• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.295-304
• /
• 2003

Currently security researchers focus on protection of program and data from malicious users and accidents. Therefore, many firewalls and intrusion detection systems have been developed commercially. The intrusion tolerance is a new concept that is the last line of defense for the information survivability. It emphasizes availability and integrity to provide critical system services continuously even when system is compromised. In this paper, we classify current intrusion tolerant technologies from the point of view of program and data. Furthermore, we propose an integrated framework that supports intrusion tolerance of program and data.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.182-190
• /
• 2005

As computers and Internet become popular, many corporations and countries are using information protection system and security network to protect their informations and resources in internet. But the Intrusional possibilities are increases in open network environments such as the Internet. Even though many security systems were developed, the implementation of these systems are mostly application level not kernel level. Also many file protection systems were developed, but they aren't used widely because of their inconvenience in usage. In this paper, we implement a kernel module to support a file protection function using Loadable Kernel Module (LKM) on Linux. When a system is damaged due to intrusion, the file system are easily recovered through periodical file system image backup.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.11
• /
• pp.164-168
• /
• 2015

As Internet use is widespread advertising through the Web, shopping, banking, etc. As the various services offered by the network, the need for Web security is increasing. A security system for the protection of information assets and systems against various types of external hacking threats and unlawful intrusion will require. Intrusion Detection Tool of the paper web will have is to increase the security level, to prevent the loss of resources and labor spent by the individual monitoring of the web. Security intrusion detection system analyzes the cause of the problem of the security vulnerability and exposure of the information on the Web. Using a monitor to determine a fast support of security is to design a security system for the purpose of protecting the information security vulnerability and exposure information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2732-2753
• /
• 2019

With the application of wireless sensor networks in the fields of ecological observation, defense military, architecture and urban management etc., the security problem is becoming more and more serious. Characteristics and constraint conditions of wireless sensor networks such as computing power, storage space and battery have brought huge challenges to protection research. Inspired by the danger theory in biological immune system, this paper proposes an intrusion detection model for wireless sensor networks. The model abstracts expressions of antigens and antibodies in wireless sensor networks, defines meanings and functions of danger signals and danger areas, and expounds the process of intrusion detection based on the danger theory. The model realizes the distributed deployment, and there is no need to arrange an instance at each sensor node. In addition, sensor nodes trigger danger signals according to their own environmental information, and do not need to communicate with other nodes, which saves resources. When danger is perceived, the model acquires the global knowledge through node cooperation, and can perform more accurate real-time intrusion detection. In this paper, the performance of the model is analyzed including complexity and efficiency, and experimental results show that the model has good detection performance and reduces energy consumption.

• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.59-72
• /
• 2003

Recently, the studies of contents protection technique are getting popular in the field of internet DRM(Digital Right Management). But, authentication process of digital contents is different from each implementation. Also, protection technique for the contents rights intrusion adapts each other methodologies. We survey the modeling and system of DRM such as DOI, INDECS, MPEG-21, XrML, and OPIMA standard in this paper.

• Nuclear Engineering and Technology
• /
• v.52 no.12
• /
• pp.2687-2698
• /
• 2020

Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.141-151
• /
• 2017

Nowadays, It is undeniable that the threat of network security is growing as time flows due to worldwide development of wire/wireless, various Internet platform and sophisticated hacking techniques. The amount of traffics that Network security solution has to handle is increasing and recently many occurrence of explosive traffic attacks from PulseWave are being observed which has many similar characteristics to New DDos. Medium and small sized firms abroad have developed and distributed Snort and Suricata that are based on open-source Intrusion Detection System(IDS) / Intrusion Prevention System (IPS). The goal of this study is to compare between Windows7 by applying suicata 4.0.0 32bit version and Ubuntu 16.04.3 LTS by applying suicata 4.0.0 version which is an open source Intrusion Detection System / Intrusion Protection System that uses multi threads method. This experiment's environment was set as followed C1100 server model of Dell, Intel Xeon CPU L5520 2.27GHz*2 with 8 cores and 16 threads, 72GB of RAM, Samsung SSD 250GB*4 of HDD which was set on RAID0. According to the result, Suricata in Ubuntu is superior to Suricata in Windows7 in performance and this result indicates that Ubuntu's performance is far advanced than Windows7. This meaningful result is derived because Ubuntu that applied Suricata used multi core CPU and RAM more effectively.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2001.11a
• /
• pp.109-109
• /
• 2001

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.3
• /
• pp.602-608
• /
• 2014

Smartphones have become commonplace to use smart, BYOD (Bring Your Own Device) spread the trend of domestic WLAN use is intensifying as a result, the security threat will be greatly increased. Even though WLAN vendors such as Cisco Systems Inc,. Aruba networks released WIPS, MDM, DLP etc, however, these solutions can not be easily introduced for small business due to high cost or administrative reasons. In this paper, without the introduction of expensive H/W equipment, in WLAN environments, packet analysis, AP, Station management, security vulnerabilities can be analyzed by the proposed intrusion detection system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.3-13
• /
• 2004

Kvarnstrom et al. ${in}^{[10]}$ proposed a rule protection scheme by using one-way hash function to protect rules in security systems over ubiquitous environment. Son et at. ${in}^{[5-6]}$ also prooposed a rule protection scheme for Snort, which is one of the most common IDS. These schemes provide security only for the header information but not for its contents. To solve this problem, this paper presents a scheme based on the symmetric cryptosystem over Snort not only for the header information but also contents. This paper uses the key management based on PCMCIA security module proposed ${by}^{[12]}$ for the symmetric cryptosystem. Our scheme could be adjusted to other security systems, which use the rule based detection.