• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.89-100
• /
• 2011

As the Internet usage with web browser is more increasing, the web-based malware which is distributed in websites is going to more serious problem than ever. The central type malicious website detection method based on crawling has the problem that the cost of detection is increasing geometrically if the crawling level is lowered more. In this paper, we proposed a security tool based on web browser which can detect the malicious web pages dynamically and support user's safe web browsing by stopping navigation to a certain malicious URL injected to those web pages. By applying these tools with many distributed web browser users, all those users get to participate in malicious website detection and feedback. As a result, we can detect the lower link level of websites distributed and dynamically.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06d
• /
• pp.360-365
• /
• 2010

In this paper, we present a distributed algorithm for detecting dynamic event regions in wireless sensor network with the consideration on energy saving. Our model is that the sensing field is monitored by a large number of randomly distributed sensors with low-power battery and limited functionality, and that the event region is dynamic with motion or changing the shape. At any time that the event happens, we need some sensors awake to detect it and to wake up its k-hop neighbors to detect further events. Scheduling for the network to save the total power-cost or to maximize the monitoring time has been studied extensively. Our scheme is that some predetermined sensors, called critical sensors are awake all the time and when the event is detected by a critical sensor the sensor broadcasts to the neighbors to check their sensing area. Then the neighbors check their area and decide whether they wake up or remain in sleeping mode with certain criteria. Our algorithm uses only 2 bit of information in communication between sensors, thus the total communication cost is low, and the speed of detecting all event region is high. We adapt two kinds of measure for the wake-up decision. With suitable threshold values, our algorithm can be applied for many applications and for the trade-off between energy saving and the efficiency of event detection.

• Journal of KIISE
• /
• v.44 no.7
• /
• pp.726-732
• /
• 2017

In practical distributed sensing and prediction applications over wireless sensor networks (WSN), environmental sensing activities are highly dynamic because of noisy sensory information from moving source signals. The recent distributed online convex optimization frameworks have been developed as promising approaches for solving approximately stochastic learning problems over network of sensors in a distributed manner. Negligence of mobility consequence in the original distributed saddle point algorithm (DSPA) could strongly affect the convergence rate and stability of learning results. In this paper, we propose an integrated sliding windows mechanism in order to stabilize predictions and achieve better convergence rates in cooperative detection of a moving source signal scenario.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.889-891
• /
• 2002

인터넷의 발달과 함께, 인터넷을 이용한 전자상거래, 흠 뱅킹 , 온라인 교육 등 정보통신 관련 서비스가 급격히 발전하게 되었다. 그러나 이러한 확장으로 인한 긍정적인 효과도 있으나, 시스템 불법 침입, 중요 정보의 유출 및 훼손, 불법적인 사용, 악성 바이러스 등 역기능 역시 심각한 피해를 주고 있다. 이러한 피해를 막기 위한 기술로 다양한 침입탐지 시스템과 방화벽이 활용되고 있으나, 아직 한계와 문제점들이 존재하고 있다. 본 논문에서는 이러한 악의적인 공격들로부터 대처하기 위해 현재 개발 중인 분산 침입 탐지 시스템과 함께 동작 하게 될 Dynamic Screened Zone을 구성하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.963-974
• /
• 2018

With the growing interest in cryptocurrency such as bitcoin, the blockchain technology has attracted much attention in various applications as a distributed security platform with excellent security. However, Cryptojacking, an attack that hijack other computer resources such as CPUs, has occured due to vulnerability to the Cryptomining process. In particular, browser-based Cryptojacking is considered serious because attacks can occur only by visiting a Web site without installing it on a visitor's PC. The current Cryptojacking detection system is mostly signature-based. Signature-based detection methods have problems in that they can not detect a new Cryptomining code or a modification of existing Cryptomining code. In this paper, we propose a Cryptojacking detection solution using a dynamic analysis-based that uses a headless browser to detect unknown Cryptojacking attacks. The proposed dynamic analysis-based Cryptojacking detection system can detect new Cryptojacking site that cannot be detected in existing signature-based Cryptojacking detection system and can detect it even if it is called or obfuscated by bypassing Cryptomining code.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.53-58
• /
• 2014

MANET can quickly build a network because it is configured with only the mobile node and it is very popular today due to its various application range. However, MANET should solve vulnerable security problem that dynamic topology, limited resources of each nodes, and wireless communication by the frequent movement of nodes have. In this paper, we propose a domain-based distributed cooperative intrusion detection techniques that can perform accurate intrusion detection by reducing overhead. In the proposed intrusion detection techniques, the local detection and global detection is performed after network is divided into certain size. The local detection performs on all the nodes to detect abnormal behavior of the nodes and the global detection performs signature-based attack detection on gateway node. Signature DB managed by the gateway node accomplishes periodic update by configuring neighboring gateway node and honeynet and maintains the reliability of nodes in the domain by the trust management module. The excellent performance is confirmed through comparative experiments of a multi-layer cluster technique and proposed technique in order to confirm intrusion detection performance of the proposed technique.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.374-386
• /
• 2022

Nowadays, research in deep learning leveraged automated computing and networking paradigm evidenced rapid contributions in terms of Software Defined Networking (SDN) and its diverse security applications while handling cybercrimes. SDN plays a vital role in sniffing information related to network usage in large-scale data centers that simultaneously support an improved algorithm design for automated detection of network intrusions. Despite its security protocols, SDN is considered contradictory towards DDoS attacks (Distributed Denial of Service). Several research studies developed machine learning-based network intrusion detection systems addressing detection and mitigation of DDoS attacks in SDN-based networks due to dynamic changes in various features and behavioral patterns. Addressing this problem, this research study focuses on effectively designing a multistage hybrid and intelligent deep learning classifier based on modified deep forest classification to detect DDoS attacks in SDN networks. Experimental results depict that the performance accuracy of the proposed classifier is improved when evaluated with standard parameters.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.11
• /
• pp.4543-4552
• /
• 2010

A leader is a special process who roles as the coordinator within multiple processes of a group. In a distributed system, leader election is the procedure of electing a coordinator. This is a very important issue for building fault-tolerant distributed systems. When two normal mobile ad hoc networks are merged, there are two leaders. This violates the safety property, so a mechanism to detect and handle are required. In mobile ad hoc distributed computing system, we propose a leader competition protocol and to prove the temporal logic to it. This solution is based on the group membership detection algorithm.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.69-75
• /
• 2012

MANET(Mobile Ad-hoc Network) is target of many attacks because of dynamic topology and hop-by-hop data transmission method. In MANET, location setting of intrusion detection system is difficult and attack detection using information collected locally is more difficult. The amount of traffic grow, intrusion detection performance will be decreased. In this paper, MANET is composed of zone form and we used random projection technique which reduces dimension without loss of information in order to perform stable intrusion detection in even massive traffic. Global detection node is used to detect attacks which are difficult to detect using only local information. In the global detection node, attack detection is performed using received information from IDS agent and pattern of nodes. k-NN and ZBIDS were experimented to evaluate performance of the proposed technique in this paper. The superiority of performance was confirmed through the experience.