• International journal of advanced smart convergence
• /
• v.5 no.4
• /
• pp.54-56
• /
• 2016

Code-reuse attacks are very dangerous in various systems. This is because they do not inject malicious codes into target systems, but reuse the instruction sequences in executable files or libraries of target systems. Moreover, code-reuse attacks could be more harmful to IoT systems in the sense that it may not be easy to devise efficient and effective mechanism for code-reuse attack detection in resource-restricted IoT devices. In this paper, we propose a detection scheme with using Kullback-Leibler (KL) divergence to combat against code-reuse attacks in IoT. Specifically, we detect code-reuse attacks by calculating KL divergence between the probability distributions of the packets that generate from IoT devices and contain code region addresses in memory system and the probability distributions of the packets that come to IoT devices and contain code region addresses in memory system, checking if the computed KL divergence is abnormal.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.19-24
• /
• 2013

MANET has a highly dynamic topology because it consists of only mobile nodes. Various attacks using these characteristics exist. Among them, damage of the attacks based flooding such as DoS or DDos is large and traceback of the attack node is not easy. It is because route information by moving of intermediate nodes which pass the data changes frequently. In this paper, we propose table-based traceback technique to perform efficient traceback although route information by moving of nodes changes frequently. Cluster head manages route management table in order to form cluster status table and network topology snapshot for storing the location information of mobile nodes when cluster member nodes change. Also, bloom filter is used to reduce the amount of storing route information. The performance of the proposed technique is confirmed through experiment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.203-205
• /
• 2022

As digital transformation and remote work environment advanced by Covid-19 become more common, the scale of leakage damage to industrial secrets and personal information caused by information leakage attacks is increasing. Recently, advanced and persistent information leakage attacks have become a serious security threat because they do not quickly leak large amounts of information, but continuously leak small amounts of information over a long period of time. In this study, we propose a framework for detecting advanced and persistent information leakage attacks based on traffic characteristics. The proposed method can effectively detect advanced and persistent information leakage attacks using traffic patterns, packet sizes, and metadata, even if the payload is encrypted.

• Journal of Information Processing Systems
• /
• v.7 no.4
• /
• pp.691-706
• /
• 2011

Since security and privacy problems in RFID systems have attracted much attention, numerous RFID authentication protocols have been suggested. One of the various design approaches is to use light-weight logics such as bitwise Boolean operations and addition modulo $2^m$ between m-bits words. Because these operations can be implemented in a small chip area, that is the major requirement in RFID protocols, a series of protocols have been suggested conforming to this approach. In this paper, we present new attacks on these lightweight RFID authentication protocols by using the Gr$\ddot{o}$bner basis. Our attacks are superior to previous ones for the following reasons: since we do not use the specific characteristics of target protocols, they are generally applicable to various ones. Furthermore, they are so powerful that we can recover almost all secret information of the protocols. For concrete examples, we show that almost all secret variables of six RFID protocols, LMAP, $M^2AP$, EMAP, SASI, Lo et al.'s protocol, and Lee et al.'s protocol, can be recovered within a few seconds on a single PC.

• Journal of IKEEE
• /
• v.28 no.1
• /
• pp.6-13
• /
• 2024

This paper proposes an approach to detect abnormal data in automotive controller area network (CAN) using an unsupervised learning model, i.e. autoencoder and Gaussian kernel density estimation function. The proposed autoencoder model is trained with only message ID of CAN data frames. Afterwards, by employing the Gaussian kernel density estimation function, it effectively detects abnormal data based on the trained model characterized by the optimally determined number of frames and a loss threshold. It was verified and evaluated using four types of attack data, i.e. DoS attacks, gear spoofing attacks, RPM spoofing attacks, and fuzzy attacks. Compared with conventional unsupervised learning-based models, it has achieved over 99% detection performance across all evaluation metrics.

• Journal of Advanced Navigation Technology
• /
• v.14 no.1
• /
• pp.41-48
• /
• 2010

Intrusion detection forms a vital component of internet security. To keep pace with the growing trends, there is a critical need to replace single layer detection technology with multi layer detection. Different types of Denial of Service (DoS) attacks thwart authorized users from gaining access to the networks and we tried to detect as well as alleviate some of those attacks. We have proposed a novel cross layer intrusion detection architecture to discover the malicious nodes. The information available across different layers of protocol stack are exploited in order to improve the accuracy of detection. We have used cooperative and distributive anomaly intrusion detection with data mining technique to enhance the proposed architecture. The simulation of the proposed architecture is done in OPNET simulator and the results are analyzed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.3
• /
• pp.482-488
• /
• 2009

Mobile Ad-hoc Networks provide communication without a centralized infrastructure, which makes them suitable for communication in disaster areas or when quick deployment is needed. On the other hand, they are susceptible to malicious exploitation and have to face different challenges at different layers due to its open Ad-hoc network structure which lacks previous security measures. Denial of service (DoS) attack is one that interferes with the radio transmission channel causing a jamming attack. In this kind of attack, an attacker emits a signal that interrupts the energy of the packets causing many errors in the packet currently being transmitted. In harsh environments where there is constant traffic, a jamming attack causes serious problems; therefore measures to prevent these types of attacks are required. The objective of this paper is to carry out the simulation of the jamming attack on the nodes and determine the DoS attacks in OPNET so as to obtain better results. We have used effective anomaly detection system to detect the malicious behaviour of the jammer node and analyzed the results that deny channel access by jamming in the mobile Ad-hoc networks.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.63-68
• /
• 2023

In this study, in relation to blockchain protocol and network security, we study the configuration of blockchain and encryption key management methods on smart contracts so that we can have a strong level of response to MITM attacks and DoS/DDoS attacks. It is expected that the use of blockchain technology with enhanced security can be activated through respond to data security threats such as MITM through encryption communication protocols and enhanced authentication, node load balancing and distributed DDoS attack response, secure coding and vulnerability scanning, strengthen smart contract security with secure consensus algorithms, access control and authentication through enhanced user authentication and authorization, strengthen the security of cores and nodes, and monitoring system to update other blockchain protocols and enhance security.

• International Journal of Computer Science & Network Security
• /
• v.21 no.3
• /
• pp.127-133
• /
• 2021

Today, phishing attacks represent one of the biggest security threats targeting users of the digital world. They consist of an attempt to steal sensitive information, such as a user's identity or credit and debit card details, using various methods that include fake emails, fake websites, and fake social media messages. Protecting the user's security and privacy therefore becomes complex, especially when those users are children. Currently, children are participating in Internet activity more frequently than ever before. This activity includes, for example, online gaming, communication, and schoolwork. However, children tend to have a less well-developed knowledge of privacy and security concepts, compared to adults. Consequently, they often become victims of cybercrime. In this paper, the effects of security awareness on users who are children are investigated, looking at their ability to detect phishing attacks in social media. In this approach, two Experiments were conducted to evaluate the effects of security awareness on WhatsApp application users in their daily communication. The results of the Experiments revealed that phishing awareness training has a significant positive effect on the ability of children using WhatsApp to identify phishing messages and thereby avoid attacks.

• Journal of Communications and Networks
• /
• v.18 no.6
• /
• pp.948-961
• /
• 2016

Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the anti-spoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal anti-spoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.