• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.799-808
• /
• 2003

Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.27-36
• /
• 2023

In recent years, ransomware attacks have become more organized and specialized, with the sophistication of attacks targeting specific individuals or organizations using tactics such as social engineering, spear phishing, and even machine learning, some operating as business models. In order to effectively respond to this, various researches and solutions are being developed and operated to detect and prevent attacks before they cause serious damage. In particular, honeypots can be used to minimize the risk of attack on IT systems and networks, as well as act as an early warning and advanced security monitoring tool, but in cases where ransomware does not have priority access to the decoy file, or bypasses it completely. has a disadvantage that effective ransomware response is limited. In this paper, this honeypot is optimized for the user environment to create a reliable real-time dynamic honeypot file, minimizing the possibility of an attacker bypassing the honeypot, and increasing the detection rate by preventing the attacker from recognizing that it is a honeypot file. To this end, four models, including a basic data collection model for dynamic honeypot generation, were designed (basic data collection model / user-defined model / sample statistical model / experience accumulation model), and their validity was verified.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.113-120
• /
• 2018

Today, the development of information and communication technology is rapidly increasing the number of users of network-based service, and enables real-time information sharing among users on the Internet. There are various methods in the information sharing process, and information sharing based on portal service is generally used. However, the process of information sharing serves as a cause of illegal activities in order to amplify the social interest of the relevant stakeholders. Public opinion attack using macro function can distort normal public opinion, so security measures are urgent. Therefore, security measures are urgently needed. Macro attacks are generally defined as attacks in which illegal users acquire multiple IP or ID to manipulate public opinion on the content of a particular web page. In this paper, we analyze network path information based on traceback for macro attack of a specific user, and then detect multiple access of the user. This is a macro attack when the access path information for a specific web page and the user information are matched more than once. In addition, when multiple ID is accessed for a specific web page in the same region, it is not possible to distort the overall public opinion on a specific web page by analyzing the threshold count value.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.385-395
• /
• 2018

With the development of Internet, cyber attack has become a major threat. To detect cyber attacks, intrusion detection system(IDS) has been widely deployed. But IDS has a critical weakness which is that it generates a large number of false alarms. One of the promising techniques that reduce the false alarms in real time is machine learning. However, there are problems that must be solved to use machine learning. So, many machine learning approaches have been applied to this field. But so far, researchers have not focused on features. Despite the features of IDS alerts are important for performance of model, the approach to feature is ignored. In this paper, we propose new feature set which can improve the performance of model and can be extracted from a single alarm. New features are motivated from security analyst's know-how. We trained and tested the proposed model applied new feature set with real IDS alerts. Experimental results indicate the proposed model can achieve better accuracy and false positive rate than SVM model with ordinary features.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.99-109
• /
• 2023

The darknet is frequently referred to as the hub of illicit online activity. In order to keep track of real-time applications and activities taking place on Darknet, traffic on that network must be analysed. It is without a doubt important to recognise network traffic tied to an unused Internet address in order to spot and investigate malicious online activity. Any observed network traffic is the result of mis-configuration from faked source addresses and another methods that monitor the unused space address because there are no genuine devices or hosts in an unused address block. Digital systems can now detect and identify darknet activity on their own thanks to recent advances in artificial intelligence. In this paper, offer a generalised method for deep learning-based detection and classification of darknet traffic. Furthermore, analyse a cutting-edge complicated dataset that contains a lot of information about darknet traffic. Next, examine various feature selection strategies to choose a best attribute for detecting and classifying darknet traffic. For the purpose of identifying threats using network properties acquired from darknet traffic, devised a hybrid deep learning (DL) approach that combines Recurrent Neural Network (RNN) and Bidirectional LSTM (BiLSTM). This probing technique can tell malicious traffic from legitimate traffic. The results show that the suggested strategy works better than the existing ways by producing the highest level of accuracy for categorising darknet traffic using the Black widow optimization algorithm as a feature selection approach and RNN-BiLSTM as a recognition model.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.531-540
• /
• 2021

As cyber attacks and crimes increase exponentially and hacking attacks become more intelligent and advanced, hacking attack methods and routes are evolving unpredictably and in real time. In order to reinforce the enemy's responsiveness, this study aims to propose a method for developing an artificial intelligence-based security control platform by building a next-generation security system using artificial intelligence to respond by self-learning, monitoring abnormal signs and blocking attacks.The artificial intelligence-based security control platform should be developed as the basis for data collection, data analysis, next-generation security system operation, and security system management. Big data base and control system, data collection step through external threat information, data analysis step of pre-processing and formalizing the collected data to perform positive/false detection and abnormal behavior analysis through deep learning-based algorithm, and analyzed data Through the operation of a security system of prevention, control, response, analysis, and organic circulation structure, the next generation security system to increase the scope and speed of handling new threats and to reinforce the identification of normal and abnormal behaviors, and management of the security threat response system, Harmful IP management, detection policy management, security business legal system management. Through this, we are trying to find a way to comprehensively analyze vast amounts of data and to respond preemptively in a short time.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.6
• /
• pp.580-586
• /
• 2017

The establishment of big data service environment requires both cloud-based network technology and clustering technology to improve the efficiency of information access. These cloud-based networks and clustering environments can provide variety of valuable information in real-time, which can be an intensive target of attackers attempting illegal access. In particular, attackers attempting IP spoofing can analyze information of mutual trust hosts constituting clustering, and attempt to attack directly to system existing in the cluster. Therefore, it is necessary to detect and respond to illegal attacks quickly, and it is demanded that the security policy is stronger than the security system that is constructed and operated in the existing single system. In this paper, we investigate routing pattern changes and use them as detection information to enable active correspondence and efficient information service in illegal attacks at this network environment. In addition, through the step-by -step encryption based on the routing information generated during the detection process, it is possible to manage the stable service information without frequent disconnection of the information service for resetting.

