• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.115-122
• /
• 2006

The most methods for intrusion detection are based on the misuse detection which accumulates hewn intrusion information and makes a decision of an attack against any behavior data. However it is very difficult to detect a new or modified aoack with only the collected patterns of attack behaviors. Therefore, if considering that the method of anomaly behavior detection actually has a high false detection rate, a new approach is required for very huge intrusion patterns based on sequence. The approach can improve a possibility for intrusion detection of known attacks as well as modified and unknown attacks in addition to the similarity measurement of intrusion patterns. This paper proposes a method which applies the multiple sequence alignments technique to the similarity matching of the sequence based intrusion patterns. It enables the statistical analysis of sequence patterns and can be implemented easily. Also, the method reduces the number of detection alerts and false detection for attacks according to the changes of a sequence size.

• Korean Journal of Cognitive Science
• /
• v.16 no.2
• /
• pp.141-154
• /
• 2005

The purpose of this study was to investigate the effects of implicit and explicit situation awareness instruction on decision making and event related brain potentials. Psychophysiological data obtained from 36 intermediated level tennis players whose National Tennis Rating Program(NTTP) belong 2 to 2.5 were compared. Participants were randomly assigned to one of three experimental groups: (1) implicit situation awareness, (2) explicit situation awareness, and (3) control group. A total of 90 clips were presented via a beam project screen, and participants pressed one of three jelly bean buttons to indicate the direction of ball hit. Dependent measures were the latencies and amplitudes of P300 on Pz, Cz, and Fz. The results of this study indicated that participants in the implicit situation awareness produced tenser P300, than participants in the explicit situation awareness group. The findings also indicated that single defense showed longer P300 latencies than single attack as well as double defense. The P300-amplitude of treatment groups were longer than control group. The Cz area showed shorer P300 latencies than Pz and Fz areas. In addition, single defense situation demonstrated longer P300 latencies than single attack and double defence situations. Based on this study, it is believed that implicit and explicit situation awareness instruction influence decision making in different ways.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.99-113
• /
• 2021

In these days, as cyberspace has been recognized as the fifth battlefield area following the land, sea, air, and space, attention has been focused on activities that view cyberspace as an operational and mission domain in earnest. Also, in the 21st century, cyber operations based on cyberspace are being developed as a 4th generation warfare method. In such an environment, the success of the operation is determined by the commander's decision. Therefore, in order to increase the rationality and objectivity of such decision-making, it is necessary to systematically establish and select a course of action (COA). In this study, COA is established by using the method of classifying operational elements necessary for cyber operation, and it is intended to suggest a direction for quantitative evaluation of COA. To this end, we propose a method of composing the COES (Cyber Operational Elements Set), which becomes the COA of operation, and classifying the cyber operational elements identified in the target development process based on the 5W1H Method. In addition, by applying the proposed classification method to the cyber operation elements used in the STUXNET attack case, the COES is formed to establish the attack COAs. Finally, after prioritizing the established COA, quantitative evaluation of the policy was performed to select the optimal COA.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.9
• /
• pp.92-99
• /
• 2013

As a recent cyber attack has a characteristic that is intellectual, advanced, and complicated attack against precise purpose and specified object, it becomes extremely hard to recognize or respond when accidents happen. Since a scale of damage is very large, a corresponding system about this situation is urgent in national aspect. Existing data center or integration security framework of computer lab is evaluated to be a behind system when it corresponds to cyber attack. Therefore, this study suggests a better sophisticated next generation convergence security framework in order to prevent from attacks based on advanced persistent threat. Suggested next generation convergence security framework is designed to have preemptive responses possibly against APT attack consisting of five hierarchical steps in domain security layer, domain connection layer, action visibility layer, action control layer and convergence correspondence layer. In domain connection layer suggests security instruction and direction in domain of administration, physical and technical security. Domain security layer have consistency of status information among security domain. A visibility layer of Intellectual attack action consists of data gathering, comparison, decision, lifespan cycle. Action visibility layer is a layer to control visibility action. Lastly, convergence correspond layer suggests a corresponding system of before and after APT attack. An introduction of suggested next generation convergence security framework will execute a better improved security control about continuous, intellectual security threat.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1383-1392
• /
• 2019

Adversarial attack, which geneartes adversarial data to make target model misclassify the input data, is able to confuse real life applications of classification models and cause severe damage to the classification system. An Black-box adversarial attack learns a substitute model, which have similar decision boundary to the target model, and then generates adversarial data with the substitute model. Jacobian-based data augmentation is used to synthesize the training data to learn substitutes, but has a drawback that the data synthesized by the augmentation get distorted more and more as the training loop proceeds. We suggest data augmentation with 'decay factor' to alleviate this problem. The result shows that attack success rate of our method is higher(around 8.5%) than the existing method.

• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.776-786
• /
• 2003

Security Evaluation System is a system that evaluates the security of the entire enterprise network domain which consists of various components and that supports a security manager or a Security Management System in making decisions about security management of the enterprise network based on the evaluation. It helps the security manager or the security management system to make a decision about how to change the configuration of the network to prevent the attack due to the security vulnerabilities of the network. Security Evaluation System checks the “current status” of the network, predicts the possible intrusion and supports decision-making about security management to prevent the intrusion in advance. In this paper we analyze the requirements of the Security Evaluation System that automates the security evaluation of the enterprise network which consists of various components and that supports decision-making about security management to prevent the intrusion, and we propose a design for it which satisfies the requirements.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.190-194
• /
• 2023

By looking the importance of communication, data delivery and access in various sectors including governmental, business and individual for any kind of data, it becomes mandatory to identify faults and flaws during cyber communication. To protect personal, governmental and business data from being misused from numerous advanced attacks, there is the need of cyber security. The information security provides massive protection to both the host machine as well as network. The learning methods are used for analyzing as well as preventing various attacks. Machine learning is one of the branch of Artificial Intelligence that plays a potential learning techniques to detect the cyber-attacks. In the proposed methodology, the Decision Tree (DT) which is also a kind of supervised learning model, is combined with the different cross-validation method to determine the accuracy and the execution time to identify the cyber-attacks from a very recent dataset of different network attack activities of network traffic in the UNSW-NB15 dataset. It is a hybrid method in which different types of attributes including Gini Index and Entropy of DT model has been implemented separately to identify the most accurate procedure to detect intrusion with respect to the execution time. The different DT methodologies including DT using Gini Index, DT using train-split method and DT using information entropy along with their respective subdivision such as using K-Fold validation, using Stratified K-Fold validation are implemented.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.2
• /
• pp.93-103
• /
• 2020

The telecare medical information system (TMIS) supports convenient and rapid health-care services. A secure and efficient authentication and key agreement scheme for TMIS provides safeguarding electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Giri et al. proposed an RSA-based remote user authentication scheme using smart cards for TMIS and claimed that their scheme could resist various malicious attacks. In this paper, we point out that their scheme is still vulnerable to lost smart card attacks and replay attacks and propose an improved scheme to prevent the shortcomings. As compared with the previous authentication schemes for TMIS, the proposed scheme is more secure and practical.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4661-4680
• /
• 2016

Cognitive radio (CR) technology is an effective solution to the spectrum scarcity issue. Collaborative spectrum sensing is known as a promising technique to improve the performance of spectrum sensing in cognitive radio networks (CRNs). However, collaborative spectrum sensing is vulnerable to spectrum data falsification (SSDF) attack, where malicious users (MUs) may send false sensing data to mislead other secondary users (SUs) to make an incorrect decision about primary user (PUs) activity, which is one of the key adversaries to the performance of CRNs. In this paper, we propose a coalition based malicious users detection (CMD) algorithm to detect the malicious user in CRNs. The proposed CMD algorithm can efficiently detect MUs base on the Geary'C theory and be modeled as a coalition formation game. Specifically, SSDF attack is one of the key issues to affect the resource allocation process. Focusing on the security issues, in this paper, we analyze the power allocation problem with MUs, and propose MUs detection based power allocation (MPA) algorithm. The MPA algorithm is divided into two steps: the MUs detection step and the optimal power allocation step. Firstly, in the MUs detection step, by the CMD algorithm we can obtain the MUs detection probability and the energy consumption of MUs detection. Secondly, in the optimal power allocation step, we use the Lagrange dual decomposition method to obtain the optimal transmission power of each SU and achieve the maximum utility of the whole CRN. Numerical simulation results show that the proposed CMD and MPA scheme can achieve a considerable performance improvement in MUs detection and power allocation.

• Journal of the Society of Disaster Information
• /
• v.6 no.2
• /
• pp.11-20
• /
• 2010

All of the people or objects which are contacted during the activity of guard are added to range of objects. guard has to notice decision, question proposal, observation, accomplish to be happened them at the same time recognizing the steps as soon as possible. Before a lot of information of client are shown, guard expert has to search observation of materialization, extension of reservation, notification of business and causes of danger through personal interviews. Rapid communication system has to be assumed and effective caution, protection and shelter and following prevention are cooperated as well as has to care about safe of guard object by a protective wall. And also has to get out of the ground, keep the large shape when moves, prevent the trials of attack from the assassinators after takeing control over weapons.