• Journal of Convergence Society for SMB
• /
• v.6 no.1
• /
• pp.17-23
• /
• 2016

Recently, Internet services via various devices including smartphone have become available. Because of the development of ICT, numerous hacking incidents have occurred and most of those attacks turned out to be APT attacks. APT attack means an attack method by which a hacker continues to collect information to achieve his goal, and analyzes the weakness of the target and infects it with malicious code, and being hidden, leaks the data in time. In this paper, we examine the information collection method the APT attackers use to invade the target system in a short time using big data, and we suggest and evaluate the countermeasure to protect against the attack method using big data.

• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.17-22
• /
• 2013

Impersonation attack, based on vulnerable security of SIP, facilitate a intruder to take malicious actions such as toll fraud and session hijacking. This paper suggests a new technique for a countermeasure. When receiving a register request message, registrar checks whether the value of Form header or the value of Call-ID header is stored in location server or not. If the record containing either of them are stored and periodically updated, we regard that message as impersonation attack and discard it. Since this technique uses the information stored in server instead of adding encryption mechanism for user authentication, it can easily build securer SIP environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4B
• /
• pp.288-299
• /
• 2012

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.117-125
• /
• 2019

Deep Learning, which is being used in various fields recently, is being threatened with Adversarial Attack. In this paper, we experimentally verify that the classification accuracy is lowered by adversarial samples generated by malicious attackers in image classification models. We used MNIST dataset and measured the detection accuracy by injecting adversarial samples into the Autoencoder classification model and the CNN (Convolution neural network) classification model, which are created using the Tensorflow library and the Pytorch library. Adversarial samples were generated by transforming MNIST test dataset with JSMA(Jacobian-based Saliency Map Attack) and FGSM(Fast Gradient Sign Method). When injected into the classification model, detection accuracy decreased by at least 21.82% up to 39.08%.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.2-4
• /
• 2021

In a distributed machine learning system, sharing gradients was considered safe because it did not share original training data. However, recent studies found that malicious attacker could completely restore the original training data from shared gradients. Gradient Leakage Attack is a technique that restoring original training data by exploiting theses vulnerability. In this study, we present the image transformation method based on Discrete Cosine Transform to defend against the Gradient Leakage Attack on the federated learning setting, which training in local devices and sharing gradients to the server. Experiment shows that our image transformation method cannot be completely restored the original data from Gradient Leakage Attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.7
• /
• pp.1916-1934
• /
• 2023

The phishing attack is a malicious emerging threat on the internet where the hackers try to access the user credentials such as login information or Internet banking details through pirated websites. Using that information, they get into the original website and try to modify or steal the information. The problem with traditional defense systems like firewalls is that they can only stop certain types of attacks because they rely on a fixed set of principles to do so. As a result, the model needs a client-side defense mechanism that can learn potential attack vectors to detect and prevent not only the known but also unknown types of assault. Feature selection plays a key role in machine learning by selecting only the required features by eliminating the irrelevant ones from the real-time dataset. The proposed model uses Hyperparameter Optimized Artificial Neural Networks (H-ANN) combined with a Hybrid Firefly and Grey Wolf Optimization algorithm (H-FFGWO) to detect and block phishing websites in Internet of Things(IoT) Applications. In this paper, the H-FFGWO is used for the feature selection from phishing datasets ISCX-URL, Open Phish, UCI machine-learning repository, Mendeley website dataset and Phish tank. The results showed that the proposed model had an accuracy of 98.07%, a recall of 98.04%, a precision of 98.43%, and an F1-Score of 98.24%.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• The Journal of the Korea Contents Association
• /
• v.8 no.6
• /
• pp.54-65
• /
• 2008

When DDoS attack is achieved, malicious host discovering is more difficult on wireless network than existing wired network environment. Specially, because wireless network is weak on wireless user authentication attack and packet spoofing attack, advanced technology should be studied in reply. Integrated Access Device (IAD) that support VoIP communication facility etc with wireless routing function recently is developed and is distributed widely. IAD is alternating facility that is offered in existent AP. Therefore, advanced traffic classification function and real time attack detection function should be offered in IAD on wireless network environment. System that is presented in this research collects client information of wireless network that connect to IAD using AirSensor. And proposed mechanism also offers function that collects the wireless client's attack packet to monitoring its legality. Also the proposed mechanism classifies and detect the attack packet with W-TMS system that was received to IAD. As a result, it was possible for us to use IAD on wireless network service stably.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.3-10
• /
• 2004

A Wireless Lan has an importance of access control, because we can use wireless Internet via AP(Access Point). Moreover, to use wireless LAN, we will go through authentication process of EAP. DoS(Denial of Service) attack is one of the fatal attack about these AP access and authentication process. That is, if malicious attacker keeps away access of AP or consumes memory of server and calculation ability of CPU and etc. compulsorily in authentication process, legal user can't get any services. In this paper, we presents the way of protection against the each attack that is classified into access control, allocation of resource, attack on authentication protocol. The first thing, attack to access control, is improved by pre-verification and the parameter of security level. The second, attack of allocation of resource, is done by partial stateless protocol. And the weak of protocol is done by time-stamp and parameter of access limitation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1237-1246
• /
• 2020

Recently, several cache side channel attacks have been proposed to extract secret information by exploiting design flaws of the microarchitecture. The Flush+Reload attack, one of the cache side channel attack, can be applied to malicious application attacks due to its properties of high resolution and low noise. In this paper, we proposed a detection system, which detects the cache-based attacks using the PCM(Performance Counter Monitor) for monitoring CPU cache activity. Especially, we observed the variation of each counter value of PCM in case of two kinds of attacks, Spectre attack and secret recovering attack during AES encryption. As a result, we found that four hardware counters were sensitive to cache side channel attacks. Our detector based on machine learning including SVM(Support Vector Machine), RF(Random Forest) and MLP(Multi Level Perceptron) can detect the cache side channel attacks with high detection accuracy.