• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.105-112
• /
• 2014

The utilization of Wireless Ad Hoc Network which can build easily network using wireless device in difficult situation to build network is very good. However, it has security threat element because it transfers data by only forwarding of wireless devices. The measures against this should be prepared because damage by especially routing attack can affect the entire network. It is hard to distinguish malicious node and normal node among nodes composing network and it is not easy also to detect routing attack and respond to this. In this paper, we propose new method which detect routing attack and can respond to this. The amount of traffic in all nodes is measured periodically to judge the presence or absence of attack node on the path set. The technique that hides inspection packet to suspected node and transmits is used in order to detect accurately attack node in the path occurred attack. The experiment is performed by comparing SRAODA and SEAODV technique to evaluate performance of the proposed technique and the excellent performance can be confirmed.

• Journal of Electrical Engineering and Technology
• /
• v.13 no.6
• /
• pp.2447-2455
• /
• 2018

Security is more important in many sensor applications. The node replication attack is a major issue on sensor networks. The replicated node can capture all node details. Node Replication attacks use its secret cryptographic key to successfully produce the networks with clone nodes and also it creates duplicate nodes to build up various attacks. The replication attacks will affect in routing, more energy consumption, packet loss, misbehavior detection, etc. In this paper, a Secure-Efficient Centralized approach is proposed for detecting a Node Replication Attacks in Wireless Sensor Networks for Static Networks. The proposed system easily detects the replication attacks in an effective manner. In this approach Secure Cluster Election is used to prevent from node replication attack and Secure Efficient Centralized Approach is used to detect if any replicated node present in the network. When comparing with the existing approach the detection ratio, energy consumption performs better.

• Journal of Information Processing Systems
• /
• v.2 no.3 s.4
• /
• pp.183-188
• /
• 2006

A RMON agent system, which locates on a subnet, collects the network traffic information for management by retrieving and analyzing all of the packets on the subnet. The RMON agent system can miss some packets due to the high packet analyzing overhead when the number of packets on the subnet is huge. In this paper, we have developed a light-weight RMON agent system that can handle a large amount of packets without packet loss. Our RMON agent system has also been designed such that its functionality can be added dynamically when needed. To demonstrate the dynamic reconfiguration capability of our RMON agent system, a simple port scanning attack detection module is added to the RMON agent system. We have also evaluated the performance of our RMON agent system on a large network that has a huge traffic. The test result has shown our RMON agent system can analyze the network packets without packet loss.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.37-48
• /
• 2008

VoIP service is a transmission of voice data using SIP protocol on IP based network, The SIP protocol has many advantages such as providing IP based voice communication and multimedia service with cheap communication cost and so on. Therefore the SIP protocol spread out very quickly. But, SIP protocol exposes new forms of vulnerabilities on malicious attacks such as Message Flooding attack and protocol parsing attack. And it also suffers threats from many existing vulnerabilities like on IP based protocol. In this paper, we propose a new Virtual Proxy Server system in front of the existed Proxy Server for anomaly detection of SIP attack and stateful management of SIP session with enhanced security. Based on stateful virtual proxy server, out solution shows promising SIP Message Flooding attack verification and detection performance with minimized latency on SIP packet transmission.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.5
• /
• pp.65-75
• /
• 2009

The development of IT technology, Internet popularity is increasing geometrically. However, as its side effect, the intrusion behaviors such as information leakage for key system and infringement of computation network etc are also increasing fast. The attack traffic detection method which is suggested in this study utilizes the Snort, traditional NIDS, filters the packet with false positive among the detected attack traffics using Nmap information. Then, it performs the secondary filtering using nessus vulnerability information and finally performs correlation analysis considering appropriateness of management system, severity of signature and security hole so that it could reduce false positive alarm message as well as minimize the errors from false positive and as a result, it raised the overall attack detection results.

• Journal of Korea Multimedia Society
• /
• v.17 no.10
• /
• pp.1198-1204
• /
• 2014

Most of vaccine type security solutions detect intrusion of computer virus or malicious code. However, they almost don't have functionalities of the information leakage detection. In particular, information leakage through keylogging attact cannot be detected. In this paper, we design and implement a solution to detect the leakage of information through keylogging attact. Proposed solution detects the user-specified information in real time. To detect the leakage of user-specified information, the solution extracts the payload field from each outbound packet and compares with user-specified information. We design the solution to reduce the effect on the packet transmission delay time due to packet monitoring operation. And we design a simple user interface. By proposed solution, user can response to intrusion or information leakage immediately because he or she can perceives a leakage of information in real time.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.4
• /
• pp.65-71
• /
• 2019

IAs smart device penetration rate is more than 90%, mobile transaction ratio using smart device is increasing. Smart contracts are used in various areas of real life including smart trading. By applying smart contracts to the platform for smart transactions through block-chain technology, the threat of hacking or forgery can be reduced. However, various threats to devices in smart transactions can pose a threat to the use of block chain Etherium, an important element in privilege and personal information management. Smart contract used in block chain Ethereum includes important information or transaction details of users. Therefore, in case of an attack of privilege elevation, it is very likely to exploit transaction details or forge or tamper with personal information inquiry. In this paper, we propose a detection and countermeasure method for privilege escalation attack, which is especially important for block chain for secure smart transaction using block chain Ethereum. When comparing the results of this study with the results of similar applications and researches, we showed about 12~13% improvement in performance and suggested the future countermeasures through packet analysis.

• Journal of KIISE:Databases
• /
• v.34 no.6
• /
• pp.473-482
• /
• 2007

Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. They raise alarm when possible intrusion happens. But they often output a large amount of low-level of incomplete alert information. Consequently, a large amount of incomplete alert information that can be unmanageable and also be mixed with false alerts can prevent intrusion response systems and security administrator from adequately understanding and analyzing the state of network security, and initiating appropriate response in a timely fashion. So it is important for the security administrator to reduce the redundancy of alerts, integrate and correlate security alerts, construct attack scenarios and present high-level aggregated information. False alarm rate is the ratio between the number of normal connections that are incorrectly misclassified as attacks and the total number of normal connections. In this paper we propose a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The proposed model can classify the alarms from the intrusion detection systems into false alert or true attack. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.19-26
• /
• 2003

Recently, the number of internet service companies is increasing and so is the number of malicious attackers. Damage such as distrust about credit and instability of the service by these attacks may influence us fatally as it makes companies image failing down. One of the frequent and fatal attacks is DoS(Denial-of-Service). Because the attacker performs IP spoofing for hiding his location in DoS attack it is hard to get an exact location of the attacker from source IP address only. and even if the system recovers from the attack successfully, if attack origin has not been identified, we have to consider the possibility that there may be another attack again in near future by the same attacker. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Martins Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin we were able to decrease the number of needed packets to traceback the IP address.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.2
• /
• pp.41-47
• /
• 2012

MANET has vulnerable structure on security owing to structural characteristics as follows. MANET consisted of moving nodes is that every nodes have to perform function of router. Every node has to provide reliable routing service in cooperation each other. These properties are caused by expose to various attacks. But, it is difficult that position of environment intrusion detection system is established, information is collected, and particularly attack is detected because of moving of nodes in MANET environment. It is not easy that important profile is constructed also. In this paper, conformal predictor - support vector machine(CP-SVM) based intrusion detection technique was proposed in order to do more accurate and efficient intrusion detection. In this study, IDS-agents calculate p value from collected packet and transmit to cluster head, and then other all cluster head have same value and detect abnormal behavior using the value. Cluster form of hierarchical structure was used to reduce consumption of nodes also. Effectiveness of proposed method was confirmed through experiment.