• International Journal of Computer Science & Network Security
• /
• v.24 no.7
• /
• pp.101-107
• /
• 2024

Cloud computing is a widely used technology that has changed the way people and organizations store and access information. This technology is quite versatile, which is why extensive amounts of data can be stored in the cloud. Furthermore, businesses can access various services over the cloud without having to install applications. However, the cloud computing services are provided over a public domain, which means that both trusted and non-trusted users can access the services. Though there are several advantages of cloud computing services, especially to business owners, various challenges are also posed in terms of the privacy and security of information and online services. A kind of threat that is widely faced in the cloud environment is the on/off attack. In this kind of attack, a few entities exhibit proper behavior for a given time period to develop a highly a positive reputation and gather trust, after which they exhibit deception. A viable solution is provided by the given trust model for preventing the attacks. This method works by providing effective security to the cloud services by identifying malicious and inappropriate behaviors through the application of trust algorithms that can identify on-off attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1290-1295
• /
• 2016

Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1220-1227
• /
• 2011

According to the development of IT technology, life itself is becoming the change to Knowledge-based systems or information-based systems. However, the development of IT technology, the cyber attack techniques are improving. And DDoS a crisis occurs frequently, such as cyber terrorism has become a major data leakage. In addition, the various paths of attack from malicious code entering information in the system to work for your company for loss and damage to information assets is increasing. In this environment, the need to preserve the organization and users of information assets to perform ongoing inspections risk management processes within the organization should be established. Processes and managerial, technical, and physical systems by establishing an information security management system should be based. Also, we should be introduced information security product for protecting internal assets from the threat of malicious code incoming to inside except system and process establishment. Therefore we proposed enterprise and government information security enhancement scheme through the introduction of information security management system and information security product in this paper.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.382-389
• /
• 2009

As the use of mobile device is popularized, the needs of variable services of WiMAX technique and the importance of security is increasing. There is a problem that can be easily attacked from a malicious attack because the action is achieved connectionlessly between neighbor link establishing procedure and TEK exchange procedure in mobile WiMAX even though typical 1 hop network security technique is adapted to WiMAX for satisfying these security requirement. In this paper, security connected mechanism which safely connects neighbor link establishing procedure of WiMAX and TEK exchange procedure additional to the basic function provided by IEEE 802.16e standard to satisfy security requirement of mobile WiMAX is proposed. The proposed mechanism strengthens the function of security about SS and BS by application random number and private value which generated by SS and BS to public key of neighbor link establishing procedure and TEK exchange procedure. Also, we can prevent from inside attack like man-in-the-middle which can occur in the request of TEK through cryptographic connection of neighbor link establishing procedure and TEK exchange procedure.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.885-888
• /
• 2015

A secure and effective on-chip bus for detecting and preventing malicious attacks by infected IPs is presented in this paper. Most system inter-connect (on-chip bus) are vulnerable to hardware Trojan (Malware) attack because all data and control signals are routed. A proposed secure bus with modifications in arbitration, address decoding, and wrapping for bus master and slaves is designed using the Advanced High-Performance and Advance Peripheral Bus (AHB and APB Bus). It is implemented with the concept that arbiter checks share of masters and manage infected masters and slaves in every transaction. The proposed hardware is designed with the Xilinx 14.7 ISE and verified using the HBE-SoC-IPD test board equipped with Virtex4 XC4VLX80 FPGA device. The design has a total gate count of 40K at an operating frequency of 250MHz using the $0.13{\mu}m$ TSMC process.

• The KIPS Transactions:PartC
• /
• v.14C no.5
• /
• pp.411-416
• /
• 2007

The General security method of wireless network provides a confidentiality of communication contents based on the cryptographic stability against a malicious host. However, this method exposes the logical and physical addresses of both sender and receiver, so transmission volume and identification of both may be exposed although concealing that content. Covered address scheme that this paper proposes generates an address to which knapsack problem using super increasing sequence is applied, and replaces the addresses of sender and receiver with addresses from super increasing sequence. Also, proposed method changes frequently secret addresses, so a malicious user cannot watch a target system or try to attack the specific host. Proposed method also changes continuously a host address that attacker takes aim at. Accordingly, an attacker who tries to use DDoS attack cannot decide the specific target system.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.209-215
• /
• 2018

In this paper, we propose a method to detect and block Meltdown malicious code which is increasing rapidly using dynamic sandbox tool. Although some patches are available for the vulnerability of Meltdown attack, patches are not applied intentionally due to the performance degradation of the system. Therefore, we propose a method to overcome the limitation of existing signature detection method by using machine learning method for infrastructures without active patches. First, to understand the principle of meltdown, we analyze operating system driving methods such as virtual memory, memory privilege check, pipelining and guessing execution, and CPU cache. And then, we extracted data by using Linux strace tool for detecting Meltdown malware. Finally, we implemented a decision tree based dynamic detection mechanism to identify the meltdown malicious code efficiently.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.606-608
• /
• 2014

Recent smartphone users constantly increases, an increase in malicious applications smartphones indiscretions exists within the Terminal, through the deployment of privacy disclosure, Singh and other victims also are on the rise. A typical personal way to malicious code masquerading as a normal application and install it on the handset of my text message or a personal note, such as personal information, the certificate directory, is the way that leaked. Therefore, to obtain permission to attack the root Terminal event by collecting malware infections and respond to determine whether it is necessary for the technique. In this paper, check the features of a Smartphone in real time systems, to carry out a study on the application throughout the Terminal to collect my attack event analysis, malware infection can determine whether or not the mobile security monitoring system. This prevents a user's personal information and take advantage of the top and spill are expected to be on the field.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1105-1114
• /
• 2021

Due to the recent surge in popularity of cryptocurrency, the threat of cryptojacking, a malicious code for mining cryptocurrencies, is increasing. In particular, web-based cryptojacking is easy to attack because the victim can mine cryptocurrencies using the victim's PC resources just by accessing the website and simply adding mining scripts. The cryptojacking attack causes poor performance and malfunction. It can also cause hardware failure due to overheating and aging caused by mining. Cryptojacking is difficult for victims to recognize the damage, so research is needed to efficiently detect and block cryptojacking. In this work, we take representative distinct symptoms of cryptojacking as an indicator and propose a new architecture. We utilized the K-Nearst Neighbors(KNN) model, which trained computer performance indicators as behavior-based dynamic analysis techniques. In addition, a K-means model, which trained the frequency of malicious script words for script similarity-based static analysis techniques, was utilized. The KNN model had 99.6% accuracy, and the K-means model had a silhouette coefficient of 0.61 for normal clusters.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.81-89
• /
• 2023

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments