• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1325-1336
• /
• 2012

In the past about 10 different kinds of malicious code were found in one day on the average. However, the number of malicious codes that are found has rapidly increased reachingover 55,000 during the last 10 year. A large number of malicious codes, however, are not new kinds of malicious codes but most of them are new variants of the existing malicious codes as same functions are newly added into the existing malicious codes, or the existing malicious codes are modified to evade anti-virus detection. To deal with a lot of malicious codes including new malicious codes and variants of the existing malicious codes, we need to compare the malicious codes in the past and the similarity and classify the new malicious codes and the variants of the existing malicious codes. A former calculation method of the similarity on the existing malicious codes compare external factors of IPs, URLs, API, Strings, etc or source code levels. The former calculation method of the similarity takes time due to the number of malicious codes and comparable factors on the increase, and it leads to employing fuzzy hashing to reduce the amount of calculation. The existing fuzzy hashing, however, has some limitations, and it causes come problems to the former calculation of the similarity. Therefore, this research paper has suggested a new comparison method for malicious codes to improve performance of the calculation of the similarity using fuzzy hashing and also a classification method employing the new comparison method.

• ETRI Journal
• /
• v.36 no.5
• /
• pp.865-875
• /
• 2014

Voice phishing (vishing) uses social engineering, based on people's trust in telephone services, to trick people into divulging financial data or transferring money to a scammer. In a vishing attack, a scammer often modifies the telephone number that appears on the victim's phone to mislead the victim into believing that the phone call is coming from a trusted source, since people typically judge a caller's legitimacy by the displayed phone number. We propose a system named iVisher for detecting a concealed incoming number (that is, caller ID) in Session Initiation Protocol-based Voice-over-Internet Protocol initiated phone calls. Our results demonstrate that iVisher is capable of detecting a concealed caller ID without significantly impacting upon the overall call setup time.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.571-574
• /
• 2002

In a recent wireless network environments, dynamic host configuration protocol (BHCP) service is used to assign IP addresses to mobile terminals. In IPv6 networks, it is necessary to introduce the concept of handoff to support a seamless service to mobile terminals. In a general soft handoff technique used by code-division multiple acces (CDMA) communication systems, the powers received to base station are simply compared to determine which base station will handle the signal to and from each mobile termins. However, in IPv6 network, to transmit data-oriented services, it is necessary to support an enhanced soft handoff technique with more security and quality of service. In this paper, we propose a scheme to reduce a signaling process of handoff in IPv6 network. Also, we propose a technique to reduce wasted reservation resources and to guarantee quality of service (QoS) using DHCP.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.697-705
• /
• 2014

For enhancing network efficiency, content-centric networking (CCN) allows network nodes to temporally cache a transmitted response message(Data) and then to directly respond to a request message (Interest) for previously cached contents. Also, CCN is designed to utilize a hierarchical content-name for transmitting Interest/Data instead of a host identity like IP address. This content-name included in Interest/Data reveals both content information itself and the structure of network domain of a content source which is needed for transmitting Interest/Data. To make matters worse, This content-name is human-readable like URL. Hence, through analyzing the content-name in Interest/Data, it is possible to analyze the creator of the requested contents. Also, hosts around the requester can analyze contents which are asked by the requester. Hence, for securely implementing CCN, it is essentially needed to make the content-name illegible. In this paper, we propose content-name encoding schemes for CCN so as to make the content-name illegible and evaluate the performance of our proposal.

• Review of KIISC
• /
• v.28 no.2
• /
• pp.5-11
• /
• 2018

지능형 지속 위협(Advanced Persistent Threat) 공격은 Intrusion Kill Chain과 같은 일련의 단계로 구성되어 있기 때문에 특정 단계가 차단되면 공격은 실패하게 된다. Moving Target Defense(MTD)는 보호대상의 주요 속성(네트워크, 운영체제, 소프트웨어, 데이터)을 변화시켜 Intrusion Kill Chain을 구성하는 각 단계를 차단하는 능동적 사전 보안 기술이다. MTD 전략 중에서 네트워크 주소 변이(Network Address Mutation) 기술은 보호대상의 네트워크 주소(IP. Port)를 능동적으로 변이하는 기술로써, Intrusion Kill Chain의 첫 단계인 정찰(Reconnaissance) 행위에 소요되는 비용을 급격하게 증가시킬 수 있는 효율적인 보안 기술이다. 본 논문은 네트워크 주소 변이 기술 분야의 관련 연구들을 살펴보고 네트워크 주소 변이 기술 설계 시 고려해야하는 보안 요구사항과 기능 요구사항을 제안한다.

