• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.199-208
• /
• 2004

In this paper, we propose and implement SIA System for filtering redundant alert messages and dividing them into four statuses. Also, we confirm that our system can find and analyze vulnerability types of network intrusion by attackers in a managed network, so that it provides very effective means for security managers to cope with security threats in real time.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.153-163
• /
• 2023

This study is situated in the context of intelligent transport systems, where in-vehicle devices assist drivers to avoid accidents and therefore improve road safety. The vehicles present in a given area form an ad' hoc network of vehicles called vehicular ad' hoc network. In this type of network, the nodes are mobile vehicles and the messages exchanged are messages to warn about obstacles that may hinder the correct driving. Node mobilities make it impossible for inter-node communication to be end-to-end. Recognizing this characteristic has led to delay-tolerant vehicular networks. Embedded devices have small buffers (memory) to hold messages that a node needs to transmit when no other node is within its visibility range for transmission. The performance of a vehicular delay-tolerant network is closely tied to the successful management of the nodes' transit buffer. In this paper, we propose a message transit buffer management model for nodes in vehicular delay tolerant networks. This model consists in setting up, on the one hand, a policy of dropping messages from the buffer when the buffer is full and must receive a new message. This drop policy is based on the concept of intermediate node to destination, queues and priority class of service. It is also based on the properties of the message (size, weight, number of hops, number of replications, remaining time-to-live, etc.). On the other hand, the model defines the policy for selecting the message to be transmitted. The proposed model was evaluated with the ONE opportunistic network simulator based on a 4000m x 4000m area of downtown Bouaké in Côte d'Ivoire. The map data were imported using the Open Street Map tool. The results obtained show that our model improves the delivery ratio of security alert messages, reduces their delivery delay and network overload compared to the existing model. This improvement in communication within a network of vehicles can contribute to the improvement of road safety.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.4
• /
• pp.141-149
• /
• 2002

Recently, a number of network systems are developed rapidly and network architectures are more complex than before, and a policy-based network management should be used in network system. Especially, a new paradigm that policy-based network management can be applied for the network security is raised. A security policy server in the management layer can generate new policy, delete. update the existing policy and decide the policy when security policy is requested. The security server needs to analyze and manage the alert message received from server Policy enforcement system in the enforcement layer for the available information. In this paper, we implement an alert analyzer that analyze the stored alert data for making of security policy efficiently in framework of the policy-based network security management. We also propose a data mining system for the analysis of alert data The implemented mining system supports alert analyzer and the high level analyzer efficiently for the security.

• Journal of the Korean Data and Information Science Society
• /
• v.22 no.6
• /
• pp.1153-1166
• /
• 2011

Detecting misbehavior in vehicular ad-hoc networks is very important problem with wide range of implications including safety related and congestion avoidance applications. Most misbehavior detection schemes are concerned with detection of malicious nodes. In most situations, vehicles would send wrong information because of selfish reasons of their owners. Because of rational behavior, it is more important to detect false information than to identify misbehaving nodes. In this paper, we propose the variable precision rough sets based misbehavior detection scheme which detects false alert message and misbehaving nodes by observing their action after sending out the alert messages. In the proposed scheme, the alert information system, alert profile is constructed from valid actions of moving nodes in vehicular ad-hoc networks. Once a moving vehicle receives an alert message from another vehicle, it finds out the alert type from the alert message. When the vehicle later receives a beacon from alert raised vehicle after an elapse of time, then it computes the relative classification error by using variable precision rough sets from the alert information system. If the relative classification error is lager than the maximum allowable relative classification error of the alert type, the vehicle decides the message as false alert message. Th performance of the proposed scheme is evaluated as two metrics: correct ratio and incorrect ratio through a simulation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.11
• /
• pp.6845-6848
• /
• 2014

This paper proposes a system design of IDS for detecting and defending against DDoS attacks on a network. The proposed system has three parts; the Alert, Attack Analyzer and Defense agent. When the server resource was reduced too much by incoming traffic, the Alert Agent sends message and traffic information to the Attack Analyzer. The message and traffic to the Attack analyzer include only the sender & receiver address and packet numbers for minimizing the overload of Attack Analyzer. Message Received Attack Analyzer investigates the Message. If the pattern of traffic is the same as the DDoS Style, the Analyzer sends a message to the Defense Agent to block that traffic. In this system, at the serious state of the server-down, the Attack analyzer uncovers the DDoS Attacker and send a message to the Defense Agent to block that traffic. This works for server reactivation as soon as possible.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2B
• /
• pp.215-224
• /
• 2010

A container security device (CSD) monitors intrusions through the cargo door; it is a reduced function device that uses IEEE 802.15.4 with a beacon mode. However, in the beacon mode, the CSD consumes too much battery power in periodical idle listening and sensing trials. Moreover, the CSD cannot send the message to the CSD reader actively, and it makes big latency problem. Therefore, we propose a low-power CSD to reduce the unnecessary power consumption. The proposed CSD follows the requirements of the U.S. Department of Homeland Security, and reduces battery consumption through a power-efficient hardware design, a night-watch mechanism for low-power operation and low-power sensing to reduce unnecessary monitoring. And the CSD sends alert message to the CSD reader. Simulation results show that our CSD reduces battery consumption by over 70% through the night-watch mechanism and by approximately 80% through the low-power sensing. And the CSD can send the alert message to the remote CSD reader by over 94%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1707-1721
• /
• 2004

In this paper, we propose a distributed communication model of intrusion detection system(IDS) in which integrated security management at networks level is possible, model it at a security node and distributed system levels, design and implement a simulator. At the node level, we evaluate the transfer capability of alert message based on the analysis of giga-bit security node architecture which performs hardware-based intrusion detection. At the distributed system level, we perform the evaluation of transfer capability of detection and alert informations between components of distributed IDS. In the proposed model, we carry out the performance evaluation considering decision factors of communication mechanism and present the results in order to gain some quantitative understanding of the system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.26 no.11C
• /
• pp.24-32
• /
• 2001

Recently, in the case that provides electronic services using Internet, we need the non-repudiation service that supplies a technological evidence about actions between a sender and a receiver that violate the promised protocol. Also, this service offers legal evidences while producing controversy. In this paper, we propose a protocol that improves the efficiency and offers the fairness of non-repudiation service by the extension of ability of TTP (Trusted Third Party). The proposed protocol adds a Time Check function and an Alert Message to extend the ability of TTP. Through the computer simulation, we prove that the proposed protocol has better efficiency than previous protocols.

• Journal of Institute of Control, Robotics and Systems
• /
• v.20 no.2
• /
• pp.157-162
• /
• 2014

The international COSPAS-SARSAT program is a satellite-based search and rescue distress alert detection and information distribution system and best known as the system that detects and locates emergency beacons activated by aircraft, ships and so on. However, the current message format of the system is not encrypted so that, if the rescue signal can be intercepted by the unintended receivers, the subsequent rescue activities can be handled in a hostile environment. So, this article concerns how to deal with the rescue signals in a secure way and proposes some adequate encryption methods and the corresponding key management.