• Journal of Information Processing Systems
• /
• v.13 no.5
• /
• pp.1203-1212
• /
• 2017

Intrusion detection systems (IDSs) are crucial in this overwhelming increase of attacks on the computing infrastructure. It intelligently detects malicious and predicts future attack patterns based on the classification analysis using machine learning and data mining techniques. This paper is devoted to thoroughly evaluate classifier ensembles for IDSs in IEEE 802.11 wireless network. Two ensemble techniques, i.e. voting and stacking are employed to combine the three base classifiers, i.e. decision tree (DT), random forest (RF), and support vector machine (SVM). We use area under ROC curve (AUC) value as a performance metric. Finally, we conduct two statistical significance tests to evaluate the performance differences among classifiers.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.795-797
• /
• 2019

In this paper, we propose a method to generate adversarial examples for toxicity detection neural networks. Our dataset is represented by a one-hot vector and we constrain that only one character is allowed to be modified. The location to be changed is founded by the maximum area of input gradient, which represents the most affecting character the model to make decisions. Despite the fact that we have strong constraint compared to the image-based adversarial attack, we have achieved about 49% successful rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6161-6176
• /
• 2018

Pseudorandom numbers are useful in cryptographic operations for using as nonce, initial vector, secret key, etc. Security of the cryptosystem relies on the secret key parameters, so a good pseudorandom number is needed. In this paper, we have proposed a new approach for generation of pseudorandom number. This method uses the three dimensional combinational puzzle Rubik Cube for generation of random numbers. The number of possible combinations of the cube approximates to 43 quintillion. The large possible combination of the cube increases the complexity of brute force attack on the generator. The generator uses cryptographic hash function. Chaotic map is being employed for increasing random behavior. The pseudorandom sequence generated can be used for cryptographic applications. The generated sequences are tested for randomness using NIST Statistical Test Suite and other testing methods. The result of the tests and analysis proves that the generated sequences are random.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.319-323
• /
• 2023

In intra-process isolation, file descriptors work as another attack vector from the memory corruption attacks. The attacker can read or write by corrupting file descriptors so they can escape the isolation. In this paper, we propose new lightweight capability-based access control system on file descriptor using ARM's hardware extension, PA(Pointer Authentication). Our system was implemented on Linux kernel module, only shows 5% overhead to control the access on the file descriptor.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.2
• /
• pp.703-711
• /
• 2016

IDS (Intrusion Detection System) is used to detect network attacks through network data analysis. The system requires a high accuracy and detection rate, and low false alarm rate. In addition, the system uses a range of techniques, such as expert system, data mining, and state transition analysis to analyze the network data. The purpose of this study was to compare the performance of two data mining methods for detecting network attacks. They are Support Vector Machine (SVM) and a neural network called Forward Additive Neural Network (FANN). The well-known KDD Cup 99 training and test data set were used to compare the performance of the two algorithms. The accuracy, detection rate, and false alarm rate were calculated. The FANN showed a slightly higher false alarm rate than the SVM, but showed a much higher accuracy and detection rate than the SVM. Considering that treating a real attack as a normal message is much riskier than treating a normal message as an attack, it is concluded that the FANN is more effective in intrusion detection than the SVM.

• Journal of Korea Multimedia Society
• /
• v.10 no.1
• /
• pp.58-65
• /
• 2007

This dissertation proposes digital video protection algorithm lot moving image based on MPEG. Shuffling-based encryption algorithms using a fixed random shuffling table are quite simple and effective but vulnerable to the chosen plaintext attack. To overcome this problem, it is necessary to change the key used for generation of the shuffling table. However, this may pose a significant burden on the security key management system. A better approach is to generate the shuffling table based on the local feature of an image. In order to withstand the chosen plaintext attack, at first, we propose a interleaving algorithm that is adaptive to the local feature of an image. Secondly, using the multiple shuffling method which is combined interleaving with existing random shuffling method, we encrypted the DPCM processed 8*8 blocks. Experimental results showed that the proposed algorithm needs only 10% time of SEED encryption algorithm and moreover there is no overhead bit. In video sequence encryption, multiple random shuffling algorithms are used to encrypt the DC and AC coefficients of intra frame, and motion vector encryption and macroblock shuffling are used to encrypt the intra-coded macroblock in predicted frame.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.69-75
• /
• 2012

