• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.71-79
• /
• 2009

Currently much research is being done on host based intrusion detection using system calls which is a portion of kernel based data. Sequence based and frequency based preprocessing methods are mostly used in research for intrusion detection using system calls. Due to the large amount of data and system call types, it requires a significant amount of preprocessing time. Therefore, it is difficult to implement real-time intrusion detection systems. Despite this disadvantage, the frequency based method which requires a relatively small amount of preprocessing time is usually used. This paper proposes an effective method for detecting denial of service attacks using the frequency based method. Principal Component Analysis(PCA) will be used to select the principle system calls and a bayesian network will be composed and the bayesian classifier will be used for the classification.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.2
• /
• pp.327-333
• /
• 2009

In 2004, Das et al. proposed a scheme for preserving a user anonymity. However, In 2005, Chien and Chen pointed out that Das et al. scheme fail to protect the user anonymity, and proposed a new scheme. And then in 2007, Hu et al. pointed out that Chien and Chen scheme also has some problems; it is Strong masquerading server/user attack, Restricted replay attack, Denial of service attack. it also slow wrong password detection, and proposed a new scheme. In 2008, Bindu et al. repeatedly pointed out on Chien and Chen scheme and proposed their scheme. However, we point out that all of their scheme also has some problems; it is not to protect the user anonymity and Denial of service attack. In addition, Bindu et al. is vulnerable to Strong masquerading server/user attack. Therefore, we demonstrate that their scheme also have some problems; it is the user anonymity and denial of service attack as above.

• Journal of KIISE:Databases
• /
• v.30 no.6
• /
• pp.585-592
• /
• 2003

In the spatial database systems, it is necessary to manage spatial objects that have two or more aspatial information with different security levels on the same layer. If we adapt the polyinstantiation concept of relational database system for these spatial objects, it is difficult to process the representation problem of spatial objects and to solve the security problem that is service denial and information flow by access of subject that has a different security level. To address these problems, we propose a polyinstantiation method for security management of spatial objects in this paper. The proposed method manages secure spatial database system efficiently by creating spatial objects according to user's security level through security-level-conversion-step and polyinstantiation-generation-step with multi-level security policy. Also, in case of user who has a different security level requires secure operations, we create polyinstance for spatial object to solve problems of service denial and information flow.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.3
• /
• pp.31-38
• /
• 2010

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.959-970
• /
• 2004

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current so curity mechanisms just have passive defense functionalities. In this paper, we propose new network suity architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We im-plemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.5
• /
• pp.127-134
• /
• 2014

In DRDoS(Distributed Reflective Denial of Service) attacks, the victim is bombarded by packets from legitimate reflector unlike DDoS(Distributed Denial of Service) attacks through zombie, which is more dangerous than DDoS attack because it is in stronger disguise. Therefore, the method of filtering packet method on router are useless. Moreover SCTP(Stream Control Transmission Protocol) multi-homing feature, such as with an improved transmission protocol allows detecting attacks is more difficult and the effect of the attack can be maximized. In this paper we propose a DRDoS detection mechanism based on DRDoS utilizing attention to the characteristics of stateful protocols. The proposed scheme is backed by stateful firewall, and detect DRDoS attacks through a rules table and perform a defense treatment against DRDoS attack. Rules table with a simple structure is possible to easily adapt for any kind of stateful protocol can used by DRDoS attack. The experimental result confirm that our proposed scheme well detect DRDoS attacks using SCTP, the next-generation transmission protocol which not known by victim, and reduce the attacking packets rapidly.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1849-1856
• /
• 2013

DOS attack, the short of Denial of Service attack is an internet intrusion technique which harasses service availability of legitimate users. To respond the DDoS attack, a lot of methods focusing attack source, target and intermediate network, have been proposed, but there have not been a clear solution. In this paper, we purpose the prevention of malicious activity and early detection of DDoS attack by detecting and removing the activity of botnets, or other malicious codes. For the purpose, the proposed method monitors the network traffic, especially DSN traffic, which is originated from botnets or malicious codes.

• 한국ITS학회:학술대회논문집
• /
• 2008.11a
• /
• pp.585-589
• /
• 2008

• Proceedings of the Korea Society for Simulation Conference
• /
• 2000.11a
• /
• pp.125-130
• /
• 2000

침입 탐지 시스템이 침입 행위를 탐지하기 위해서 시간에 대한 처리를 고려하지 않고는 침입을 탐지할 수 없는 경우(예 Denial of Service)가 존재한다. 즉 사건의 발생 시점에 대한 처리없이는 침입 탐지가 불가능하다. 본 논문에서는 시뮬레이션 모델을 통하여 시간에 관한 처리를 체계적으로 구성하고, 여러 가지 상황을 조성하여 반복적으로 실행함으로써 침입 탐지 시스템의 핵심 요소인 침입 판별을 효과적으로 수행할 수 있도록 하였다.

• Proceedings of the IEEK Conference
• /
• 1998.10a
• /
• pp.83-86
• /
• 1998

In recent years, security has been more and more significant in network environment. The internetworkding communication including ATM network will be exposed to all kinds of attacks, such as eavesdropping, spoofing, service denial and traffic analysis etc. So, in this paper, we focused on ATM network threats, security service and ATM security mechanisms for threats.