• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.21-28
• /
• 2012

Recently, the necessity for good techniques of detecting network traffic attack has increased. In this paper, we suggest a new method of detecting abnormal patterns of network traffic data by visualizing their IP and port information into two dimensional images. The proposed approach first generates four 2D images from IP data of transmitters and receivers, and makes one 2D image from port data. Analyzing those images, it then extracts their major features such as linear patterns or high intensity values, and determines if traffic data contain DDoS or DoS Attacks. To comparatively evaluate the performance of the proposed algorithm, we show that our abnormal pattern detection method outperforms the existing algorithm in terms of accuracy and speed.

• Journal of Digital Convergence
• /
• v.19 no.9
• /
• pp.463-468
• /
• 2021

Although the IoT is showing explosive growth due to the development of technology and the spread of IoT devices and activation of services, serious security risks and financial damage are occurring due to the activities of various botnets. Therefore, it is important to accurately and quickly detect the activities of these botnets. As security in the IoT environment has characteristics that require operation with minimum processing performance and memory, in this paper, the minimum characteristics for detection are selected, and KNN (K-Nearest Neighbor), Naïve Bayes, Decision Tree, Random A comparative study was conducted on the performance of machine learning algorithms such as Forest to detect botnet activity. Experimental results using the Bot-IoT dataset showed that KNN can detect DDoS, DoS, and Reconnaissance attacks most effectively and efficiently among the applied machine learning algorithms.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.7
• /
• pp.3191-3196
• /
• 2011

Smart home system are being installed in the most new construction of building for the convenience of living life. As smart home systems are becoming more common and their diffusion rates are faster, hacker's attack for the smart home system will be increased. In this paper, Risk level of smart home's to do respond to intrusion that occurred from the wired network and wireless network intrusion cases and attacks can occur in a virtual situation created scenarios to build a database. This is based on the smart home users vulnerable to security to know finding illegal intrusion traffic in real-time and attack prevent was designed the intrusion detection algorithm.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• Journal of the Korea Convergence Society
• /
• v.3 no.3
• /
• pp.7-12
• /
• 2012

mVoIP (mobile Voice over Internet Protocol) service is a technology to transmit voice data through an IP network using mobile device. mVoIP provides various supplementary services with low communication cost. It can maximize the availability and efficiency by using IP-based network resources. In addition, the users can use voice call service at any time and in any place, as long as they can access the Internet on mobile device easily. However, SIP on mobile device is exposed to IP-based attacks and threats. Observed cyber threats to SIP services include wiretapping, denial of service, and service misuse, VoIP spam which are also applicable to existing IP-based networks. These attacks are also applicable to SIP and continuously cause problems. In this study, we analysis the threat and vulnerability on mVoIP service and propose several possible attack scenarios on existing mobile VoIP devices. Based on a proposed analysis and vulnerability test mechanism, we can construct more enhanced SIP security mechanism and stable mobile VoIP service framework after eliminating its vulnerability on mobile telephony system.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.139-145
• /
• 2023

These days, protecting location privacy has become essential and really challenging, especially protecting it from smart applications and services that rely on Location-Based Services (LBS). As the technology and the services that are based on it are developed, the capability and the experience of the attackers are increased. Therefore, the traditional protection ways cannot be enough and are unable to fully ensure and preserve privacy. Previously, a hybrid approach to privacy has been introduced. It used an obfuscation technique, called Double-Obfuscation Approach (DOA), to improve the privacy level. However, this approach has some weaknesses. The most important ones are the fog nodes that have been overloaded due to the number of communications. It is also unable to prevent the Tracking and Identification attacks in the Mix-Zone technique. For these reasons, this paper introduces a developed and enhanced approach, called Multi-Obfuscation Approach (MOA that mainly depends on the communication between neighboring fog nodes to overcome the drawbacks of the previous approach. As a result, this will increase the resistance to new kinds of attacks and enhance processing. Meanwhile, this approach will increase the level of the users' privacy and their locations protection. To do so, a big enough memory is needed on the users' sides, which already is available these days on their devices. The simulation and the comparison prove that the new approach (MOA) exceeds the DOA in many Standards for privacy protection approaches.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.9
• /
• pp.89-96
• /
• 2021