MANET(Mobile Ad-hoc Network) is target of many attacks because of dynamic topology and hop-by-hop data transmission method. In MANET, location setting of intrusion detection system is difficult and attack detection using information collected locally is more difficult. The amount of traffic grow, intrusion detection performance will be decreased. In this paper, MANET is composed of zone form and we used random projection technique which reduces dimension without loss of information in order to perform stable intrusion detection in even massive traffic. Global detection node is used to detect attacks which are difficult to detect using only local information. In the global detection node, attack detection is performed using received information from IDS agent and pattern of nodes. k-NN and ZBIDS were experimented to evaluate performance of the proposed technique in this paper. The superiority of performance was confirmed through the experience.

• Journal of Communications and Networks
• /
• v.16 no.4
• /
• pp.397-406
• /
• 2014

Radio frequency (RF) jamming is a denial of service attack targeted at wireless networks. In resource-hungry scenarios with constant traffic demand, jamming can create connectivity problems and seriously affect communication. Therefore, the vulnerabilities of wireless networks must be studied. In this study, we investigate a particular type of RF jamming that exploits the semantics of physical (PHY) and medium access control (MAC) layer protocols. This can be extended to any wireless communication network whose protocol characteristics and operating frequencies are known to the attacker. We propose two efficient jamming techniques: A low-data-rate random jamming and a shot-noise based protocol-aware RF jamming. Both techniques use shot-noise pulses to disrupt ongoing transmission ensuring they are energy efficient, and they significantly reduce the detection probability of the jammer. Further, we derived the tight upper bound on the duration and the number of shot-noise pulses for Wi-Fi, GSM, and WiMax networks. The proposed model takes consider the channel access mechanism employed at the MAC layer, data transmission rate, PHY/MAC layer modulation and channel coding schemes. Moreover, we analyze the effect of different packet sizes on the proposed jamming methodologies. The proposed jamming attack models have been experimentally evaluated for 802.11b networks on an actual testbed environment by transmitting data packets of varying sizes. The achieved results clearly demonstrate a considerable increase in the overall jamming efficiency of the proposed protocol-aware jammer in terms of packet delivery ratio, energy expenditure and detection probabilities over contemporary jamming methods provided in the literature.

• The KIPS Transactions:PartC
• /
• v.9C no.2
• /
• pp.189-196
• /
• 2002

IPSec is a protocol which provides data encryption, message authentication and data integrity on public and open network transmission. In IPSec, ESP protocol is used when it needs to Provide data encryption, authentication and integrity in real transmission Packets. ESP protocol uses DES-CBC encryption mode when sender encrypts packets and receiver decrypts data through this mode IV is used at that tome. This vague has many risks of attack during transmission by attacker because it is transferred clean and opened. If IV value is modified, then decryption of ESP data is impossible and higher level information is changed. In this paper we propose a new algorithm that it encrpty IV values using DES-ECB mode for preventing IV attack and checks integrity of whole ESP data using message authentication function. Therefore, we will protect attacks of IV and data, and guarantee more safe transmission on the public network.

• Journal of KIISE:Information Networking
• /
• v.29 no.2
• /
• pp.156-164
• /
• 2002

IPSec is a protocol which provides data encryption, message authentication and data integrity on public and open network transmission. In IPSec, ESP protocol is used when it needs to provide data encryption, authentication and Integrity In real transmission packets. ESP protocol uses DES-CBC encryption mode when sender encrypts packets and receiver decrypts data through this mode IV is used at that time. This value has many tasks of attack during transmission by attacker because it is transferred clean and opened. If IV value is modified, then decryption of ESP data is impossible and higher level information is changed. In this paper we propose a new algorithm that it encrypts IV values using DES-ECB mode for preventing IV attack and checks integrity of whole ESP data using message authentication function. Therefore, we will protect attacks of IV and data, and guarantee core safe transmission on the public network.