• Journal of Satellite, Information and Communications
• /
• v.8 no.2
• /
• pp.29-35
• /
• 2013

In this paper, we investigate the type and detection methode of spoofing attack, and then analyze the performance of spoofing detection algorithm in GPS L1 signal through the simulation. Generally spoofer is different from the jammer, because the receiver can be operated and not. In case of spoofing the GPS receiver is hard to recognize the spoofing attack and can be operated normally without stopping because the spoofing signal is the mimic GPS signal. To evaluate the performance of spoofing detection algorithm, both the software based spoofing and GPS signal generator and the software based GPS receiver are implemented. In paper, we can check that spoofing signal can affect to the DLL and PLL tracking loop because code delay and doppler frequency of spoofing. The spoofing detection algorithm has been implemented using the pseudorange, signal strength and navigation solution of GPS receiver and proposed algorithm can effectively detect the spoofing signal.

• Journal of Positioning, Navigation, and Timing
• /
• v.10 no.3
• /
• pp.169-177
• /
• 2021

In this paper, we propose a novel global navigation satellite system (GNSS) spoofing detection technique through an array antenna-based direction of arrival (DoA) estimation of satellite and spoofer. Specifically, we consider a sophisticated GNSS spoofing attack scenario where the spoofer can accurately mimic the multiple pseudo-random number (PRN) signals since the spoofer has its own GNSS receiver and knows the location of the target receiver in advance. The target GNSS receiver precisely estimates the DoA of all PRN signals using compressed sensing-based orthogonal matching pursuit (OMP) even with a small number of samples, and it performs spoofing detection from the DoA estimation results of all PRN signals. In addition, considering the initial situation of a sophisticated spoofing attack scenario, we designed the algorithm to have high spoofing detection performance regardless of the relative spoofing signal power. Therefore, we do not consider the assumption in which the power of the spoofing signal is about 3 dB greater than that of the authentic signal. Then, we introduce design parameters to get high true detection probability and low false alarm probability in tandem by considering the condition for the presence of signal sources and the proximity of the DoA between authentic signals. Through computer simulations, we compare the DoA estimation performance between the conventional signal direction estimation method and the OMP algorithm in few samples. Finally, we show in the sophisticated spoofing attack scenario that the proposed spoofing detection technique using OMP-based estimated DoA of all PRN signals outperforms the conventional spoofing detection scheme in terms of true detection and false alarm probability.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1221-1224
• /
• 2004

최근 사회적으로 큰 문제로 대두되는 네트워크기반 공격들은 공격 대상 시스템으로 하여금 정상 서비스가 불가능하도록 하는 서비스거부 (분산서비스거부 포함) 공격이 주를 이루며, 이러한 공격에는 기본적으로 패킷의 출발지 IP 주소를 위장하는 IP spoofing 기술이 사용된다. 본 논문에서는 현재까지 상용라우터에 적용되어 있는 IP spoofing 방지 기술과 리눅스시스템에서 제공하는 IP spoofing 방지 기술 그리고 연구논문으로 제시된 IP spoofing 방지 기술을 분석하고, 이를 토대로 IP spoofing 기술을 사용한 공격자의 패킷을 초기에 차단하는 IP spoofing 방지 라우터 프레임웍을 제안한다.

• Journal of Internet Computing and Services
• /
• v.9 no.4
• /
• pp.85-96
• /
• 2008

An authentication procedure on wired and wireless network will be done based on the registration and management process storing both the user's IP address and client device's MAC address information. However, existent MAC address registration/administration mechanisms were weak in MAC Spoofing attack as the attacker can change his/her own MAC address to client's MAC address. Therefore, an advanced mechanism should be proposed to protect the MAC address spoofing attack. But, existing techniques sequentially compare a sequence number on packet with previous one to distinguish the alteration and modification of MAC address. However, they are not sufficient to actively detect and protect the wireless MAC spoofing attack. In this paper, both AirSensor and AP are used in wireless network for collecting the MAC address on wireless packets. And then proposed module is used for detecting and protecting MAC spoofing attack in real time based on MAC Address Lookup table. The proposed mechanism provides enhanced detection/protection performance and it also provides a real time correspondence mechanism on wireless MAC spoofing attack with minimum delay.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.281-284
• /
• 2010

The characteristics of International Hacking is that because even if with tracing techniques, nobody can find Real IP address of the attacker so it is true that Great difficulty in the investigation. so that an attacker goes through the Proxy Server Many times and they use techniques of IP Spoofing to hide their IP address. In this paper, study How attackers use IP Spoofing Technique and the application of Proxy Server. In addition, to Propose IP Spoofing attacks through the Proxy Server attack and defend methods also IP traceback methods so this study materials will contribute to the development of International Hacking and Security Protection Technology.

• Journal of Convergence Society for SMB
• /
• v.4 no.1
• /
• pp.47-53
• /
• 2014

DNS spoofing, the DNS server with the address of a specific web server intercepts them in the process of translating the attacker wants to forge a Web server that is a way to access. ARP spoofing ARP request and response messages for the protocol without authentication vorticity incorrect information as to the ARP Cache Table to store the MAC addresses of their vulnerability using the MAC address of the other computer as if it were a lie technique. These DNS / ARP spoofing attacks in detail to find out about how it looks at ways to prevent. Think about the future research directions.

• Journal of Institute of Control, Robotics and Systems
• /
• v.21 no.3
• /
• pp.283-289
• /
• 2015

In this paper, a GNSS interference detection algorithm based on an adaptive fading Kalman filter is proposed to detect a spoofing signal which is one of the threatening GNSS intentional interferences. To detect and mitigate the spoofing signal, the fading factor of the filter is used as a detection parameter. For simulation, the effect of the spoofing signal is modeled by the ramp type bias error of the pseudorange to emulate a smart spoofer and the change of the fading factor value according to ramp type bias error is quantitatively analyzed. In addition, the detection threshold is established to detect the spoofing signal by analyzing the change of the error covariance and the effect of spoofing is mitigated by controlling the Kalman gain of the filter. To verify the performance analysis of the proposed algorithm, various simulations are implemented. Through the results of simulations, we confirmed that the proposed algorithm works well.

• Journal of Communications and Networks
• /
• v.18 no.6
• /
• pp.948-961
• /
• 2016

Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the anti-spoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal anti-spoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.

• Journal of Advanced Navigation Technology
• /
• v.18 no.1
• /
• pp.7-13
• /
• 2014

In this paper, an effect on a GPS receiver by spoofing signal is analyzed and a GPS spoofing signal detection algorithm for GPS L1 C/A spoofing signal is proposed. A proposed detection algorithm monitors the correlation function distortion by the spoofing signal. If detected distortion is over a detection threshold, we can determine that the spoofing signal is received. The detection threshold is calculated from the statistical characteristics of a thermal noise. For verifying the suggested algorithm, a MATLAB-based simulation platform is implemented. This platform has functionalities to track GPS signal and measure the correlation values. By using this platform, the correlation function distortion by spoofing signal is observed. Also a performance of the algorithm proposed in this paper is applied and confirm the detection of a spoofing signal.

• Journal of Positioning, Navigation, and Timing
• /
• v.12 no.2
• /
• pp.101-111
• /
• 2023

Many spoofing detection studies have been conducted to cope with the most difficult types of deception among various disturbances of GPS, such as jamming, spoofing, and meaconing. In this paper, we propose a spoofing detection scheme based on elevation masked-relative received power between GPS L1 and L2 signals in a system using a multi-band array antenna. The proposed scheme focuses on enabling spoofing to be normally detected and minimizes the possibility of false detection in an environment where false alarms may occur due to pattern distortion among elements of an array antenna. The pattern distortion weakens the GPS signal strength at low elevation. It becomes confusing to detect a spoofing signal based on the relative power difference between GPS L1 and L2, especially when GPS L2 has weak signal strength. We propose design parameters for the relative power threshold including beamforming gain, the minimum received power difference between L1 and L2, and the patch antenna gain difference between L1 and L2. In addition, in order to eliminate the weak signal strength of GPS L2 in the spoofing detection process, we propose a rotation matrix that sets the elevation mask based on platform coordinates. Array antennas generally do not have high usefulness in commercial areas where receivers are operated alone, but are considered essential in military areas where GPS receivers are used together with signal processing for beamforming in the direction of GPS satellites. Through laboratory and live sky tests using the device under test, the proposed scheme with an elevation mask detects spoofing signals well and reduces the probability of false detection relative to that without the elevation mask.