• 반도체디스플레이기술학회지
• /
• 제21권4호
• /
• pp.86-91
• /
• 2022

Cache bypassing is a scheme to prevent unnecessary cache blocks from occupying the capacity of the cache for avoiding cache contamination. This method is introduced to alleviate the problems of non-volatile memories (NVMs)-based memory system. However, the prior works have been studied without considering wear-out attack. Malicious writing to a small area in NVMs leads to the failure of the system due to the limited write endurance of NVMs. This paper proposes a novel scheme to prolong the lifetime with higher resistance for the wear-out attack. First, the memory reference pattern is found by modified reuse distance calculation for each cache block. If a cache block is determined as the target of the attack, it is forwarded to higher level cache or main memory without updating the NVM-based cache. The experimental results show that the write endurance is improved by 14% on average and 36% on maximum.

• 정보보호학회논문지
• /
• 제29권2호
• /
• pp.431-438
• /
• 2019

파일리스 악성코드는 악성 행위를 수행할 페이로드의 흔적을 은닉하기 위해 메모리 주입 공격을 이용한다. 메모리 주입 공격 중 프로세스 할로윙이라는 이름의 공격은 시스템 프로세스 등을 일시정지 상태로 생성시킨 다음, 해당 프로세스에 악성 페이로드를 주입시켜 정상 프로세스인 것처럼 위장해 악성행위를 수행하는 방법이다. 본 논문은 프로세스 할로윙 공격이 발생했을 경우, 악성 행위 실제 수행 여부와 상관없이 메모리 주입 여부를 검출할 수 있는 방법을 제안한다. 메모리 주입이 의심되는 프로세스와 동일한 실행 조건을 갖는 복제 프로세스를 실행시키고, 각 프로세스 가상 메모리 영역에 속해있는 데이터 집합을 퍼지 해시를 이용해 비교한 다음 유사도를 산출한다.

• 한국산학기술학회논문지
• /
• 제15권5호
• /
• pp.3121-3131
• /
• 2014

메모리 관련 취약점은 컴퓨터 시스템 상에서의 가장 위협적인 공격이며 메모리 취약점을 이용한 실제 공격의 또한 증가하고 있다. 따라서 다양한 메모리 보호 메커니즘이 연구되고 운영체제 상에서 구현되었지만, 보호 시스템들을 우회하기 위한 새로운 공격 기법들이 함께 발전하고 있다. 특히, 메모리 관련 공격 기법 중 버퍼 오버플로우 공격은 코드 재사용 공격이라 불리는 Return-Oriented Programming(ROP), Jump-Oriented Programming(JOP)등으로 발전하여 운영체제가 포함하는 메모리 보호 메커니즘을 우회하고 있다. 본 논문에서는 코드 재사용 공격 기법의 특징을 분석하고, 분석된 결과를 이용하여 바이너리 수준에서의 코드 재사용 공격을 탐지할 수 있는 메커니즘을 제안하며, 실험을 통해 제안하는 메커니즘이 코드 재사용 공격을 효율적으로 탐지할 수 있음을 증명한다.

• ETRI Journal
• /
• 제41권5호
• /
• pp.560-573
• /
• 2019

Two supervised learning algorithms, a basic neural network and a long short-term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.

• 정보처리학회논문지C
• /
• 제18C권2호
• /
• pp.89-96
• /
• 2011

Address Space Randomization(ASR)은 성능 부하가 없고 광범위한 데이터 메모리 영역의 보호가 가능한 우수한 방어 기법이다. ASR은 사용 가능한 데이터 메모리 영역 내에서 변수를 재배치 함으로써 공격자에게 변수의 주소를 숨기는데, 데이터 메모리 영역의 크기가 한정되어서 무차별 공격에 취약한 단점이 있다. 본 논문은 기존 ASR의 단점을 제거하기 위한 다중 ASR 기법을 제시한다. 다중 ASR 기법은 데이터 메모리 영역을 원본 및 복사 영역으로 나누고 각 메모리 영역의 변수 값을 비교함으로써 공격을 탐지하고 방어한다. 다중 ASR에서 각 데이터 메모리 영역의 변수는 서로 다른 순서로 배치되므로 한 번의 공격을 통해 동시에 동일한 변수 값을 조작하는 것은 불가능하다. 다중 ASR이 적용된 프로그램은 중복 수행으로 인해 비교적 높은 성능 부하를 보이나, 실제 공격 대상이 되는 웹서버 등 I/O 처리가 많이 요구되는 프로그램의 경우 40%~50% 정도의 성능 부하를 보인다. 아울러 본 논문에서는 프로그램에 다중 ASR을 적용하기 위한 변환프로그램을 개발하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권5호
• /
• pp.1272-1290
• /
• 2013

