• Title/Summary/Keyword: Compromised Network Design

Search Result 13, Processing Time 0.032 seconds

Compromised Network Design Model for the Strategic Alliance of Service Centers and Consolidation Terminals in Express Courier Services (택배 영업소 및 화물터미널의 전략적 제휴를 위한 절충적 네트워크 설계에 관한 연구)

  • Chung, Ki-Ho;Ko, Hyun-Jeung;Ko, Chang-Seong
    • Journal of Korean Institute of Industrial Engineers
    • /
    • v.37 no.4
    • /
    • pp.304-310
    • /
    • 2011
  • The express courier business in Korea has been recognized as one of promising business sectors with the annual growth rate of over 10 percent since 2001. As such many domestic and foreign companies have been established and are fiercely competing to extend their own market share. The severe competition has forced them to focus on achieving cost competitiveness and high level of customer service. Small and medium-sized enterprises( SMEs) with relatively poor network infrastructure in particular are facing tougher challenges to cost reduction and efficiency improvement in their logistics networks. Strategic alliances among SMEs may be an effective way to cope with these challenges. Therefore this study proposes an integer programming model for compromised network design and its solution procedure based on maxmin and maxsum criteria for strategic alliances. The applicability and efficiency of the proposed model are demonstrated through an illustrative numerical example.

Design of Sensor Network Security Model using Contract Net Protocol and DEVS Modeling (계약망 프로토콜과 DEVS 모델링을 통한 센서네트워크 보안 모델의 설계)

  • Hur, Suh Mahn;Seo, Hee Suk
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.4 no.4
    • /
    • pp.41-49
    • /
    • 2008
  • Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects forged reports into the network through compromised nodes. Such attacks by compromised sensors can cause not only false alarms but also the depletion of the finite amount of energy in a battery powered network. In order to reduce damage from these attacks, several security solutions have been proposed. Researchers have also proposed some techniques to increase the energy-efficiency of such security solutions. In this paper, we propose a CH(Cluster Header) selection algorithm to choose low power delivery method in sensor networks. The CNP(Contract Net Protocol), which is an approach to solve distribution problems, is applied to choose CHs for event sensing. As a result of employing CNP, the proposed method can prevent dropping of sensing reports with an insufficient number of message authentication codes during the forwarding process, and is efficient in terms of energy saving.

Design of a Protected Server Network with Decoys for Network-based Moving Target Defense

  • Park, Tae-Keun;Park, Kyung-Min;Moon, Dae-Sung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.23 no.9
    • /
    • pp.57-64
    • /
    • 2018
  • In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

Defense against HELLO Flood Attack in Wireless Sensor Network

  • Hamid Md. Abdul;Hong Choong Seon;Byun Sang Ick
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2005.11a
    • /
    • pp.214-216
    • /
    • 2005
  • We consider Wireless Sensor Network Security (WSN) and focus our attention to tolerate damage caused by an adversary who has compromised deployed sensor node to modify, block, or inject packets. We adopt a probabilistic secret sharing protocol where secrets shared between two sensor nodes are not exposed to any other nodes. Adapting to WSN characteristics, we incorporate these secrets to establish new pairwise key for node to node authentication and design multipath routing to multiple base stations to defend against HELLO flood attacks. We then analytically show that our defense mechanisms against HELLO flood attack can tolerate damage caused by an intruder.

  • PDF

A Statistical Detection Method to Detect Abnormal Cluster Head Election Attacks in Clustered Wireless Sensor Networks (클러스터 기반 WSN에서 비정상적인 클러스터 헤드 선출 공격에 대한 통계적 탐지 기법)

  • Kim, Sumin;Cho, Youngho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1165-1170
    • /
    • 2022
  • In WSNs, a clustering algorithm groups sensor nodes on a unit called cluster and periodically selects a cluster head (CH) that acts as a communication relay on behalf of nodes in each cluster for the purpose of energy conservation and relay efficiency. Meanwhile, attack techniques also have emerged to intervene in the CH election process through compromised nodes (inside attackers) and have a fatal impact on network operation. However, existing countermeasures such as encryption key-based methods against outside attackers have a limitation to defend against such inside attackers. Therefore, we propose a statistical detection method that detects abnormal CH election behaviors occurs in a WSN cluster. We design two attack methods (Selfish and Greedy attacks) and our proposed defense method in WSNs with two clustering algorithms and conduct experiments to validate our proposed defense method works well against those attacks.

