• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.799-808
• /
• 2003

Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.

• Proceedings of the IEEK Conference
• /
• 2003.07d
• /
• pp.1359-1362
• /
• 2003

The intrusions appears continuously by new unknown attacks exploiting vulnerabilities of systems or components but there are no perfect solutions to protect this unknown attacks. To overcome this problem, in this paper, we have proposed and implemented a Web service intrusion tolerant system that provides continuous Web services to the end users transparently even after the occurrence of an attack against the Web services, and prevents the disclosure of system's configuration data from server Our system has an N+l node architecture which is to minimize the number of redundant server nodes and to tolerate the intrusion effectively, and it also supports diversity in its design. Experimental result obtained on an implemented system show that our system can cope with intrusion such as DoS, file modification, confidentiality compromise of system properly.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.12
• /
• pp.714-723
• /
• 2003

In order to guarantee system survivability against attacks based on new methodology, we need a solution to recognize important resources for essential services and to adapt the urgent situation properly. In this paper, we present a dynamic resource reallocation scheme which is one of the core technologies for the implementation of intrusion tolerant systems. By means of resource reallocation within a node, this scheme enables the essential services to survive even after the occurrence of a system attack. If the settlement does not work within the node, resource reallocation among nodes takes places, thus the essential services are transferred to another prepared server node. Experimental result obtained on a testbed reveals the validity of the proposed scheme for resource reallocation. This scheme may work together with IDS(Intrusion Detection System) to produce effective responsive mechanism against attacks.

• Information and Communications Magazine
• /
• v.21 no.9
• /
• pp.75-90
• /
• 2004

기존의 정보통신 보안 인프라 강화를 위하여 많은 개별 보안 시스템들이 활용된다. 침입차단, 침입탐지, 그리고 가상사설망 장비들을 설치하여 보안성을 향상 시켰는데, 이로 인하여 각 보안 시스템 간의 정책 충돌이 발생하기도 하여 보안상 효율성이 떨어지기도 하고, 여러 보안 시스템들을 관리하여야 하는 관리상의 복잡성과 비용상의 문제점이 존재한다. 이를 해결하기 위하여 침입탐지, 침입차단, 그리고 가상사설망 기능을 통합하여 제공하는 통합 보안 엔진 개념이 부각되었으며, 이러한 통합 보안 엔진 기능을 라우터에 탑재하여 정보통신 인프라의 보안성을 강화시킨다. 본 논문에서는 통합 보안 엔진을 라우터나 스위치 등과 같은 네트워크 노드에 탑재하여 안전한 네트워킹이 가능하도록 하는 보안 프레임웍을 소개한다. 또한, 침입탐지, 침입차단, 가상사설망 기능을 통합하여 제공하는 라우터용 통합 보안엔진의 구조를 소개하고, 이를 위해 구현된 핵심 기능을 기술한다. 이러한 통합 보안 엔진이 탑재된 보안 라우터와 기존의 보안 기능이 있는 상용 라우터와의 비교를 통하여 통합 보안 엔진이 탑재된 보안 라우터 시스템의 효율성을 설명한다.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.4
• /
• pp.267-272
• /
• 2016

Wireless sensor networks (WSNs) are vulnerable to external intrusions due to the wireless communication characteristics and limited hardware resources. Thus, the attacker can cause sinkhole attack while intruding the network. INSENS is proposed for preventing the sinkhole attack. INSENS uses the three symmetric keys in order to prevent such sinkhole attacks. However, the sinkhole attack occurs again, even in the presence of INSENS, through the compromised node because INSENS does not consider the node being compromised. In this paper, we propose a method to counter the sinkhole attack by considering the compromised node, based on the neighboring nodes' information. The goals of the proposed method are i) network reliability improvement and ii) energy conservation through effective prevention of the sinkhole attack by detecting compromised nodes. The experimental results demonstrate that the proposed method can save up to, on average, 19.90% of energy while increasing up to, on average, 71.50%, the report reliability against internal sinkhole attacks in comparison to INSENS.

• The KIPS Transactions:PartA
• /
• v.10A no.1
• /
• pp.7-14
• /
• 2003

In order to cope with DoS (Denial of Service) attacks disturbing delivery of intended services by exhausting resources of computing nodes, we need a solution to recognize important resources for the essential services which have to be maintained under any circumstances and to adapt the system to the urgent situation and reconfigure itself properly. In this paper, we present a two-phase scheme to handle the problem. In the first phase, by means of dynamic resource reallocation within a computing node, we try to make the selected essential services survive even after the occurrence of an attack. For the second phase when it becomes impossible to continue the service in spite of the actions taken in the first phase, we apply server replication in order to continue the transparent provision of the essential services with the end users by utilizing redundant computing nodes previously arranged. Experimental result obtained on a testbed reveals the validity of the proposed scheme. A comparison with other proposed schemes has been conducted by analyzing the performance and the cost.