• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.83-90
• /
• 2012

MANET(Mobile Ad-Hoc Network) has a weakness from a security aspect because it operates where no wired network is built, which causes the exposed media, dynamic topology, and the lack of both central monitoring and management. It is especially difficult to detect and mitigate a malicious node because there is not a mediator which controls the network. This kind of malicious node is closely connected to the routing in the field of study of Ad-Hoc security. Accordingly this paper proposes the method on how to enhance the security for the safe and effective routing by detecting the malicious node. We propose MBC(Identification technition of Malicious Behavior node based on Collaboration in MANET) that can effectively cope with malicious behavior though double detecting the node executing the malicious behavior by the collaboration between individual node and the neighbor, and also managing the individual nodes in accordance with the trust level obtained. The simulation test results show that MBC can find the malicious nodes more accurately and promptly that leads to the more effectively secure routing than the existing method.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.5
• /
• pp.103-117
• /
• 2009

In MANET(Mobile Ad-Hoc Network), providing security to routing has been a significant issue recently. Existing studies, however, focused on either of secure routing or packet itself where malicious operations occur. In this paper, we propose SRPPnT(A Secure Routing Protocol in MANET based on Malicious Pattern of Node and Trust Level) that consider both malicious behavior on packet and secure routing. SRPPnT is identify the node where malicious activities occur for a specific time to compose trust levels for each node, and then to set up a routing path according to the trust level obtained. Therefore, SRPPnT is able to make efficient countermeasures against malicious operations. SRPPnT is based on AODV(Ad-Hoc On-Demand Distance Vector Routing). The proposed SRPPnT, from results of the NS-2 network simulation. shows a more prompt and accurate finding of malicious nodes than previous protocols did, under the condition of decreased load of networks and route more securely.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.3
• /
• pp.35-45
• /
• 2013

MANET has a weak point because it allows access from not only legal nodes but also illegal nodes. Most of the MANET researches had been focused on attack on routing path or packet forwarding. Nevertheless, there are insuffcient studies on a comprehensive approach to detect various attacks on malicious nodes at packet forwarding processes. In this paper, we propose a technique, named DTecBC (detection technique of malicious node behaviors based on collaboration), which can handle more effciently various types of malicious node attacks on MANET environment. The DTecBC is designed to detect malicious nodes by communication between neighboring nodes, and manage malicious nodes using a maintain table. OPNET tool was used to compare with Watchdog, CONFIDANT, SRRPPnT for verifying effectiveness of our approach. As a result, DTecBC detects various behaviors of malicious nodes more effectively than other techniques.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.4
• /
• pp.95-101
• /
• 2013

MANET has an advantage that can build a network quickly and easily in difficult environment to build network. In particular, routing protocol that uses in existing mobile environment cannot be applied literally because it consists of only mobile node. Thus, routing protocol considering this characteristic is necessary. Malicious nodes do extensive damage to the whole network because each mobile node has to act as a router. In this paper, we propose technique that can detect accurately the suspected node which causes severely damage to the performance of the network. The proposed technique divides the whole network to zone of constant size and is performed simultaneously detection technique based zone and detection technique by collaboration between nodes. Detection based zone translates the information when member node finishes packet reception or transmission to master node managing zone and detects using this. The collaborative detection technique uses the information of zone table managing in master node which manages each zone. The proposed technique can reduce errors by performing detection which is a reflection of whole traffic of network.

• Journal of IKEEE
• /
• v.23 no.4
• /
• pp.1469-1472
• /
• 2019

CAN bus in automotive applications does not assign node addresses. When a node is hacked and it transmits malicious data frame, it is difficult to resolve which node is hacked. However, this CAN bus internal attack seriously threatens the safety of a car, so a prompt counterattack is necessary in the CAN bus physical layer. This paper proposes a counterattack method against malicious CAN bus internal attack. When a malicious data frame is detected, an intrusion detection system in the CAN bus increases the error counter of the malicious node. Then, the malicious node is off from the bus when its error counter exceeds its limit. A CAN controller with the proposed method is implemented in Verilog HDL, and the proposed method is proved to counterattack against malicious CAN bus internal attack.