• Communications of the Korean Mathematical Society
• /
• v.22 no.1
• /
• pp.65-74
• /
• 2007

Suppose that $\mu$ is a finite positive Borel measure on bounded symmetric domain $\Omega{\subset}\mathbb{C}^n\;and\;\nu$ is the Euclidean volume measure such that $\nu(\Omega)=1$. Suppose 1 < p < $\infty$ and r > 0. In this paper, we will show that the norms $sup\{\int_\Omega{\mid}k_z(w)\mid^2d\mu(w)\;:\;z\in\Omega\}$, $sup\{\int_\Omega{\mid}h(w)\mid^pd\mu(w)/\int_\Omega{\mid}h(w)^pd\nu(w)\;:\;h{\in}L_a^p(\Omega,d\nu),\;h\neq0\}$ and $$sup\{\frac{\mu(E(z,r))}{\nu(E(z,r))}\;:\;z\in\Omega\}$$ are are all equivalent. We will also show that the inclusion mapping $ip\;:\;L_a^p(\Omega,d\nu){\rightarrow}L^p(\Omega,d\mu)$ is compact if and only if lim $w\rightarrow\partial\Omega\frac{\mu(E(w,r))}{\nu(E(w,r))}=0$.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.349-352
• /
• 2005

네트워크 프린터 방식은 가정 및 사무환경 내부의 각종 출력 장치를 하나의 통신망으로 통합하여 사용할 수 있는 프린터 솔루션을 제공한다. 네트워크 프린터 환경은 사용 인원 증가로 인한 각종 장애 요인 발생으로 실시간 오류 검지 서비스의 필요성이 요구 되었다. 본 논문에서는 네트워크 프린터 환경의 장애 발생 시에 대한 문제점을 빠르고 정확하게 판단할 수 있도록 오류검지 시스템을 설계 및 구현하였다. 이를 위해 Winsock을 통해 API 설정을 하였고, Packet 분석을 통해 장애를 발생 시켰던 Client PC의 IP를 참조하여 문제를 해결함으로서 네트워크 프린터 솔루션의 효율적인 관리를 할 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1067-1070
• /
• 2005

최근 지식정보 기술의 발달했으나 이의 역기능으로 해킹, 바이러스와 같은 보안침해사고가 증가하게 되었으며, 보안침해사고로부터 자신의 정보 자산과 정보기기를 보호하기 위해 컴퓨터 포렌식스가 등장하게 되었다. 그러나 디지털 증거의 잠재성, 취약성, 디지털성, 방대성 때문에 증거수집에 어려움이 있다. 본 논문에서는 포렌식스 절차별 사용도구를 분석하고, 이의 문제점인 정보, 무결성 부족등을 바탕으로 컴퓨터 포렌식스 증거수집 시스템을 제안 하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4641-4657
• /
• 2017

Named Data Networking (NDN) has emerged and become one of the most promising architectures for future Internet. However, like traditional IP-based networking paradigm, NDN may not evade some typical network threats such as malicious data aggregates (MDA), which may lead to bandwidth exhaustion, traffic congestion and router overload. This paper firstly analyzes the damage effect of MDA using realistic simulations in large-scale network topology, showing that it is not just theoretical, and then designs a fine-grained MDA mitigation mechanism (MDAM) based on the cooperation between routers via alert messages. Simulations results show that MDAM can significantly reduce the Pending Interest Table overload in involved routers, and bring in normal data-returning rate and data-retrieval delay.

• Journal of Communications and Networks
• /
• v.14 no.6
• /
• pp.606-613
• /
• 2012

In a smart grid environment, data for the usage and control of power are transmitted over an Internet protocol (IP)-based network. This data contains very sensitive information about the user or energy service provider (ESP); hence, measures must be taken to prevent data manipulation. Mutual authentication between devices, which can prevent impersonation attacks by verifying the counterpart's identity, is a necessary process for secure communication. However, it is difficult to apply existing signature-based authentication in a smart grid system because smart meters, a component of such systems, are resource-constrained devices. In this paper, we consider a smart meter and propose an efficient mutual authentication protocol. The proposed protocol uses a matrix-based homomorphic hash that can decrease the amount of computations in a smart meter. To prove this, we analyze the protocol's security and performance.