• Proceedings of the Korea Contents Association Conference
• /
• 2006.05a
• /
• pp.385-387
• /
• 2006

The rapidly development of computing environments and the spread of Internet make possible to obtain and use of information easily. The IPv6 environment combined the home network and All-IP Network with has arrived, the damages cased by the attacks from the worm attacks and the various virus has been increased. the In this paper, intrusion detection method using Attack Detection Algorithm Using Bayesian Techniques on the IPv6 Environment.

• Journal of information and communication convergence engineering
• /
• v.7 no.2
• /
• pp.157-163
• /
• 2009

With the wide usage of internet in many fields, networks are being exposed to many security threats, such as DDoS attack and worm/virus. For enterprise network, prevention failure of network security causes the revealing of commercial information or interruption of network services. In this paper, we propose a method of prevention of DDoS attacks for enterprise network based on traceback and network traffic analysis. The model of traceback implements the detection of IP spoofing attacks by the cooperation of trusted adjacent host, and the method of network traffic analysis implements the detection of DDoS attacks by analyzing the traffic characteristic. Moreover, we present the result of the experiments, and compare the method with other methods. The result demonstrates that the method can effectively detect and block DDoS attacks and IP spoofing attacks.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.11a
• /
• pp.195-199
• /
• 2005

The IPv6 environment combined the home network and the Internet with has arrived, the damages cased by the attacks from the worm attacks and the various virus has been increased. In this paper we analyze the traffics of TCP, UDP and ICMP, and propose for a method to detect harmful traffics in the IPv6 environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.292-294
• /
• 2002

인터넷 사용의 급증과 함께 Code-Red나 Nimda와 같은 서비스 거부 공격형 웜 바이러스가 급격히 확산되고 있으며 이로 인한 피해가 급증하고 있다. 이러한 웜 바이러스 대부분 일정 패턴의 HTTP 요청을 가지고 있으며 이러한 HTTP 요청 패턴을 확인하면 현재 감염된 클라이언트를 확인 할 수 있다. 그러나 새로운 웜 바이러스의 출현 시에는 기존에 분석한 요청 패턴만으로는 감염된 클라이언트의 확인이 불가능하다. 따라서 본 논문에서는 프락시 서버를 이용하여 실시간으로 바이러스 패턴을 분석하여 그 HTTP 요청 패턴과, 감염된 클라이언트 정보를 관리자에게 전송하며 자동으로 해당 클라이언트 및 해당 패턴에 대한 요청을 차단하여 바이러스의 확산을 막는 시스템을 제안한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.4 no.3
• /
• pp.33-43
• /
• 2008

As internet is spreaded widely, the number of cyber terror using hacking and virus is increased. Also the hacking to the internet shopping mall go on increasing. If the large shopping mall is attacked by the hacker, a number of user's information are exposed to the hacker. The private information as like a resident registration number, user's real name, the date of user's birth, the mobile phone number, the office phone number / address, the home phone number / address and so on include the information. These information are used in the phishing e-mails / call and spam. And them are selling and buying maliciously. The large internet shopping mall 'auction' was hacked in April, 2008. After the incident, this paper suggested a countermeasures on the hacking for the internet shopping mall. The technical item and political item are included among the countermeasures. The countermeasures can protect the hacking not only the internet shopping mall but also the web sites basically.

• Journal of Sericultural and Entomological Science
• /
• v.20 no.2
• /
• pp.36-39
• /
• 1978

With the current advances in insect toxicant bioassay, the need for easy methods of estimating the dosage-mortality regression equation has become vital. The Probit analysis seems to be not convenient for estimating the dosage-mortality regression equation and median lethal dose(LD50) because of its complexity in calculation. This study presents a comparision between Probit and Losit transformation for the estimation from bioassay results. Validation of the two methods is presented for the pathogenecity of nuclear polyhedrosis virus to the larva of fall web worm, Hyphantria cunea D.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.2 s.40
• /
• pp.351-360
• /
• 2006

Proposed security system attacks it, and detect it, and a filter generation, a business to be prompt of interception filtering dates at attack information public information. inner IPS to attack detour setting and a traffic band security, different connection security system, and be attack packet interceptions and service and port interception setting. Exchange new security rule and packet filtering for switch type implementation through dynamic reset memory by real time, and deal with a packet. The attack detection about DDoS, SQL Stammer, Bug bear, Opeserv worm etc. of the 2.5 Gbs which was an attack of a hacker consisted in network performance experiment by real time. Packet by attacks of a hacker was cut off, and ensured the normal inside and external network resources besides the packets which were normal by the results of active renewal.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.91-103
• /
• 2004

The survey of network firewall system has been focused on the deny policy that protects information from the unlicensed and the intrusion detection system. Government has solved several firewall problems as building the intranet separated from the intranet. However, the new firewall system would been satisfied both the denialpolicy and information share with the public, according as government recently emphasizes electronic service. Namely, it has to provide the functions such as the information exchange among divisions, partial share of information with the public, network connection and the interception of illegal access. Also, it considers the solution that protects system from hacking by inner user and damage of virus such as Worm. This Paper suggests the protects information system using the intrusion prevention system and role-based security policy to support the partial opennessand the security that satisfied information share among governments and public service.

• Korean journal of applied entomology
• /
• v.30 no.3
• /
• pp.187-195
• /
• 1991

This study was carried out to acquire some basic biological informations on the granulosis virus (GV) of Pieris rapae and Pieris brassicae. Purified fractions of GV capsules in an sucrose density gradient centrifugation yielded on homogenous and sharp peak without a shoulder. Electron microscopy revealed that GV capsules were mostly ovalglove in shape. P. rapae and P. rapae GV isolated from P. rapae comprised granules($396\pm38\times238\pm25nm$ for P. rapae GV. $375\pm40\times255\pm28nm$ for P. brassicae GV) which contained single virus particle. The virus particles were 250- $275{\times}63$ -73nm for P. rapae GV and 243-250 $\times$ 63-75nm for P. brassicae GV containing a nucleocapsid 225 $\times$ 31nm for P. rapae, 225 $\times$ 29nm for P. brassicae within an envelope. The virulent difference between the two viruses was very small in their virulence for P. rapae larvae showing the $LC_{50}$( -log) with 5.5673 for P. rapae GV and 5.8104 for P. brassicae GV. Also the $LT_{50}$ of the 3rd instar P. rapae larvae against $10^{-6}$ inoculum was 8.17 days for P. rapae GV and 7.16 days for P. brassicae GV.

• The Journal of Korean Association of Computer Education
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2010

NAC(Network Access Control) has been developed as a solution for the security of end-point user, to be a target computer of worm attack which does not use security patch of OS and install Anti-Virus, which spreads the viruses in the Intra-net. Currently the NAC products in market have a sufficient technology of pre-connect, but insufficient one of post-connect which detects the threats after the connect through regular authentication. Therefore NAC users have been suffered from Zero-day attacks and malware infection. In this paper, to solve the problems in the post-connect step we generate the normal behavior profiles using the traffic information of each host, host information through agent, information of open port and network configuration modification through network scanner addition to authentication of host and inspection of policy violation used before. Based on these we propose the system to detect the hosts infected malware.