• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.95-105
• /
• 2010

DNS(Domain Name System) is a huge distributed database that converts host name to IP address. We are expecting the importance of DNS is more increased because many Internet application services appear according to the continuous increase of Internet users and nearly all the Internet application services use DNS. To prevent the interruption of DNS service, DNS server is configured with primary DNS server and a secondary DNS server which takes the place of primary DNS server in case of the service interruption. But this scheme is difficult for providing DNS service constantly in case of DDoS attack, which brings about much network load or network problems in DNS server group. Therefore, This paper proposed the scheme to locally distribute load of DNS server, and the use of address system to group the distributed DNS servers. Also, it proposed the authentication scheme of the correspondent server in case the server is changed in DNS server group having grouping address. In this paper, it is shown that the prosed scheme guarantees the improved service reliability with maintaining the present service performance through the evaluation. Through this, we can expect the high improved DNS service can be provided in the Internet environment in the future.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.441-444
• /
• 2016

Peace on the Korean Peninsula is threatened by physical aggressions and cyber terrors such as nuclear tests, missile launchings, senior government officials' smart phone hackings and DDos attacks to banking systems. Cyber attacks such as vulnerability for the hackings, malware distributions are generally defended by passive defense through the detecting signs of first invasion and attack, data analysis, adding library and updating vaccine programs. In this paper the concept of security program based on Google TensorFlow machine learning ability to perform adding libraries and solving security vulnerabilities by itself is researched and proposed.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Journal of KIISE:Databases
• /
• v.37 no.5
• /
• pp.258-266
• /
• 2010

In this paper, we introduce a novel method to predict next update of blogs. The number of RSS feeds registered on meta-blogs is on the order of several million. Checking for updates is very time consuming and imposes a heavy burden on network resources. Since blog search engine has limited resources, there is a fix number of blogs that it can visit on a day. Nevertheless we need to maximize chances of getting new data, and the proposed method which predicts update probability on blogs could bring better chances for it. Also this work is important to avoid distributed denial-of-service attack for the owners of blogs. Furthermore, for the internet as whole this work is important, too, because our approach could minimize traffic. In this study, we assumed that there is a specific pattern to when a blogger is actively posting, in terms of days of the week and, more specifically, hours of the day. We analyzed 15,119 blogs to determine a blogger's posting preference. This paper proposes a method to predict the update probability based on a blogger's posting history and preferred days of the week. We applied proposed method to 12,115 blogs to check the precision of our predictions. The evaluation shows that the model has a precision of 0.5 for over 93.06% of the blogs examined.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.2
• /
• pp.634-645
• /
• 2014

VoIP (Voice over Internet Protocol) is a technology of transmitting and receiving voice and data over the Internet network. As the telecommunication industry is moving toward All-IP environment with growth of broadband Internet, the technology is becoming more important. Although the early VoIP services failed to gain popularity because of problems such as low QoS (Quality of Service) and inability to receive calls as the phone number could not be assigned, they are currently established as the alternative service to the conventional wired telephone due to low costs and active marketing by carriers. However, VoIP is vulnerable to eavesdropping and DDoS (Distributed Denial of Service) attack due to its nature of using the Internet. To counter the VoIP security threats efficiently, it is necessary to develop the criterion or the model for estimating the information security level of VoIP service providers. In this study, we developed reasonable security indicators through questionnaire study and statistical approach. To achieve this, we made use of 50 items from VoIP security checklists and verified the suitability and validity of the assessed items through Multiple Regression Analysis (MRA) using SPSS 18.0. As a result, we drew 23 indicators and calculate the weight of each indicators using Analytic Hierarchy Process (AHP). The proposed indicators in this study will provide feasible and reliable data to the individual and enterprise VoIP users as well as the reference data for VoIP service providers to establish the information security policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.127-138
• /
• 2006

The IPSec is a basic security mechanism of the IPv6 protocol, which can guarantee an integrity and confidentiality of data that transmit between two corresponding hosts. Also, both data and communication subjects can be authenticated using the IPSec mechanism. However, it is difficult that the IPSec mechanism protects major important network from attacks which transmit mass abnormal IPSec traffic in session-configuration or communication phases. In this paper, we present a design of the security system that can effectively detect and defeat abnormal IPSec traffic, which is encrypted by the ESP extension header, using the IPSec Session and Configuration table without any decryption. This security system is closely based on a multi-tier attack mitigation mechanism which is based on network bandwidth management and aims to counteract DDoS attacks and DoS effects of worm activity.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.277-280
• /
• 2011

VoIP is a technology of voice communication, using the existing internet network which sends and receives voice packets. VoIP has an advantage that VoIP is cheaper than an existing telephony, and the tech is vitalized lately. But recently you can download Volp Application in the Market that have a vulnerability(Anyone Can Upload). This weakness is wrongfully used that People are downloaded by encouraging about malignant code is planted. Signal intercepts indicates from this case. and paralysis by DDoS Attack, bypass are charged for hacking. Judging from, security threat of VolP analysis and take countermeasures. In the thesis we analyze the VoIP security caused on 'Soft Phone' and 'Smart Phone', and figure out security policies and delineate those policies on the paper.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.6
• /
• pp.580-586
• /
• 2017

The establishment of big data service environment requires both cloud-based network technology and clustering technology to improve the efficiency of information access. These cloud-based networks and clustering environments can provide variety of valuable information in real-time, which can be an intensive target of attackers attempting illegal access. In particular, attackers attempting IP spoofing can analyze information of mutual trust hosts constituting clustering, and attempt to attack directly to system existing in the cluster. Therefore, it is necessary to detect and respond to illegal attacks quickly, and it is demanded that the security policy is stronger than the security system that is constructed and operated in the existing single system. In this paper, we investigate routing pattern changes and use them as detection information to enable active correspondence and efficient information service in illegal attacks at this network environment. In addition, through the step-by -step encryption based on the routing information generated during the detection process, it is possible to manage the stable service information without frequent disconnection of the information service for resetting.