• The KIPS Transactions:PartC
• /
• v.14C no.3 s.113
• /
• pp.229-238
• /
• 2007

Sensor networks consist of many tiny sensor nodes that collaborate among themselves to collect, process, analyze, and disseminate data. In sensor networks, sensor nodes are typically powered by batteries, and have limited computing resources. Moreover, the redeployment of nodes by energy exhaustion or their movement makes network topology change dynamically. These features incur problems that do not appear in traditional, wired networks. Security in sensor networks is challenging problem due to the nature of wireless communication and the lack of resources. Several efforts are underway to provide security services in sensor networks, but most of them are preventive approaches based on cryptography. However, sensor nodes are extremely vulnerable to capture or key compromise. To ensure the security of the network, it is critical to develop suity mechanisms that can survive malicious attacks from "insiders" who have access to the keying materials or the full control of some nodes. In order to protect against insider attacks, it is necessary to understand how an insider can attack a sensor network. Several attacks have been discussed in the literature. However, insider attacks in general have not been thoroughly studied and verified. In this paper, we study the insider attacks against routing protocols in sensor networks using the Ad-hoc On-Demand Distance Vector (AODV) protocol. We identify the goals of attack, and then study how to achieve these goals by modifying of the routing messages. Finally, with the simulation we study how an attacker affects the sensor networks. After we understand the features of inside attacker, we propose a detect mechanism using hop count information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.669-677
• /
• 2020

As the number of Internet users exploded, attacks on the web increased. In addition, the attack patterns have been diversified to bypass existing defense techniques. Traditional web firewalls are difficult to detect attacks of unknown patterns.Therefore, the method of detecting abnormal behavior by artificial intelligence has been studied as an alternative. Specifically, attempts have been made to apply natural language processing techniques because the type of script or query being exploited consists of text. However, because there are many unknown words in scripts and queries, natural language processing requires a different approach. In this paper, we propose a new classification model which uses byte pair encoding (BPE) technology to learn the embedding vector, that is often used for web attack payloads, and uses an attention mechanism-based Bi-GRU neural network to extract a set of tokens that learn their order and importance. For major web attacks such as SQL injection, cross-site scripting, and command injection attacks, the accuracy of the proposed classification method is about 0.9990 and its accuracy outperforms the model suggested in the previous study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.431-444
• /
• 2013

Widespread use of smartphones and wireless LAN accompany a threat called rogue AP. When a user connects to a rogue AP, the rogue AP can mount the man-in-the-middle attack against the user, so it can easily acquire user's private information. Many researches have been conducted on how to detect a various kinds of rogue APs, and in this paper, we are going to propose an algorithm to identify and detect a rogue AP that impersonates a regular AP by showing a regular AP's SSID and connecting to a regular AP. User is deceived easily because the rogue AP's SSID looks the same as that of a regular AP. To detect this type of rogue APs, we use a machine learning algorithm called SVM(Support Vector Machine). Our algorithm detects rogue APs with more than 90% accuracy, and also adjusts automatically detection criteria. We show the performance of our algorithm by experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.91-104
• /
• 2003

A masquerader is someone who pretends to be another user while invading the target user's accounts, directories, or files. The masquerade attack is the most serious computer misuse. Because, in most cases, after securing the other's password, the masquerader enters the computer system. The system such as IDS could not detect or response to the masquerader. The masquerade detection is the effort to find the masquerader automatically. This system will detect the activities of a masquerader by determining that user's activities violate a profile developed for that user with his audit data. From 1988, there are many efforts on this topic, but the success of the offers was limited and the performance was unsatisfactory. In this report we propose efficient masquerade detection system using SVM which create the user profile.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5023-5038
• /
• 2017

Big data is an emerging technology which deals with wide range of data sets with sizes beyond the ability to work with software tools which is commonly used for processing of data. When we consider a huge network, we have to process a large amount of network information generated, which consists of both normal and abnormal activity logs in large volume of multi-dimensional data. Intrusion Detection System (IDS) is required to monitor the network and to detect the malicious nodes and activities in the network. Massive amount of data makes it difficult to detect threats and attacks. Sequential Pattern mining may be used to identify the patterns of malicious activities which have been an emerging popular trend due to the consideration of quantities, profits and time orders of item. Here we propose a sequential pattern mining algorithm with fuzzy logic feature selection and fuzzy weighted support for huge volumes of network logs to be implemented in Apache Hadoop YARN, which solves the problem of speed and time constraints. Fuzzy logic feature selection selects important features from the feature set. Fuzzy weighted supports provide weights to the inputs and avoid multiple scans. In our simulation we use the attack log from NS-2 MANET environment and compare the proposed algorithm with the state-of-the-art sequential Pattern Mining algorithm, SPADE and Support Vector Machine with Hadoop environment.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.32 no.6
• /
• pp.72-80
• /
• 2004

