• Journal of the Korea Convergence Society
• /
• v.10 no.5
• /
• pp.35-42
• /
• 2019

Recently, as the Internet and various wearable devices have appeared, Internet technology has contributed to obtaining more convenient information and doing business. However, as the internet is used in various parts, the attack surface points that are exposed to attacks are increasing, Attempts to invade networks aimed at taking unfair advantage, such as cyber terrorism, are also increasing. In this paper, we propose a feature selection method to improve the classification performance of the class to classify the abnormal behavior in the network traffic. The UNSW-NB15 dataset has a rare class imbalance problem with relatively few instances compared to other classes, and an undersampling method is used to eliminate it. We use the SVM, k-NN, and decision tree algorithms and extract a subset of combinations with superior detection accuracy and RMSE through training and verification. The subset has recall values of more than 98% through the wrapper based experiments and the DT_PSO showed the best performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.6
• /
• pp.1480-1491
• /
• 2013

Certificate-based cryptography is a new cryptographic primitive which eliminates the necessity of certificates in the traditional public key cryptography and simultaneously overcomes the inherent key escrow problem suffered in identity-based cryptography. However, to the best of our knowledge, all existed constructions of certificate-based encryption so far have to be based on the bilinear pairings. The pairing calculation is perceived to be expensive compared with normal operations such as modular exponentiations in finite fields. The costly pairing computation prevents it from wide application, especially for the computation limited wireless sensor networks. In order to improve efficiency, we propose a new certificate-based encryption scheme that does not depend on the pairing computation. Based on the decision Diffie-Hellman problem assumption, the scheme's security is proved to be against the chosen ciphertext attack in the random oracle. Performance comparisons show that our scheme outperforms the existing schemes.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.533-540
• /
• 2013

Anonymity is the one of main reasons for substantial improvement of Internet. It encourages various users to express their opinion freely and helps Internet based distributed systems vitalize. But, anonymity can cause unexpected threats because personal information of an online user is hidden. Especially, distributed systems are threatened by Sybil attack, where one malicious user creates and manages multiple fake online identities. To prevent Sybil attack, the traditional solutions include increasing the complexity of identity generation and mapping online identities to real-world identities. But, even though the high complexity of identity generation increases the generation cost of Sybil identities, eventually they are generated and there is no further way to suppress their activity. Also, the mapping between online identities and real identities may cause high possibility of losing anonymity. Recently, some methods using online social network to prevent Sybil attack are researched. In this paper, a new method is proposed for extracting a user's system-wide Sybil-resistant trust value by using the properties embedded in online social network graphs. The proposed method can be categorized into 3 types based on sampling and decision strategies. By using graphs sampled from Facebook, the performance of the 3 types of the proposed method is evaluated. Moreover, the impact of Sybil attack on nodes with different characteristics is evaluated in order to understand the behavior of Sybil attack.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.584-594
• /
• 2015

To date, many different kinds of logic styles for hardware countermeasures have been developed; for example, SABL, TDPL, and DyCML. Current mode-based logic styles are useful as they consume less power compared to voltage mode-based logic styles such as SABL and TDPL. Although we developed TPDyCML in 2012 and presented it at the WISA 2012 conference, we have further optimized it in this paper using a binary decision diagram algorithm and confirmed its properties through a practical implementation of the AES S-box. In this paper, we will explain the outcome of HSPICE simulations, which included correlation power attacks, on AES S-boxes configured using a compact NMOS tree constructed from either SABL, CMOS, TDPL, DyCML, or TPDyCML. In addition, to compare the performance of each logic style in greater detail, we will carry out a mutual information analysis (MIA). Our results confirm that our logic style has good properties as a hardware countermeasure and 15% less information leakage than those secure logic styles used in our MIA.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.127-135
• /
• 2007

As the Internet is used widely, criminal offense that use computer is increasing, and an information security technology to remove this crime is becoming competitive power of the country. In this paper, we suggest network-based intrusion detection system that use fuzzy expert system. This system can decide quick intrusion decision from attack pattern applying fuzzy rule through the packet classification method that is done similarity of protocol and fixed time interval. Proposed system uses fuzzy logic to detect attack from network traffic, and gets analysis result that is automated through fuzzy reasoning. In present network environment that must handle mass traffic, this system can reduce time and expense of security