Design an Algorithm Matching TCP Connection Pairs for Intruder Traceback (침입자 역추적을 위한 TCP 연결 매칭 알고리즘 설계)

  • Kang Hyung-Woo;Hong Soon-Jwa;Lee Dong-Hoon
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.11-18
    • /
    • 2006
  • In the field of network defense, a lot of researches are directed toward locating the source of network attacks. When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, and these intermediate hosts are called stepping-stones. There we two kinds of traceback technologies : IP packet traceback and connection traceback. We focused on connection traceback in this paper This paper classifies process structures of detoured attack type in stepping stone, designs an algorithm for traceback agent, and implements the traceback system based on the agent

A Survey on Security Schemes based on Conditional Privacy-Preserving in Vehicular Ad Hoc Networks

  • Al-Mekhlafi, Zeyad Ghaleb;Mohammed, Badiea Abdulkarem
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.11
    • /
    • pp.105-110
    • /
    • 2021
  • Contact between Vehicle-to-vehicle and vehicle-to-infrastructural is becoming increasingly popular in recent years due to their crucial role in the field of intelligent transportation. Vehicular Ad-hoc networks (VANETs) security and privacy are of the highest value since a transparent wireless communication tool allows an intruder to intercept, tamper, reply and erase messages in plain text. The security of a VANET based intelligent transport system may therefore be compromised. There is a strong likelihood. Securing and maintaining message exchange in VANETs is currently the focal point of several security testing teams, as it is reflected in the number of authentication schemes. However, these systems have not fulfilled all aspects of security and privacy criteria. This study is an attempt to provide a detailed history of VANETs and their components; different kinds of attacks and all protection and privacy criteria for VANETs. This paper contributed to the existing literature by systematically analyzes and compares existing authentication and confidentiality systems based on all security needs, the cost of information and communication as well as the level of resistance to different types of attacks. This paper may be used as a guide and reference for any new VANET protection and privacy technologies in the design and development.

A Vulnerability Analysis of Intrusion Tolerance System using Self-healing Mechanism (자가치유 메커니즘을 활용한 침입감내시스템의 취약성 분석)

  • Park, Bum-Joo;Park, Kie-Jin;Kim, Sung-Soo
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.32 no.7
    • /
    • pp.333-340
    • /
    • 2005
  • One of the most important core technologies required for the design of the ITS (Intrusion Tolerance System) that performs continuously minimal essential services even when the network-based computer system is partially compromised because of the external or internal intrusions is the quantitative dependability analysis of the ITS. In this paper, we applied self-healing mechanism, the core technology of autonomic computing to secure the protection power of the ITS. We analyzed a state transition diagram of the ITS composed of a Primary server and a backup server utilizing two factors of self-healing mechanism (fault model and system response) and calculated the availability of ITS through simulation experiments and also performed studies on two cases of vulnerability attack.

Design and Implementation of an Intrusion Detection System based on Outflow Traffic Analysis (유출트래픽 분석기반의 침입탐지시스템 설계 및 구현)

  • Shin, Dong-Jin;Yang, Hae-Sool
    • The Journal of the Korea Contents Association
    • /
    • v.9 no.4
    • /
    • pp.131-141
    • /
    • 2009
  • An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. This paper proposes an intrusion detection system based outflow traffic analysis. Many research efforts and commercial products have focused on preventing intrusion by filtering known exploits or unknown ones exploiting known vulnerabilities. Complementary to these solutions, the proposed IDS can detect intrusion of unknown new mal ware before their signatures are widely distributed. The proposed IDS is consists of a outflow detector, user monitor, process monitor and network monitor. To infer user intent, the proposed IDS correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. As a complement to existing prevention system, proposed IDS decreases the danger of information leak and protects computers and networks from more severe damage.

Secure Routing with Time-Space Cryptography for Mobile Ad-Hoc Networks (이동 애드혹 망을 위한 시공간 방식의 보안 라우팅 프로토콜)

  • Joe, In-Whee
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.32 no.1B
    • /
    • pp.11-16
    • /
    • 2007
  • This paper describes the design and performance of a secure routing protocol with time-space cryptography for mobile ad-hoc networks. The proposed time-space scheme works in the time domain for key distribution between source and destination as well as in the space domain for intrusion detection along the route between them. For data authentication, it relies on the symmetric key cryptography due to high efficiency and a secret key is distributed using a time difference from the source to the destination. Also, a one-way hash chain is formed on a hop-by-hop basis to prevent a compromised node or an intruder from manipulating the routing information. In order to evaluate the performance of our routing protocol, we compare it with the existing AODV protocol by simulation under the same conditions. The proposed protocol has been validated using the ns-2 network simulator with wireless and mobility extensions.