• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.253-266
• /
• 2023

The Null Pointer Dereference vulnerability is a significant vulnerability that can cause severe attacks such as denial-of-service. Previous research has proposed methods for detecting vulnerabilities, but large and complex programs pose a challenge to their efficiency. In this paper, we present a lightweight tool for detecting specific functions in large binaryprograms through symbolizing variables and emulating program execution. The tool detects vulnerabilities through data dependency analysis and heuristics in each execution path. While our tool had an 8% higher false positive rate than the bap_toolkit, it detected all existing vulnerabilities in our dataset.

• Journal of the Korea Society for Simulation
• /
• v.18 no.3
• /
• pp.133-138
• /
• 2009

When sensor networks are deployed in open environments, an adversary may compromise some sensor nodes and use them to inject false sensing reports. False report attack can lead to not only false alarms but also the depletion of limited energy resources in battery powered networks. The Interleaved hop-by-hop authentication (IHA) scheme detects such false reports through interleaved authentication. In IHA, when a report is forwarded to the base station, all nodes on the path must spend energies on receiving, authenticating, and transmitting it. An dversary can spend energies in nodes by using the methods as a relaying attack which uses macro. The Adversary aim to drain the finite amount of energies in sensor nodes without sending false reports to BS, the result paralyzing sensor network. In this paper, we propose a countermeasure using fuzzy logic from the Denial of Service(DoS) attack and show an efficiency of energy through the simulataion result.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.614-621
• /
• 2022

This paper proposes RIDS (Random Forest-Based Intrusion Detection), which is an intrusion detection system to detect hacking attack based on random forest. RIDS detects three typical attacks i.e. DoS (Denial of service) attack, fuzzing attack, and spoofing attack. It detects hacking attack based on four parameters, i.e. time interval between data frames, its deviation, Hamming distance between payloads, and its diviation. RIDS was designed in memory-centric architecture and node information is stored in memories. It was designed in scalable architecture where DoS attack, fuzzing attack, and spoofing attack can be all detected by adjusting number and depth of trees. Simulation results show that RIDS has 0.9835 accuracy and 0.9545 F1 score and it can detect three attack types effectively.

• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.45-53
• /
• 2006

It has been proposed that several RFID authentication protocols based on hash chain. Status based authentication protocol and challenge-response based authentication protocol are secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks but are vulnerable to Dos attacks. RFID authentication protocol with strong resistance against traceability and denial of service attack is secured against location tracking attack, spoofing attacks, replay attacks, DoS attacks but are vulnerable to traffic analysis attacks. The present study suggests a more secure and lightweight RFID authentication protocol which is combining the advantages of hash-chain authentication protocol and RFID authentication protocol with strong resistance against traceability and denial of service attack. The results of the secure analysts for a proposed protocol are illustrated that it is secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks, Dos attacks and is a lightweight operation between server and tag.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.191-200
• /
• 2005

The brilliant achievements in computers and the internet technology make it easy for users to get useful information. But at the same time, the damages caused by intrusions and denial of service attacks are getting more worse. Specially because denial of service attacks by internet worm incapacitate computers and networks, we should draw up a disposal plan against it. So far many rule-based intrusion detection systems have been developed, but these have the limits of these ability to detect new internet worms. In this paper, we propose a system to detect intrusion and generate detection rule against scan-based internet worm, paying attention to the fact that internet worms scan network to infect hosts. The system detects internet worms using detection rule. And if it detects traffic causing by a new scan-based internet worm, it generates new detection nile using traffic information that is gathered. Therefore it can response to new internet worms early. Because the system gathers packet payload, when it is being necessary only, it can reduce system's overhead and disk space that is required.

• Journal of the Korea Convergence Society
• /
• v.6 no.5
• /
• pp.33-38
• /
• 2015

In a V2X convergence service environment, the principal service among infotainment services and driver management services must be supported centering on critical information of the driver, maintenance manager, customer, and anonymous user. Many software applications have considered solutions to be satisfied the specific requirements of driving care programs, and plans. This paper describes data flow diagram of a secure clinic system for driving car diagnosis, which is included in clinic configuration, clinic, clinic page, membership, clinic request processing, driver profile data, clinic membership data, and clinic authentication in the V2X convergence service environment. It is reviewed focusing on security threat issue of ITS diagnostic system such as spoofing, tampering, repudiation, disclosure, denial of service, and privilege out of STRIDE model.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.6
• /
• pp.1374-1379
• /
• 2015

Malicious network attacks such as DDoS has no clear measures, the damage is also enormous. In particular, in addition to a network failure, such as leakage of personal information and damage of the communication charge in the case of zombie smartphone is infected, is expected damages of various users. In this study, we extract the zombie smartphone's phenomena and features that appear while the zombie service is running and introduce a corresponding technique to prevent zombie smartphone.

• Journal of Industrial Technology
• /
• v.27 no.B
• /
• pp.77-82
• /
• 2007

A novel DDoS (Distributed Denial-of-Service) defense technique, Exaustiveness-Based Detection, is proposed in this work. It dispenses with the network congestion and the unfairness between users of the Defense-by-Offense technique by incorporating a kind of simple Detect-and-Block scheme (user identification), still improving the effectiveness of the defense in comparison to the original Defense-by-Offense technique. It uses SYN cookies to identify users in the granularity of ip address and to prevent ip address spoofing by the attacker. There can be, however, some probability of false negative (denying service to good clients), if the attacker wisely adapt to the new technique by saving some portion of its bandwidth resource and later mimicking good clients. Quantitative analysis the requirement for the good clients to be safe from the false negative is provided and a procedure to design the server capacity is explained.

• Journal of Communications and Networks
• /
• v.7 no.1
• /
• pp.87-92
• /
• 2005

This paper presents basic queueing analysis contributing to teletraffc theory, with commonly accessible mathematical tools. This paper studies queueing systems with bulk arrivals. It is assumed that the number of arrivals and the expected number of arrivals in each bulk are bounded by some constraints B and (equation omitted), respectively. Subject to these constraints, convexity argument is used to show that the bulk-size probability distribution that results in the worst mean queue performance is an extremal distribution with support {1, B} and mean equal to A. Furthermore, from the viewpoint of security against denial-of-service attacks, this distribution remains the worst even if an adversary were allowed to choose the bulk-size distribution at each arrival instant as a function of past queue lengths; that is, the adversary can produce as bad queueing performance with an open-loop strategy as with any closed-loop strategy. These results are proven for an arbitrary arrival process with bulk arrivals and a general service model.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1485-1488
• /
• 2005

현재 인터넷을 구성하고 있는 두가지 중요 이름공간(name space)인 IP(Internet Protocol) 주소와 DNS(Domain Name Service) 이름의 단점을 보완하기 위해 연구되고 있는 HIP(Host Identity Protocol)는 IP와 트랜스포트 계층 사이에 새로운 계층과 프로토콜을 제안함으로써 제한된 형태의 신뢰성을 제공하고 이동(mobility), 멀티홈(multihome), 동적 IP주소변경 등을 지원하며 DoS(Denial of Service) 공격 등을 방어한다. 본 논문에서는 현재까지 IETF에서 진행된 HIP관련 연구 동향을 분석한다.