• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.71-77
• /
• 2006

Several network attacks, such as distributed denial of service (DDoS) attack, present a very serious threat to the stability of the internet. The threat posed by network attacks on large networks, such as the internet, demands effective detection method. Therefore, a simple intrusion detection system on large-scale backbone network is needed for the sake of real-time detection, preemption and detection efficiency. In this paper, in order to discriminate attack traffic from legitimate traffic on backbone links, we suggest a relatively simple statistical measure, entropy, which can track value frequency. Den is conspicuous distinction of entropy values between attack traffic and legitimate traffic. Therefore, we can identify what kind of attack it is as well as detecting the attack traffic using entropy value.

• Journal of KIISE:Software and Applications
• /
• v.35 no.3
• /
• pp.189-196
• /
• 2008

To build autonomous agents who can make a decision on behalf of humans in time-critical complex environments, the formulation of operational knowledge base could be essential. This paper proposes the methodology of how to formulate the knowledge base and evaluates it in a practical application domain. We analyze threat data received from the multiple sensors of Aircraft Survivability Equipment(ASE) for Korean helicopters, and integrate the threat data into the inductive model through compilation technique which extracts features of the threat data and relations among them. The compiled protocols of state-action rules can be implemented as the brain of the ASE. They can reduce the amounts of reasoning, and endow the autonomous agents with reactivity and flexibility. We report experimental results that demonstrate the distinctive and predictive patterns of threats in simulated battlefield settings, and show the potential of compilation methods for the successful detection of threat systems.

• The Journal of the Korea Contents Association
• /
• v.7 no.3
• /
• pp.93-100
• /
• 2007

Internet had spread in all fields with the fast speed during the last 10 years. Lately, wireless network is also spreading rapidly. Also, number of times that succeed attack attempt and invasion for wireless network is increasing rapidly TMS system was developed to overcome these threat on wireless network. Existing TMS system supplies active confrontation mechanism on these threats. However, existent TMS has limitation that new form of attack do not filtered efficiently. Therefor this paper proposes a new method that it automatically compute the threat from the imput packets with vector space model and detect anomaly detection of wireless network. Proposed mechanism in this research analyzes similarity degree between packets, and detect something wrong symptom of wireless network and then classify these threats automatically.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.660-663
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.7
• /
• pp.953-956
• /
• 2002

The threat to the network is increasing due to explosive increasing use of the Internet. Current IDS(Intrusion Detection System) detects intrusion and does individual response in small area network. It is important that construction of infra to do response in all system environment through sharing information between different network domains. This paper provides a policy-based IDS management architecture enabling management of intrusion detection systems. The IIDS(Integrated Intrusion Detection System) is composed of IDAs(Intrusion Detection Agents). We describe requirements in design and the elements of function.

• Journal of the military operations research society of Korea
• /
• v.11 no.2
• /
• pp.6-14
• /
• 1985

The layered multi-barrier defense situation against penetrating enemy threat is analytically modeled towards minimizing the penetration probability. Each layer is characterized by probability of detection and probability of kill given detection. The two capabilities are assumed independent. Detection in a layer, however, affects detection performance in subsequent layers. The following three models were formulated and investigated: (1) 'Model A' permits increase of detection performance in only the next barrier, (2) 'Model B' permits the increase in all subsequent barriers linearly, and (3) 'Model C' expresses the increase in an asymptotic exponential way. The best and the worst barrier combinations are determined through model exercise and model performances are compared through sensitivity analysis for the 'intensification factor.'

• Proceedings of the KSME Conference
• /
• 2008.11a
• /
• pp.1629-1632
• /
• 2008

Rapid, real-time detection of pathogenic microorganisms is an emerging and quickly evolving field of research, especially with regard to microorganisms that pose a major threat to public health. Herein, a new method that uses bioimpedance and solid culture medium for the real-time detection of microorganisms is introduced. We fabricated a new impedimetric biosensor by integrating solid media and two plane electrodes attached on two facing sides of an acryl well. During bioelectrical impedance analysis, the solid medium showed the characteristics of a homogenous conductive material. In a real-time impedance measurement, our solid-medium biosensor could monitor bacterial growth in situ with a detection time of ${\sim}4$ hrs. Our data indicate that the solid-medium biosensor is useful for detecting airborne microorganisms, thereby providing a new analytical tool for impedance microbiology.

• Strategy21
• /
• s.40
• /
• pp.82-114
• /
• 2016

The purpose of this article is to analyze the progress of North Korea's SLBM threat, and to assess the technological capacity and threat level of its SLBMs. Currently, North Korea has approximately 1000 ballistic missiles, such as the SCUD, Musudan, and Nodong, in stock. This article pays close attention to the background and strategical implication behind North Korea's obsession with developing SLBMs despite possessing sufficient means to launch provocations with its current arsenal of ground based ballistic missiles and conventional weapons. Based on the abovementioned analysis, this article will recommend possible response directions for the ROK Armed Forces to North Korea's SLBM threat. It is highly difficult to detect SLBMs due to its stealthy nature, as it is launched underwater after covert infiltration. North Korea's SLBM is considered a game changer in that even one SLBM can significantly change the strategic balance of North East Asia. North Korea's SLBM test launch in August has made a 500km flight, landing 80km inside the JADIZ (Japan Air Defense Identification Zone), and as such, it is assessed that North Korea already possesses underwater ejection and cold launch capabilities. The most realistic response to North Korea's imminent SLBM threat is bolstering anti-submarine capabilities. ROK Armed Forces need to upgrade its underwater kill-chain by modernizing and introducing new airborne anti-submarine assets and nuclear-powered submarines, among many options. Moreover, we should integrate SM-3 missiles with the Aegis Combat system that possess strong detection capabilities and flexibility, thereby establishing a sea-based Ballistic Missle Defense (BMD) system centered around the Aegis Combat System, as sea-based ballistic missile threats are best countered out in the seas. Finally, the capabilities gap that could arise as a result of budgetary concerns and timing of fielding new assets should be filled by establishing firm ROK-US-Japan combined defense posture.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.61-73
• /
• 2015

In order to respond quickly to security threats that are increasing fast and variously, security control personnel needs to understand the threat of a massive amount of logs generated from security devices such as firewalls and IDS. However, due to the limitations of the information processing capability of humans, it takes a lot of time to analyze the vast amount of security logs. As a result, there is problem that the detection and response of security threats are delayed. Visualization technique is an effective way to solve this problem. This paper visualizes the security log using the RGB Palette, offering a quick and effective way to know whether the security threat is occurred. And it was applied empirically in VAST Challenge 2012 dataset.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1067-1075
• /
• 2015

With the recent increase of the number of mobile game users, the side effects such as the manipulation of game points, levels and game speed and payment fraud are emerging. Especially, the emulators which make it possible for mobile applications to run on PC is a great threat to mobile game security since debugging specific game application or automating the game playing can be done easier with them. Therefore, we research the efficient ways to detect widely used Android Emulators such as BlueStacks, GenyMotion, Andy, YouWave and ARC Welder from the perspective of client(app), game server and network to reduce threat to mobile game security.