In this paper, we analyzed that the user authentication scheme for TMIS(Telecare Medicine Information System) proposed by Al-Saggaf et al. In 2019, Al-Saggaf et al. proposed authentication scheme using biometric information, Al-Saggaf et al. claimed that their authentication scheme provides high security against various attacks along with very low computational cost. However in this paper after analyzing Al-Saggaf et al's authentication scheme, the Al-Saggaf et al's one are missing random number s from the DB to calculate the identity of the user from the server, and there is a design error in the authentication scheme due to the lack of delivery method. Al-Saggaf et al also claimed that their authentication scheme were safe against a variety of attacks, but were vulnerable to password guessing attack using login request messages and smart cards, session key exposure and insider attack. An attacker could also use a password to decrypt the stored user's biometric information by encrypting the DB with a password. Exposure of biometric information is a very serious breach of the user's privacy, which could allow an attacker to succeed in the user impersonation. Furthermore, Al-Saggaf et al's authentication schemes are vulnerable to identity guessing attack, which, unlike what they claimed, do not provide significant user anonymity in TMIS.

• Bulletin of the Korean Chemical Society
• /
• v.33 no.9
• /
• pp.3048-3054
• /
• 2012

The use of aspirin is widely recommended for the prevention of heart attacks owing to its ability to inhibit platelet activation by irreversibly blocking cyclooxygenase 1. However, aspirin also affects the fibrinolytic and hemostatic pathways by mechanisms that are not well understood, causing severe hemorrhagic complications. Here, we investigated the ability of aspirin and aspirin metabolites to inhibit thrombin-activatable fibrinolysis inhibitor (TAFI), the major inhibitor of plasma fibrinolysis. TAFI is activated via proteolytic cleavage by the thrombin-thrombomodulin complex to TAFIa, a carboxypeptidase B-like enzyme. TAFIa modulates fibrinolysis by removing the C-terminal arginine and lysine residues from partially degraded fibrin, which in turn inhibits the binding of plasminogen to fibrin clots. Aspirin and its major metabolites, salicylic acid, gentisic acid, and salicyluric acid, inhibit TAFIa carboxypeptidase activity. Salicyluric acid effectively blocks activation of TAFI by thrombin-thrombomodulin; however, salicylates do not inhibit carboxypeptidase N or pancreatic carboxypeptidase B. Aspirin and other salicylates accelerated the dissolution of fibrin clots and reduced thrombus formation in an in vitro model of fibrinolysis. Inhibition of TAFI represents a novel hemostatic mechanism that contributes to aspirin's therapy-associated antithrombotic activity and hemorrhagic complications.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.37-38
• /
• 2006

In this paper, we describe a security problem of IPsec. And we propose a solution for this problem. The problem is a fragility of IPsec Gateway which is used in tunnel mode. The role of IPsec Gateway is encrypting or decrypting IPsec packets. Because of the role of IPsec Gateway, IPsec Gateway suffers overhead for decrypting numerous packets. Adversaries can easily attack IPsec Gateway using a DDoS attack. To solve this problem, we propose the "Priority based Random Packet Drop" method. In this method, the white list which is a list of normal users is created. After that, according to the frequency of uses, the method marks priorities of random drops to the white list. If anomalous traffic appeared, this method will drop many packets which consist of anomalous traffic. In simple experiment, we show our solution is proper to defend IPsec Gateway. For this experiment, we use empirical backbone traffic which includes DoS attacks.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.3-10
• /
• 2011

Recently, due to a series of DDoS attacks, government agencies have enhanced security measures and business-related legislation. However, service attack and large network violations or accidents are most likely to occur repeatedly in the near future. In order to prevent this problem, researches must be conducted to predict the vulnerability in advance. The existing research methods do not state the specific data used for the base of the prediction, making the method more complex and imprecise. Therefore this study was conducted using the vulnerability data used for the basis of machine learning technology prediction, which were retrieved from a reputable organization. Also, the study suggested ways to predict the future vulnerabilities based on the weaknesses found in prior methods, and certified the efficiency using experiments.