185
• /
• 2012

This paper proposes a design of RSIDS(RST and SVM based Intrusion Detection System) using RST(Rough Set Theory) and SVM(Support Vector Machine) algorithm. The RSIDS consists of PrePro(PreProcessing) module, RRG(RST based Rule Generation) module, and SAD(SVM based Attack Detection) module. The PrePro module changes the collected information to the data format of RSIDS. The RRG module analyzes attack data, generates the rules of attacks, extracts attack information from the massive data by using these rules, and transfers the extracted attack information to the SAD module. The SAD module detects the attacks by using it, which the SAD module notifies to a manager. Therefore, compared to the existing SVM, the RSIDS improved average ADR(Attack Detection Ratio) from 77.71% to 85.28%, and reduced average FPR(False Positive ratio) from 13.25% to 9.87%. Thus, the RSIDS is estimated to have been improved, compared to the existing SVM.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4418-4437
• /
• 2017

In this paper a three-phase secure compressive sensing (CS) and received signal strength (RSS) based target localization approach is proposed to mitigate the effect of malicious node attack. RSS measurements are first arranged into a group of subsets where the same measurement can be included in multiple subsets. Intermediate target position estimates are then produced using individual subsets of RSS measurements and the CS technique. From the intermediate position estimates, the residual error vector and residual error square vector are formed. The least median of residual error square is utilized to define a verifier parameter. The selected residual error vector is utilized along with a threshold to determine whether a node or measurement is under attack. The final target positions are estimated by using only the attack-free measurements and the CS technique. Further, theoretical analysis is performed for parameter selection and computational complexity evaluation. Extensive simulation studies are carried out to demonstrate the advantage of the proposed CS-based secure localization approach over the existing algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1237-1246
• /
• 2020

Recently, several cache side channel attacks have been proposed to extract secret information by exploiting design flaws of the microarchitecture. The Flush+Reload attack, one of the cache side channel attack, can be applied to malicious application attacks due to its properties of high resolution and low noise. In this paper, we proposed a detection system, which detects the cache-based attacks using the PCM(Performance Counter Monitor) for monitoring CPU cache activity. Especially, we observed the variation of each counter value of PCM in case of two kinds of attacks, Spectre attack and secret recovering attack during AES encryption. As a result, we found that four hardware counters were sensitive to cache side channel attacks. Our detector based on machine learning including SVM(Support Vector Machine), RF(Random Forest) and MLP(Multi Level Perceptron) can detect the cache side channel attacks with high detection accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.83-97
• /
• 2021

Wireless sensors that make up the Wireless Sensor Network generally have extremely limited power and resources. The wireless sensor enters the sleep state at a certain interval to conserve power. The Sleep deflation attack is a deadly attack that consumes power by preventing wireless sensors from entering the sleep state, but there is no clear countermeasure. Thus, in this paper, using clustering-based binary search tree structure, the Sleep deprivation attack detection model is proposed. The model proposed in this paper utilizes one of the characteristics of both attack sensor nodes and normal sensor nodes which were classified using machine learning. The characteristics used for detection were determined using Long Short-Term Memory, Decision Tree, Support Vector Machine, and K-Nearest Neighbor. Thresholds for judging attack sensor nodes were then learned by applying the SVM. The determined features were used in the proposed algorithm to calculate the values for attack detection, and the threshold for determining the calculated values was derived by applying SVM.Through experiments, the detection model proposed showed a detection rate of 94% when 35% of the total sensor nodes were attack sensor nodes and improvement of up to 26% in power retention.

• Nuclear Engineering and Technology
• /
• v.45 no.5
• /
• pp.637-652
• /
• 2013

Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security.. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.997-1006
• /
• 2019

To overcome the difficulties and inefficiencies of the existing power analysis attack, we try to extract the secret key embedded in a cryptographic device using attack model based on MLP(Multi-Layer Perceptron) method. The target of our proposed power analysis attack is the AES-128 encryption module implemented on an 8-bit processor XMEGA128. We use the divide-and-conquer method in bytes to recover the whole 16 bytes secret key. As a result, the MLP-based power analysis attack can extract the secret key with the accuracy of 89.51%. Additionally, this MLP model has the 94.51% accuracy when the pre-processing method on power traces is applied. Compared to the machine leaning-based model SVM(Support Vector Machine), we show that the MLP can be a outstanding method in power analysis attacks due to excellent ability for feature extraction.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.727-746
• /
• 2018

The hash function RIPEMD-160 is a worldwide ISO/IEC standard and the hash function HAS-160 is the Korean hash standard and is widely used in Korea. On the basis of differential meet-in-the-middle attack and biclique technique, a preimage attack on 34-step RIPEMD-160 with message padding and a pseudo-preimage attack on 71-step HAS-160 without message padding are proposed. The former is the first preimage attack from the first step, the latter increases the best pseudo-preimage attack from the first step by 5 steps. Furthermore, we locate the linear spaces in another message words and exchange the bicliques construction process and the mask vector search process. A preimage attack on 35-step RIPEMD-160 and a preimage attack on 71-step HAS-160 are presented. Both of the attacks are from the intermediate step and satisfy the message padding. They improve the best preimage attacks from the intermediate step on step-reduced RIPEMD-160 and HAS-160 by 4 and 3 steps respectively. As far as we know, they are the best preimage and pseudo-preimage attacks on step-reduced RIPEMD-160 and HAS-160 respectively in terms of number of steps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.839-850
• /
• 2014

As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security equipments because the attack use a zero-day malware persistingly. In this paper, we propose a host based anomaly detection method to overcome the limitation of the conventional signature-based intrusion detection system. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. the vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative, respectively.

• 제어로봇시스템학회:학술대회논문집
• /
• 1997.10a
• /
• pp.612-616
• /
• 1997

In this paper, two kinds of controller are proposed for a soccer robot system.. One for Supervisor and defense mode, and the other for attack mode. Robot soccer game has very dynamic characteristics. Furthermore, there exist competitions between agents. The soccer-playing robot should take an appropriate action according to its surroundings. Initially, an attack mode controller using a vector field concept is designed, then a supervisor and a defense mode controller are designed with a Petri-net. The efficiency and applicability of the proposed controllers are demonstrated through a real robot soccer game(MiroSot 97).

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.49-57
• /
• 2017

IoT can be connected through a single network not only objects which can be connected to existing internet but also objects which has communication capability. This IoT environment will be a huge change to the existing communication paradigm. However, the big security problem must be solved in order to develop further IoT. Security mechanisms reflecting these characteristics should be applied because devices participating in the IoT have low processing ability and low power. In addition, devices which perform abnormal behaviors between objects should be also detected. Therefore, in this paper, we proposed D-IDS technique for efficient detection of malicious attack nodes between devices participating in the IoT. The proposed technique performs the central detection and distribution detection to improve the performance of attack detection. The central detection monitors the entire network traffic at the boundary router using SVM technique and detects abnormal behavior. And the distribution detection combines RSSI value and reliability of node and detects Sybil attack node. The performance of attack detection against malicious nodes is improved through the attack detection process. The superiority of the proposed technique can be verified by experiments.