• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권8호
• /
• pp.3888-3910
• /
• 2018

As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권8호
• /
• pp.2764-2782
• /
• 2021

Existing city-level boundary nodes identification methods need to locate all IP addresses on the path to differentiate which IP is the boundary node. However, these methods are susceptible to time-delay, the accuracy of location information and other factors, and the resource consumption of locating all IPes is tremendous. To improve the recognition rate and reduce the locating cost, this paper proposes an algorithm for city-level boundary node identification based on bidirectional approaching. Different from the existing methods based on time-delay information and location results, the proposed algorithm uses topological analysis to construct a set of candidate boundary nodes and then identifies the boundary nodes. The proposed algorithm can identify the boundary of the target city network without high-precision location information and dramatically reduces resource consumption compared with the traditional algorithm. Meanwhile, it can label some errors in the existing IP address database. Based on 45,182,326 measurement results from Zhengzhou, Chengdu and Hangzhou in China and New York, Los Angeles and Dallas in the United States, the experimental results show that: The algorithm can accurately identify the city boundary nodes using only 20.33% location resources, and more than 80.29% of the boundary nodes can be mined with a precision of more than 70.73%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권5호
• /
• pp.2674-2697
• /
• 2019

Identity authentication is a crucial line of defense for network security, and passwords are still the mainstream of identity authentication. So far trawling password attacking has been extensively studied, but the research related with personal information is always sporadic. Probabilistic context-free grammar (PCFG) and Markov chain-based models perform greatly well in trawling guessing. In this paper we propose a systematic targeted attacking model based on structure partition and string reorganization by migrating the above two models to targeted attacking, denoted as TG-SPSR. In structure partition phase, besides dividing passwords to basic structure similar to PCFG, we additionally define a trajectory-based keyboard pattern in the basic grammar and introduce index bits to accurately characterize the position of special characters. Moreover, we also construct a BiLSTM recurrent neural network classifier to characterize the behavior of password reuse and modification after defining nine kinds of modification rules. Extensive experimental results indicate that in online attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 275%, and respectively outperforms its foremost counterparts, Personal-PCFG, TarGuess-I, by about 70% and 19%; In offline attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 90%, outperforms Personal-PCFG and TarGuess-I by 85% and 30%, respectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권11호
• /
• pp.5588-5613
• /
• 2018

Virtualization technology has been widely applied in the area of computer security research that provides a new method for system protection. It has been a hotspot in system security research at present. Virtualization technology brings new risk as well as progress to computer operating system (OS). A multi-level perception security model using virtualization is proposed to deal with the problems of over-simplification of risk models, unreliable assumption of secure virtual machine monitor (VMM) and insufficient integration with virtualization technology in security design. Adopting the enhanced isolation mechanism of address space, the security perception units can be protected from risk environment. Based on parallel perceiving by the secure domain possessing with the same privilege level as VMM, a mechanism is established to ensure the security of VMM. In addition, a special pathway is set up to strengthen the ability of information interaction in the light of making reverse use of the method of covert channel. The evaluation results show that the proposed model is able to obtain the valuable risk information of system while ensuring the integrity of security perception units, and it can effectively identify the abnormal state of target system without significantly increasing the extra overhead.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권11호
• /
• pp.3163-3181
• /
• 2023

Eavesdropping attacks have seriously threatened network security. Attackers could eavesdrop on target nodes and link to steal confidential data. In the traditional network architecture, the static routing path and the important nodes determined by the nature of network topology provide a great convenience for eavesdropping attacks. To resist monitoring attacks, this paper proposes a random routing mutation defense method based on dynamic path weight (DPW-RRM). It utilizes network centrality indicators to determine important nodes in the network topology and reduces the probability of important nodes in path selection, thereby distributing traffic to multiple communication paths, achieving the purpose of increasing the difficulty and cost of eavesdropping attacks. In addition, it dynamically adjusts the weight of the routing path through network state constraints to avoid link congestion and improve the availability of routing mutation. Experimental data shows that DPW-RRM could not only guarantee the normal algorithmic overhead, communication delay, and CPU load of the network, but also effectively resist eavesdropping attacks.

• 한국인지과학회:학술대회논문집
• /
• 한국인지과학회 2010년도 춘계학술대회
• /
• pp.2-7
• /
• 2010

Formally, we may define cognitive science as the convergent study between symbolic and connectionist approaches at macro and micro levels. Since what we refer to as the human mind is regarded as a mathematical product of the human brain and the computing machine, we can obtain two mathematical dynamical projections: one from the set of human brains to the set of mind, the other from the set of computing machines to the set of mind. Then, we are having a new projection from the classical models to the quantum mind.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권8호
• /
• pp.3187-3200
• /
• 2020

Finding key users in microblog has been a research hotspot in recent years. There are two kinds of key users: obvious and hidden ones. Influence of the former is direct while that of the latter is indirect. Most of existing methods evaluate user's direct influence, so key users they can find usually obvious ones, and their ability to identify hidden key users is very low as hidden ones exert influence in a very covert way. Consequently, the algorithm of finding hidden key users based on topic transfer entropy, called TTE, is proposed. TTE algorithm believes that hidden key users are those normal users possessing a high covert influence on obvious ones. Firstly, obvious key users are discovered based on microblog propagation scale. Then, based on microblogs' topic similarity and time correlation, the transfer entropy from ordinary users' blogs to obvious key users is calculated and used to measure the covert influence. Finally, hidden influence degrees of ordinary users are comprehensively evaluated by combining above indicators with the influence of both ordinary users and obvious ones. We conducted experiments on Sina Weibo, and the results showed that TTE algorithm had a good ability to identify hidden key users.

• ETRI Journal
• /
• 제39권1호
• /
• pp.108-115
• /
• 2017

ARIA is a 128-bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential-linear cryptanalysis. We present five rounds of differential-linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential-linear attacks based on six rounds of ARIA-128 and seven rounds of ARIA-256. This is the first multidimensional differential-linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.

• 대한수학회보
• /
• 제28권2호
• /
• pp.219-224
• /
• 1991

• 한국수학교육학회지시리즈A:수학교육
• /
• 제28권1호
• /
• pp.57-61
• /
• 1989