Privacy-preserving collaborative filtering schemes are becoming increasingly popular because they handle the information overload problem without jeopardizing privacy. However, they may be susceptible to shilling or profile injection attacks, similar to traditional recommender systems without privacy measures. Although researchers have proposed various privacy-preserving recommendation frameworks, it has not been shown that such schemes are resistant to profile injection attacks. In this study, we investigate two memory-based privacy-preserving collaborative filtering algorithms and analyze their robustness against several shilling attack strategies. We first design and apply formerly proposed shilling attack techniques to privately collected databases. We analyze their effectiveness in manipulating predicted recommendations by experimenting on real data-based benchmark data sets. We show that it is still possible to manipulate the predictions significantly on databases consisting of masked preferences even though a few of the attack strategies are not effective in a privacy-preserving environment.

• International journal of advanced smart convergence
• /
• 제5권4호
• /
• pp.54-56
• /
• 2016

Code-reuse attacks are very dangerous in various systems. This is because they do not inject malicious codes into target systems, but reuse the instruction sequences in executable files or libraries of target systems. Moreover, code-reuse attacks could be more harmful to IoT systems in the sense that it may not be easy to devise efficient and effective mechanism for code-reuse attack detection in resource-restricted IoT devices. In this paper, we propose a detection scheme with using Kullback-Leibler (KL) divergence to combat against code-reuse attacks in IoT. Specifically, we detect code-reuse attacks by calculating KL divergence between the probability distributions of the packets that generate from IoT devices and contain code region addresses in memory system and the probability distributions of the packets that come to IoT devices and contain code region addresses in memory system, checking if the computed KL divergence is abnormal.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권4호
• /
• pp.1944-1956
• /
• 2016

The Digital Video Broadcasting-Common Scrambling Algorithm is an ETSI-designated algorithm designed for protecting MPEG-2 signal streams, and it is universally used. Its structure is a typical hybrid symmetric cipher which contains stream part and block part within a symmetric cipher, although the entropy is 64 bits, there haven't any effective cryptanalytic results up to now. This paper studies the security level of CSA against impossible differential cryptanalysis, a 20-round impossible differential for the block cipher part is proposed and a flaw in the cipher structure is revealed. When we attack the block cipher part alone, to recover 16 bits of the initial key, the data complexity of the attack is O(2^44.5), computational complexity is O(2^22.7) and memory complexity is O(2^10.5) when we attack CSA-BC reduced to 21 rounds. According to the structure flaw, an attack on CSA with block cipher part reduced to 21 rounds is proposed, the computational complexity is O(2^21.7), data complexity is O(2^43.5) and memory complexity is O(2^10.5), we can recover 8 bits of the key accordingly. Taking both the block cipher part and stream cipher part of CSA into consideration, it is currently the best result on CSA which is accessible as far as we know.

• 정보보호학회논문지
• /
• 제16권3호
• /
• pp.143-155
• /
• 2006

본 논문에서는 국가표준 암호인 ARIA에 효율적인 마스킹 기법을 제안하였다. 4개의 SBOX에 대해 각각 마스킹을 적용하는 기존의 마스킹 기법과 달리, 본 논문에서는 1개의 테이블만을 사용한 마스킹 구현기법을 제안하고, 실험을 통하여 1차 DPA 공격에 안전함을 확인하였다. 제안하는 역원테이블 방법을 이용하면 한 번의 역원 테이블을 만드는데 많은 시간이 필요하지만 마스킹을 여러 번 수행하는 경우에는 테이블을 반복적으로 이용하게 되므로 연산속도를 크게 개선할 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제18권5호
• /
• pp.1341-1368
• /
• 2024

The concept of privacy-preserving collaborative filtering (PPCF) has been gaining significant attention. Due to the fact that model-based recommendation methods with privacy are more efficient online, privacy-preserving memory-based scheme should be avoided in favor of model-based recommendation methods with privacy. Several studies in the current literature have examined ant colony clustering algorithms that are based on non-privacy collaborative filtering schemes. Nevertheless, the literature does not contain any studies that consider privacy in the context of ant colony clustering-based CF schema. This study employed the ant colony clustering model-based PPCF scheme. Attacks like shilling or profile injection could potentially be successful against privacy-preserving model-based collaborative filtering techniques. Afterwards, the scheme's robustness was assessed by conducting a shilling attack using six different attack models. We utilize masked data-based profile injection attacks against a privacy-preserving ant colony clustering-based prediction algorithm. Subsequently, we conduct extensive experiments utilizing authentic data to assess its robustness against profile injection attacks. In addition, we evaluate the resilience of the ant colony clustering model-based PPCF against shilling attacks by comparing it to established PPCF memory and model-based prediction techniques. The empirical findings indicate that push attack models exerted a substantial influence on the predictions, whereas nuke attack models demonstrated limited efficacy.