• Title/Summary/Keyword: Malicious attacks

Search Result 447, Processing Time 0.021 seconds

Sequential fusion to defend against sensing data falsification attack for cognitive Internet of Things

  • Wu, Jun;Wang, Cong;Yu, Yue;Song, Tiecheng;Hu, Jing
    • ETRI Journal
    • /
    • v.42 no.6
    • /
    • pp.976-986
    • /
    • 2020
  • Internet of Things (IoT) is considered the future network to support wireless communications. To realize an IoT network, sufficient spectrum should be allocated for the rapidly increasing IoT devices. Through cognitive radio, unlicensed IoT devices exploit cooperative spectrum sensing (CSS) to opportunistically access a licensed spectrum without causing harmful interference to licensed primary users (PUs), thereby effectively improving the spectrum utilization. However, an open access cognitive IoT allows abnormal IoT devices to undermine the CSS process. Herein, we first establish a hard-combining attack model according to the malicious behavior of falsifying sensing data. Subsequently, we propose a weighted sequential hypothesis test (WSHT) to increase the PU detection accuracy and decrease the sampling number, which comprises the data transmission status-trust evaluation mechanism, sensing data availability, and sequential hypothesis test. Finally, simulation results show that when various attacks are encountered, the requirements of the WSHT are less than those of the conventional WSHT for a better detection performance.

A Method for Detecting Unauthorized Access Point over 3G Network (3G망을 사용하는 인가되지 않은 AP 탐지 방법)

  • Kim, I-luk;Cho, Jae-Ik;Shon, Tae-Shik;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.2
    • /
    • pp.259-266
    • /
    • 2012
  • Malicious rogue AP has been used for variety attacks such as packet sniffing and Man-In-The-Middle Attack. It is used for the purpose of data leakage via 3G network within companies, and the unauthorized AP could be a reason of security incidents even though it is not intended. In this paper, we propose the method for detecting unauthorized access point over 3G networks throughout the RTT (Round Trip Time) value for classification. Through the experiments, we show that the method can classify the AP which is installed by normal way and the AP over 3G networks successfully.

Sequence Based Anomaly Detection System for Unmanned Aerial Vehicle (시퀀스 유사도 기반 무인 비행체 이상 탐지 시스템)

  • Seo, Kang Uk;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.1
    • /
    • pp.39-48
    • /
    • 2022
  • In this paper, we propose an anomaly detection system (ADS) to detect anomalies of the in-vehicle network for unmanned aerial vehicle (UAV). The proposed ADS detects the anomalies by measuring the similarity of status messages sequences periodically sent by the UAV to the ground control system. We defined three types of malicious message injection attacks that can be performed on the in-vehicle network of UAV and simulated those attack techniques in the Pixhawk4 quadcopter. The proposed ADS can detect abnormal sequences with accuracy of higher than 96%.

Generate Optimal Number of Features in Mobile Malware Classification using Venn Diagram Intersection

  • Ismail, Najiahtul Syafiqah;Yusof, Robiah Binti;MA, Faiza
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.7
    • /
    • pp.389-396
    • /
    • 2022
  • Smartphones are growing more susceptible as technology develops because they contain sensitive data that offers a severe security risk if it falls into the wrong hands. The Android OS includes permissions as a crucial component for safeguarding user privacy and confidentiality. On the other hand, mobile malware continues to struggle with permission misuse. Although permission-based detection is frequently utilized, the significant false alarm rates brought on by the permission-based issue are thought to make it inadequate. The present detection method has a high incidence of false alarms, which reduces its ability to identify permission-based attacks. By using permission features with intent, this research attempted to improve permission-based detection. However, it creates an excessive number of features and increases the likelihood of false alarms. In order to generate the optimal number of features created and boost the quality of features chosen, this research developed an intersection feature approach. Performance was assessed using metrics including accuracy, TPR, TNR, and FPR. The most important characteristics were chosen using the Correlation Feature Selection, and the malicious program was categorized using SVM and naive Bayes. The Intersection Feature Technique, according to the findings, reduces characteristics from 486 to 17, has a 97 percent accuracy rate, and produces 0.1 percent false alarms.

R2NET: Storage and Analysis of Attack Behavior Patterns

  • M.R., Amal;P., Venkadesh
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.2
    • /
    • pp.295-311
    • /
    • 2023
  • Cloud computing has evolved significantly, intending to provide users with fast, dependable, and low-cost services. With its development, malicious users have become increasingly capable of attacking both its internal and external security. To ensure the security of cloud services, encryption, authorization, firewalls, and intrusion detection systems have been employed. However, these single monitoring agents, are complex, time-consuming, and they do not detect ransomware and zero-day vulnerabilities on their own. An innovative Record and Replay-based hybrid Honeynet (R2NET) system has been developed to address this issue. Combining honeynet with Record and Replay (RR) technology, the system allows fine-grained analysis by delaying time-consuming analysis to the replay step. In addition, a machine learning algorithm is utilized to cluster the logs of attackers and store them in a database. So, the accessing time for analyzing the attack may be reduced which in turn increases the efficiency of the proposed framework. The R2NET framework is compared with existing methods such as EEHH net, HoneyDoc, Honeynet system, and AHDS. The proposed system achieves 7.60%, 9.78%%, 18.47%, and 31.52% more accuracy than EEHH net, HoneyDoc, Honeynet system, and AHDS methods.

