• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.2 s.40
• /
• pp.351-360
• /
• 2006

Proposed security system attacks it, and detect it, and a filter generation, a business to be prompt of interception filtering dates at attack information public information. inner IPS to attack detour setting and a traffic band security, different connection security system, and be attack packet interceptions and service and port interception setting. Exchange new security rule and packet filtering for switch type implementation through dynamic reset memory by real time, and deal with a packet. The attack detection about DDoS, SQL Stammer, Bug bear, Opeserv worm etc. of the 2.5 Gbs which was an attack of a hacker consisted in network performance experiment by real time. Packet by attacks of a hacker was cut off, and ensured the normal inside and external network resources besides the packets which were normal by the results of active renewal.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.2 s.40
• /
• pp.75-82
• /
• 2006

The service use management for keeping up stable and effective environment is hard little by little by according to increase of internet user and being complicated network environment of the Internet little by little. being various of the requirements of the service which is provided and the user demand. And the beginning flag security was limited in IDS, But recently the integrated civil management is coming to be considered seriously according to adventting IDS. Firewall , Security or system. The development of integrated security civil management system to analyze widely through observation and detection at Network or host base, the judgment of attack, and integrated analysis of infiltration information is necessary because of detecting the various type attack.

• Fire Science and Engineering
• /
• v.32 no.6
• /
• pp.40-45
• /
• 2018

The omnidirectional surveillance camera uses the object detection algorithm to level the object by unit so that broadband surveillance can be performed using a fisheye lens and then, it was a field experiment with a system composed of an omnidirectional surveillance camera and a tracking (PTZ) camera. The omnidirectional surveillance camera accurately detects the moving object, displays the squarely, and tracks it in close cooperation with the tracking camera. In the field test of flame detection and temperature of the sensing camera, when the flame is detected during the auto scan, the detection camera stops and the temperature is displayed by moving the corresponding spot part to the central part of the screen. It is also possible to measure the distance of the flame from the distance of 1.5 km, which exceeds the standard of calorific value of 1 km 2,340 kcal. In the performance test of detecting the flame along the distance, it is possible to be 1.5 km in width exceeding $56cm{\times}90cm$ at a distance of 1km, and so it is also adaptable to forest fire. The system is expected to be very useful for safety such as prevention of intrinsic or surrounding fire and intrusion monitoring if it is installed in a petroleum gas storage facility or a storing place for oil in the future.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.315-318
• /
• 2017

Nowadays, Distributed Denial of Service (DDoS) attacks have gained increasing popularity and have been a major factor in a number of massive cyber-attacks. It could easily exhaust the computing and communicating resources of a victim within a short period of time. Therefore, we have to find the method to detect and prevent the DDoS attack. Recently, there have been some researches that provide the methods to resolve above problem, but it still gets some limitations such as low performance of detecting and preventing, scope of method, most of them just use on cloud server instead of network, and the reliability in the network. In this paper, we propose solutions for (1) handling multiple DDoS attacks from multiple IP address and (2) handling the suspicious attacks in the network. For the first solution, we assume that there are multiple attacks from many sources at a times, it should be handled to avoid the conflict when we setup the preventing rule to switches. In the other, there are many attacks traffic with the low volume and same destination address. Although the traffic at each node is not much, the traffic at the destination is much more. So it is hard to detect that suspicious traffic with the sampling based method at each node, our method reroute the traffic to another server and make the analysis to check it deeply.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.35-41
• /
• 2015

Internet of Things has a wide range of vulnerabilities are exposed to information security threats. However, this does not deal with the basic solution, the vaccine does not secure encryption for the data transmission. The encryption and authentication message transmitted from one node to the construction of the secure wireless sensor networks is required. In order to satisfy the constraint, and security requirements of the sensor network, lightweight encryption and authentication technologies, the light key management technology for the sensor environment it is required. Mandatory sensor network security technology, privacy protection technology subchannel attack prevention, and technology. In order to establish a secure wireless sensor networks encrypt messages sent between the nodes and it is important to authenticate. Lightweight it shall apply the intrusion detection mechanism functions to securely detect the presence of the node on the network. From the sensor node is not involved will determine the authenticity of the terminal authentication technologies, there is a need for a system. Network security technology in an Internet environment objects is a technique for enhancing the security of communication channel between the devices and the sensor to be the center.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.27-37
• /
• 2011

The IDS/IPS(Intrusion Detection/Prevention System) has been widely deployed to protect the internal network against internet attacks. Reducing the packet inspection time is one of the most important challenges of improving the performance of the IDS/IPS. Since the IDS/IPS needs to match multiple patterns for the incoming traffic, we may have to apply the multiple pattern matching schemes, some of which use finite automata, while the others use the shift table. In this paper, we first show that the performance of those schemes would degrade with various kinds of pattern sets and payload, and then propose a hybrid multiple pattern matching scheme which combines those two schemes. The proposed scheme is organized to guarantee an appropriate level of performance in any cases. The experimental results using real traffic show that the time required to do multiple pattern matching could be reduced effectively.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.1-8
• /
• 2016

Current indoor intrusion detection and location tracking methods have the weakness in seamless operations in tracking the objective because the object must possess a communicating device and the limitation of the single cell size (approximate $100cm{\times}100cm$) exits. Also, the utilization of CCTV technologies show the shortcomings in tracking when the object disappear the area where the CCTV is not installed or illumination is not enough for capturing the scene (e.g. where the context-awarded system is not installed or low illumination presents). Therefore, in this paper we present an improved in-door tracking system based on sensor networks. Such system is built on a simulated scenario and enables us to detect and extend the area of surveillance as well as actively responding the emergency situation. Through simulated studies, we have demonstrated that the proposed system is capable of supplementing the shortcomings of signal cutting, and of estimating the location of the moving object. We expect the study will improve the better analysis of the intruder behavior, the more effective prevention and flexible response to various emergency situations.