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.237-246
• /
• 2020

this paper, a data modeling method based on decision-making conditions is proposed for making combat and battlefield management systems to be intelligent, which are also a decision-making support system. A picture of a robot seeing and perceiving like humans and arriving a point it wanted can be understood and be felt in body. However, we can't find an example of implementing a decision-making which is the most important element in human cognitive action. Although the agent arrives at a designated office instead of human, it doesn't support a decision of whether raising the market price is appropriate or doing a counter-attack is smart. After we reviewed a current situation and problem in control & command of military, in order to collect a big data for making a machine staff's advice to be possible, we propose a data modeling prototype based on decision-making conditions as a method to change a current control & command system. In addition, a decision-making tree method is applied as an example of the decision making that the reformed control & command system equipped with the proposed data modeling will do. This paper can contribute in giving us an insight of how a future AI decision-making staff approaches to us.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.4
• /
• pp.811-817
• /
• 2009

The rapid growth of network based IT systems has resulted in continuous research of security issues. Probe intrusion detection is an area of increasing concerns in the internet community. Recently, a number of probe intrusion detection schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems, are useful only for the existing patterns of probe intrusion. They can not detect new patterns of probe intrusion. Therefore, it is necessary to develop a new Probe Intrusion Detection technology that can find new patterns of probe intrusion. In this paper, we proposed a new network based probe intrusion detector(NePID) using anomaly traffic analysis and fuzzy cognitive maps that can detect intrusion by the denial of services attack detection method utilizing the packet analyses. The probe intrusion detection using fuzzy cognitive maps capture and analyze the packet information to detect syn flooding attack. Using the result of the analysis of decision module, which adopts the fuzzy cognitive maps, the decision module measures the degree of risk of denial of service attack and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.094% and the max-average false negative rate of 2.936%. The true positive error rate of the NePID is similar to that of Bernhard's true positive error rate.

• The KIPS Transactions:PartB
• /
• v.12B no.4 s.100
• /
• pp.421-428
• /
• 2005

A new method of Semi-fragile image watermarking which ensures the integrity of the contents of digital image is presented. Proposed watermarking scheme embeds watermark in the form of quantization noise on the wavelet transform coefficients in a specific mid frequency subbands selected from a wavelet packet decomposition based on energy distribution of wavelet transform coefficients. By controlling the strength of embedded watermark using HVS (Human Visual System) characteristic, it is imperceptible by a human viewer while robust against non-malicious attack such as compression for storage and/or transmission. When an attack is applied on the original image, it is highly probable that wavelet transform coefficients not only at the exact attack positions but also the neighboring ones are modified. Therefore, proposed authentication method utilizes whether both current coefficient and its neighbors are damaged. together. So it can efficiently detect and accurately localize attacks inflicted on the content of original image. Decision threshold for authentication can be user controlled for different application areas as needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.201-210
• /
• 2023

Deep learning-based face verificattion model show high performance and are used in many fields, but there is a possibility the user's face image may be leaked in the process of inputting the face image to the model. Althoughde-identification technology exists as a method for minimizing the exposure of face features, there is a problemin that verification performance decreases when the existing technology is applied. In this paper, after combining the face features of other person, a de-identified face image is created through StyleGAN. In addition, we propose a method of optimizingthe combining ratio of features according to the face verification model using HopSkipJumpAttack. We visualize the images generated by the proposed method to check the de-identification performance, and evaluate the ability to maintain the performance of the face verification model through experiments. That is, face verification can be performed using the de-identified image generated through the proposed method, and leakage of face personal information can be prevented.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.17-25
• /
• 2004

As Internet and Internet users are rapidly increasing and getting popularized in the world the existing firewall has limitations to detect attacks which exploit vulnerability of web server. And these attacks are increasing. Most of all, intrusions using web application's programming error are occupying for the most part. In this paper, we introduced real-time web-server agent which analyze web-server based log and detect web-based attacks after the analysis of the web-application's vulnerability. We propose the method using real-time agent which remove Process ID(pid) and block out attacker's If if it detects the intrusion through the decision stage after judging attack types and patterns.