In-band Network Telemetry based Network Anomaly Detection Scheme (INT 기반 네트워크 이상 상태 탐지 기술 연구)

  • Lim, Jiyoon;Nam, Sukhyun;Yoo, Jae-Hyoung;Hong, James Won-Ki
    • KNOM Review
    • /
    • v.22 no.3
    • /
    • pp.13-19
    • /
    • 2019
  • Network anomaly detection is a technology that collects information about flows on a network and detects malicious attacks occurring in a network in real time. In-band Network Telemetry (INT) technology provides more detailed information in real time, that is not provided by existing networks, such as hop latency and queue occupancy. In this paper, we propose the method to implement an anomaly detection system with higher performance by using INT as an input feature of machine learning and verify it through experiments.

System implementation for Qshing attack detection (큐싱(Qshing) 공격 탐지를 위한 시스템 구현)

  • Hyun Chang Shin;Ju Hyung Lee;Jong Min Kim
    • Convergence Security Journal
    • /
    • v.23 no.1
    • /
    • pp.55-61
    • /
    • 2023
  • QR Code is a two-dimensional code in the form of a matrix that contains data in a square-shaped black-and-white grid pattern, and has recently been used in various fields. In particular, in order to prevent the spread of COVID-19, the usage increased rapidly by identifying the movement path in the form of a QR code that anyone can easily and conveniently use. As such, Qshing attacks and damages using QR codes are increasing in proportion to the usage of QR codes. Therefore, in this paper, a system was implemented to block movement to harmful sites and installation of malicious codes when scanning QR codes.

The Importance of Ethical Hacking Tools and Techniques in Software Development Life Cycle

  • Syed Zain ul Hassan;Saleem Zubair Ahmad
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.6
    • /
    • pp.169-175
    • /
    • 2023
  • Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.

Mitigation of Phishing URL Attack in IoT using H-ANN with H-FFGWO Algorithm

  • Gopal S. B;Poongodi C
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.7
    • /
    • pp.1916-1934
    • /
    • 2023
  • The phishing attack is a malicious emerging threat on the internet where the hackers try to access the user credentials such as login information or Internet banking details through pirated websites. Using that information, they get into the original website and try to modify or steal the information. The problem with traditional defense systems like firewalls is that they can only stop certain types of attacks because they rely on a fixed set of principles to do so. As a result, the model needs a client-side defense mechanism that can learn potential attack vectors to detect and prevent not only the known but also unknown types of assault. Feature selection plays a key role in machine learning by selecting only the required features by eliminating the irrelevant ones from the real-time dataset. The proposed model uses Hyperparameter Optimized Artificial Neural Networks (H-ANN) combined with a Hybrid Firefly and Grey Wolf Optimization algorithm (H-FFGWO) to detect and block phishing websites in Internet of Things(IoT) Applications. In this paper, the H-FFGWO is used for the feature selection from phishing datasets ISCX-URL, Open Phish, UCI machine-learning repository, Mendeley website dataset and Phish tank. The results showed that the proposed model had an accuracy of 98.07%, a recall of 98.04%, a precision of 98.43%, and an F1-Score of 98.24%.

An Uncertain Graph Method Based on Node Random Response to Preserve Link Privacy of Social Networks

  • Jun Yan;Jiawang Chen;Yihui Zhou;Zhenqiang Wu;Laifeng Lu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.1
    • /
    • pp.147-169
    • /
    • 2024
  • In pace with the development of network technology at lightning speed, social networks have been extensively applied in our lives. However, as social networks retain a large number of users' sensitive information, the openness of this information makes social networks vulnerable to attacks by malicious attackers. To preserve the link privacy of individuals in social networks, an uncertain graph method based on node random response is devised, which satisfies differential privacy while maintaining expected data utility. In this method, to achieve privacy preserving, the random response is applied on nodes to achieve edge modification on an original graph and node differential privacy is introduced to inject uncertainty on the edges. Simultaneously, to keep data utility, a divide and conquer strategy is adopted to decompose the original graph into many sub-graphs and each sub-graph is dealt with separately. In particular, only some larger sub-graphs selected by the exponent mechanism are modified, which further reduces the perturbation to the original graph. The presented method is proven to satisfy differential privacy. The performances of experiments demonstrate that this uncertain graph method can effectively provide a strict privacy guarantee and maintain data utility.