• The Journal of the Korea Contents Association
• /
• v.9 no.1
• /
• pp.115-122
• /
• 2009

In this paper, we proposed scheme that we use a difference of timestamp in time in Ubiquitous environments as we use the Diffie-Hellman method that OTP was applied to when it deliver a key between nodes, and can detect a malicious node at these papers. Existing methods attempted the malicious node detection in the ways that used correct synchronization or directed antenna in time. We propose an intermediate malicious node detection way at these papers without an directed antenna addition or the Trusted Third Party (TTP) as we apply the OTP which used timestamp to a Diffie-Hellman method, and we verify safety regarding this. A way to propose at these papers is easily the way how application is possible in Ubiquitous environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.9
• /
• pp.1264-1270
• /
• 2018

Blockchain is a technology that directly connects each node to P2P method, except for the central server. A public blockchain is one of the blockchain types, anyone can participate without any restriction. If some node find nonce, which node can broadcasted data to all nodes. At this time, if a node that finds a nonce hides malicious code in the block, all nodes participating in the chain may be infected with malicious code due to the characteristics of the decentralization system of the blockchain. In this paper, to solve the problem that hackers can participate as an any node, we propose that a user with malicious intent can not participate as a node through a firewall with AI technology. This will improve the reliability of the propagated data over existing data.

• Journal of Computing Science and Engineering
• /
• v.6 no.3
• /
• pp.179-192
• /
• 2012

This paper presents novel statistical algorithms for protecting the iTrust information retrieval network against malicious attacks. In iTrust, metadata describing documents, and requests containing keywords, are randomly distributed to multiple participating nodes. The nodes that receive the requests try to match the keywords in the requests with the metadata they hold. If a node finds a match, the matching node returns the URL of the associated information to the requesting node. The requesting node then uses the URL to retrieve the information from the source node. The novel detection algorithm determines empirically the probabilities of the specific number of matches based on the number of responses that the requesting node receives. It also calculates the analytical probabilities of the specific numbers of matches. It compares the observed and the analytical probabilities to estimate the proportion of subverted or non-operational nodes in the iTrust network using a window-based method and the chi-squared statistic. If the detection algorithm determines that some of the nodes in the iTrust network are subverted or non-operational, then the novel defensive adaptation algorithm increases the number of nodes to which the requests are distributed to maintain the same probability of a match when some of the nodes are subverted or non-operational as compared to when all of the nodes are operational. Experimental results substantiate the effectiveness of the detection and defensive adaptation algorithms for protecting the iTrust information retrieval network against malicious attacks.

• Journal of information and communication convergence engineering
• /
• v.9 no.6
• /
• pp.676-682
• /
• 2011

Sybil attack can disrupt proper operations of wireless sensor network by forging its sensor node to multiple identities. To protect the sensor network from such an attack, a number of countermeasure methods based on RSSI (Received Signal Strength Indicator) and LQI (Link Quality Indicator) have been proposed. However, previous works on the Sybil attack detection do not consider the fact that Sybil nodes can change their RSSI and LQI strength for their malicious purposes. In this paper, we present a Sybil attack detection method based on a transmission power range. Our proposed method initially measures range of RSSI and LQI from sensor nodes, and then set the minimum, maximum and average RSSI and LQI strength value. After initialization, monitoring nodes request that each sensor node transmits data with different transmission power strengths. If the value measured by monitoring node is out of the range in transmission power strengths, the node is considered as a malicious node.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.3-10
• /
• 2023

In the malware distribution network existing on the web, there is a central node that plays a key role in distributing malware. If you find and block this node, you can effectively block the propagation of malware. In this study, a centrality search method applied with risk analysis in a complex network is proposed, and a method for finding a core node in a malware distribution network is introduced through this approach. In addition, there is a big difference between a benign network and a malicious network in terms of in-degree and out-degree, and also in terms of network layout. Through these characteristics, we can discriminate between malicious and benign networks.