• Title/Summary/Keyword: Decision-based attack

Search Result 96, Processing Time 0.02 seconds

Design and Implementation of a Real Time Access Log for IP Fragmentation Attack Detection (IP Fragmentation 공격 탐지를 위한 실시간 접근 로그 설계 및 구현)

  • Guk, Gyeong-Hwan;Lee, Sang-Hun
    • The KIPS Transactions:PartA
    • /
    • v.8A no.4
    • /
    • pp.331-338
    • /
    • 2001
  • With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

  • PDF

Secure and Efficient Cooperative Spectrum Sensing Against Byzantine Attack for Interweave Cognitive Radio System

  • Wu, Jun;Chen, Ze;Bao, Jianrong;Gan, Jipeng;Chen, Zehao;Zhang, Jia
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.11
    • /
    • pp.3738-3760
    • /
    • 2022
  • Due to increasing spectrum demand for new wireless devices applications, cooperative spectrum sensing (CSS) paradigm is the most promising solution to alleviate the spectrum shortage problem. However, in the interweave cognitive radio (CR) system, the inherent nature of CSS opens a hole to Byzantine attack, thereby resulting in a significant drop of the CSS security and efficiency. In view of this, a weighted differential sequential single symbol (WD3S) algorithm based on MATLAB platform is developed to accurately identify malicious users (MUs) and benefit useful sensing information from their malicious reports in this paper. In order to achieve this, a dynamic Byzantine attack model is proposed to describe malicious behaviors for MUs in an interweave CR system. On the basis of this, a method of data transmission consistency verification is formulated to evaluate the global decision's correctness and update the trust value (TrV) of secondary users (SUs), thereby accurately identifying MUs. Then, we innovatively reuse malicious sensing information from MUs by the weight allocation scheme. In addition, considering a high spectrum usage of primary network, a sequential and differential reporting way based on a single symbol is also proposed in the process of the sensing information submission. Finally, under various Byzantine attack types, we provide in-depth simulations to demonstrate the efficiency and security of the proposed WD3S.

Network Security Situation Assessment Method Based on Markov Game Model

  • Li, Xi;Lu, Yu;Liu, Sen;Nie, Wei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.5
    • /
    • pp.2414-2428
    • /
    • 2018
  • In order to solve the problem that the current network security situation assessment methods just focus on the attack behaviors, this paper proposes a kind of network security situation assessment method based on Markov Decision Process and Game theory. The method takes the Markov Game model as the core, and uses the 4 levels data fusion to realize the evaluation of the network security situation. In this process, the Nash equilibrium point of the game is used to determine the impact on the network security. Experiments show that the results of this method are basically consistent with the expert evaluation data. As the method takes full account of the interaction between the attackers and defenders, it is closer to reality, and can accurately assess network security situation.

A Study on Graph-Based Heterogeneous Threat Intelligence Analysis Technology (그래프 기반 이기종 위협정보 분석기술 연구)

  • Ye-eun Lee;Tae-jin Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.3
    • /
    • pp.417-430
    • /
    • 2024
  • As modern technology advances and the proliferation of the internet continues, cyber threats are also on the rise. To effectively counter these threats, the importance of utilizing Cyber Threat Intelligence (CTI) is becoming increasingly prominent. CTI provides information on new threats based on data from past cyber incidents, but the complexity of data and changing attack patterns present significant analytical challenges. To address these issues, this study aims to utilize graph data that can comprehensively represent multidimensional relationships. Specifically, the study constructs a heterogeneous graph based on malware data, and uses the metapath2vec node embedding technique to more effectively identify cyber attack groups. By analyzing the impact of incorporating topology information into traditional malware data, this research suggests new practical applications in the field of cyber security and contributes to overcoming the limitations of CTI analysis.

New Constructions of Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Computing

  • Zhang, Leyou;Hu, Yupu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.5
    • /
    • pp.1343-1356
    • /
    • 2013
  • Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.

SOCMTD: Selecting Optimal Countermeasure for Moving Target Defense Using Dynamic Game

  • Hu, Hao;Liu, Jing;Tan, Jinglei;Liu, Jiang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.10
    • /
    • pp.4157-4175
    • /
    • 2020
  • Moving target defense, as a 'game-changing' security technique for network warfare, realizes proactive defense by increasing network dynamics, uncertainty and redundancy. How to select the best countermeasure from the candidate countermeasures to maximize defense payoff becomes one of the core issues. In order to improve the dynamic analysis for existing decision-making, a novel approach of selecting the optimal countermeasure using game theory is proposed. Based on the signal game theory, a multi-stage adversary model for dynamic defense is established. Afterwards, the payoffs of candidate attack-defense strategies are quantified from the viewpoint of attack surface transfer. Then the perfect Bayesian equilibrium is calculated. The inference of attacker type is presented through signal reception and recognition. Finally the countermeasure for selecting optimal defense strategy is designed on the tradeoff between defense cost and benefit for dynamic network. A case study of attack-defense confrontation in small-scale LAN shows that the proposed approach is correct and efficient.

Invulnerability analysis of nuclear accidents emergency response organization network based on complex network

  • Wen Chen;Shuliang Zou;Changjun Qiu;Jianyong Dai;Meirong Zhang
    • Nuclear Engineering and Technology
    • /
    • v.56 no.8
    • /
    • pp.2923-2936
    • /
    • 2024
  • Modern risk management philosophy emphasizes the invulnerability of human beings to cope with all kinds of emergencies. The Nuclear Accidents Emergency Response Organization (NAERO) of Nuclear Power Plant (NPP) is the primary body responsible for nuclear accidents emergency response. The invulnerability of the organization to disturbance or attack from internal and external sources is crucial in the completion of its response missions, reduction of severity of accidents, and assurance of public and environmental safety. This paper focused on the NAERO of a certain NPP in China, and applied the complex network theory to construct the network model of the organization. The topological characteristics of the network were analyzed. Four importance evaluation indexes of network nodes including Degree Centrality (DC), Betweeness Centrality (BC), Closeness Centrality (CC) and Eigenvector Centrality (EC), along with Pearson coefficient correlation among the indexes were calculated and analyzed. Size of the Largest Connected Component (LCC) and Network Efficiency were used as measures regarding the invulnerability of the network. Simulation experiments were conducted to assess the invulnerability of network against various attack strategies. These experiments were conducted both in the absence of node protection measures and under protection measures with different node protection rates. This study evaluated the invulnerability of the NAERO network, and provided significant decision-making basis for the enhancement of the network's invulnerability.

Stackelberg Game between Multi-Leader and Multi-Follower for Detecting Black Hole and Warm Hole Attacks In WSN

  • S.Suganthi;D.Usha
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.8
    • /
    • pp.159-167
    • /
    • 2023
  • Objective: • To detect black hole and warm hole attacks in wireless sensor networks. • To give a solution for energy depletion and security breach in wireless sensor networks. • To address the security problem using strategic decision support system. Methods: The proposed stackelberg game is used to make the spirited relations between multi leaders and multi followers. In this game, all cluster heads are acts as leaders, whereas agent nodes are acts as followers. The game is initially modeled as Quadratic Programming and also use backtracking search optimization algorithm for getting threshold value to determine the optimal strategies of both defender and attacker. Findings: To find optimal payoffs of multi leaders and multi followers are based on their utility functions. The attacks are easily detected based on some defined rules and optimum results of the game. Finally, the simulations are executed in matlab and the impacts of detection of black hole and warm hole attacks are also presented in this paper. Novelty: The novelty of this study is to considering the stackelberg game with backtracking search optimization algorithm (BSOA). BSOA is based on iterative process which tries to minimize the objective function. Thus we obtain the better optimization results than the earlier approaches.

Design and Load Map of the Next Generation Convergence Security Framework for Advanced Persistent Threat Attacks

  • Lee, Moongoo
    • IEIE Transactions on Smart Processing and Computing
    • /
    • v.3 no.2
    • /
    • pp.65-73
    • /
    • 2014
  • An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

Security Structure for Protection of Emergency Medical Information System (응급의료정보시스템의 보호를 위한 보안 구조)

  • Shin, Sang Yeol;Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.8 no.2
    • /
    • pp.59-65
    • /
    • 2012
  • Emergency medical information center performs role of medical direction about disease consult and pre-hospital emergency handling scheme work to people. Emergency medical information system plays a major role to be decreased mortality and disability of emergency patient by providing information of medical institution especially when emergency patient has appeared. But, various attacks as a hacking have been happened in Emergency medical information system recently. In this paper, we proposed security structure which can protect the system securely by detecting attacks from outside effectively. Intrusion detection was performed using rule based detection technique according to protocol for every packet to detect attack and intrusion was reported to control center if intrusion was detected also. Intrusion detection was performed again using decision tree for packet which intrusion detection was not done. We experimented effectiveness using attacks as TCP-SYN, UDP flooding and ICMP flooding for proposed security structure in this paper.