• Strategy21
• /
• s.33
• /
• pp.65-112
• /
• 2014

Recent trends show that the PRC has stepped aside its "army-centered approach" and placed greater emphasis on its Navy and Air Force for a wider range of operations, thereby reducing its ground force and harnessing its economic power and military technology into naval development. A quantitative growth of the PLA Navy itself is no surprise as this is not a recent phenomenon. Now is the time to pay closer attention to the level of PRC naval force's performance and the extent of its warfighting capacity in the maritime domain. It is also worth asking what China can do with its widening naval power foundation. In short, it is time to delve into several possible scenarios I which the PRC poses a real threat. With this in mind, in Section Two the paper seeks to observe the construction progress of PRC's naval power and its future prospects up to the year 2020, and categorize time frame according to its major force improvement trends. By analyzing qualitative improvements made over time, such as the scale of investment and the number of ships compared to increase in displacement (tonnage), this paper attempts to identify salient features in the construction of naval power. Chapter Three sets out performance evaluation on each type of PRC naval ships as well as capabilities of the Navy, Air Force, the Second Artillery (i.e., strategic missile forces) and satellites that could support maritime warfare. Finall, the concluding chapter estimates the PRC's maritime warfighting capability as anticipated in respective conflict scenarios, and considers its impact on the Korean Peninsula and proposes the directions ROK should steer in response. First of all, since the 1980s the PRC navy has undergone transitions as the focus of its military strategic outlook shifted from ground warfare to maritime warfare, and within 30 years of its effort to construct naval power while greatly reducing the size of its ground forces, the PRC has succeeded in building its naval power next to the U.S.'s in the world in terms of number, with acquisition of an aircraft carrier, Chinese-version of the Aegis, submarines and so on. The PRC also enjoys great potentials to qualitatively develop its forces such as indigenous aircraft carriers, next-generation strategic submarines, next-generation destroyers and so forth, which is possible because the PRC has accumulated its independent production capabilities in the process of its 30-year-long efforts. Secondly, one could argue that ROK still has its chances of coping with the PRC in naval power since, despite its continuous efforts, many estimate that the PRC naval force is roughly ten or more years behind that of superpowers such as the U.S., on areas including radar detection capability, EW capability, C4I and data-link systems, doctrines on force employment as well as tactics, and such gap cannot be easily overcome. The most probable scenarios involving the PRC in sea areas surrounding the Korean Peninsula are: first, upon the outbreak of war in the peninsula, the PRC may pursue military intervention through sea, thereby undermining efforts of the ROK-U.S. combined operations; second, ROK-PRC or PRC-Japan conflicts over maritime jurisdiction or ownership over the Senkaku/Diaoyu islands could inflict damage to ROK territorial sovereignty or economic gains. The PRC would likely attempt to resolve the conflict employing blitzkrieg tactics before U.S. forces arrive on the scene, while at the same time delaying and denying access of the incoming U.S. forces. If this proves unattainable, the PRC could take a course of action adopting "long-term attrition warfare," thus weakening its enemy's sustainability. All in all, thiss paper makes three proposals on how the ROK should respond. First, modern warfare as well as the emergent future warfare demonstrates that the center stage of battle is no longer the domestic territory, but rather further away into the sea and space. In this respect, the ROKN should take advantage of the distinct feature of battle space on the peninsula, which is surrounded by the seas, and obtain capabilities to intercept more than 50 percent of the enemy's ballistic missiles, including those of North Korea. In tandem with this capacity, employment of a large scale of UAV/F Carrier for Kill Chain operations should enhance effectiveness. This is because conditions are more favorable to defend from sea, on matters concerning accuracy rates against enemy targets, minimized threat of friendly damage, and cost effectiveness. Second, to maintain readiness for a North Korean crisis where timely deployment of US forces is not possible, the ROKN ought to obtain capabilities to hold the enemy attack at bay while deterring PRC naval intervention. It is also argued that ROKN should strengthen its power so as to protect national interests in the seas surrounding the peninsula without support from the USN, should ROK-PRC or ROK-Japan conflict arise concerning maritime jurisprudence. Third, the ROK should fortify infrastructures for independent construction of naval power and expand its R&D efforts, and for this purpose, the ROK should make the most of the advantages stemming from the ROK-U.S. alliance inducing active support from the United States. The rationale behind this argument is that while it is strategically effective to rely on alliance or jump on the bandwagon, the ultimate goal is always to acquire an independent response capability as much as possible.