In this paper, the design procedure of a guidance algorithm in the boosting phase of missiles with free-flight after thrust cut-off is introduced. The purpose of the guidance is to achieve a required velocity vector at the thrust cut-off. Trajectory optimizations for four cost functions are performed to investigate implementable trajectories in the pitch plane. It is observed from the optimization results that high angle of attack maneuver in the beginning of the flight are required to satisfy the constraints. The proposed guidance algorithm consists of the pitch program to produce open-loop pitch attitude command and the yaw attitude command generator to nullify the velocity to go. The pitch program utilizes the pitch attitude histories obtained from the trajectory optimization.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.4
• /
• pp.81-90
• /
• 2014

As mobile devices have become widely used and developed, PC based malwares can be moving towards mobile-based units. In particular, mobile Botnet reuses powerful malicious behavior of PC-based Botnet or add new malicious techniques. Different from existing PC-based Botnet detection schemes, mobile Botnet detection schemes are generally host-based. It is because mobile Botnet has various attack vectors and it is difficult to inspect all the attack vector at the same time. In this paper, to overcome limitations of host-based scheme, we compare two network-based schemes which detect mobile Botnet by applying HMM and SVM techniques. Through the verification analysis under real Botnet attacks, we present detection rates and detection properties of two schemes.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.17 no.4
• /
• pp.551-559
• /
• 2014

The influence of the battle damage hole on the velocity and vorticity flow field have been studied by using particle image velocimetry. Time averaged velocity and vorticity vector fields in the vicinity of jet are presented. The perforated damage hole on a wing created from a hit by anti-air artillery was modeled as a 10% chord size hole which positioned at quarter chord. At low angles of attack, the vorticity in the forward side of the jet is cancelled due to mixing with the wing surface boundary layer. Stretching of vorticity in the backside of the jet generates a semi-cylindrical vortical layer that enclosing a domain with slow moving reverse flow. Conversely, at higher the angles of attack, the jet vorticity advected away from the wing surface and remains mostly confined to the jet. The mean flow behind the jet has a wake-like structure.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.4
• /
• pp.2223-2242
• /
• 2019

Distance Vector-Hop (DV-Hop) algorithm is widely used in node localization. It often suffers the wormhole attack. The current researches focus on Double-Wormhole-Node-Link (DWNL) and have limited attention to Multi-Wormhole-Node-Link (MWNL). In this paper, we propose a security DV-Hop algorithm (AMLDV-Hop) to resist MWNL. Firstly, the algorithm establishes the Neighbor List (NL) in initialization phase. It uses the NL to find the suspect beacon nodes and then find the actually attacked beacon nodes by calculating the distances to other beacon nodes. The attacked beacon nodes generate and broadcast the conflict sets to distinguish the different wormhole areas. The unknown nodes take the marked beacon nodes as references and mark themselves with different numbers in the first-round marking. If the unknown nodes fail to mark themselves, they will take the marked unknown nodes as references to mark themselves in the second-round marking. The unknown nodes that still fail to be marked are semi-isolated. The results indicate that the localization error of proposed AMLDV-Hop algorithm has 112.3%, 10.2%, 41.7%, 6.9% reduction compared to the attacked DV-Hop algorithm, the Label-based DV-Hop (LBDV-Hop), the Secure Neighbor Discovery Based DV-Hop (NDDV-Hop), and the Against Wormhole DV-Hop (AWDV-Hop) algorithm.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.38 no.1
• /
• pp.43-57
• /
• 2002

This paper introduces an analysis method to predicting the flow characteristic of flow field around otter board In order to develope a high performance model. In this experiment, it is used a numerical analysis of flow field through CFD(Computational Fluid Dynamic), PIV method in which quantitative, qualitative evaluation is possible. In this experiment, it is used PIV method with flow filed image around otter board in order to analysis of flow characteristic. The result compared flow pattern with analysis result through CFD and also measurement result of lift and drag force coefficient carried out in CWC(Circulating Water Channel). The numerical analysis result is matched well with experiment result of PIV in the research and it is able to verify In the physical aspect. The result is as follows ; (1) It was carried out visibility experiment using laser light sheet, and picture analysis through PIV method in order to analysis fluid field of otter-board. As a result, the tendency of qualitative fluid movement only through the fluid particle's flow could be known. (2) Since PIV analysis result is quantitative, this can be seen in velocity vector distributions, instantaneous streamline contour, and average vorticity distributions through various post processing method. As a result, the change of flow field could be confirmed. (3) At angle of attack 24$^{\circ}$ where It Is shown maximum spreading force coefficient, the analysis result of CFD and PIV had very similar flow pattern. In both case, at the otter-board post edge a little boundary layer separation was seen, but, generally they had a good flow (4) As the result of post processing with velocity vector distributions, instantaneous streamline contour and average vorticity distributions by PIV, boundary layer separation phenomenon started to happen from angle of attack 24$^{\circ}$, and from over angle of attack 28$^{\circ}$, it happen at leading edge side with the width enlarged.