• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.5
• /
• pp.1085-1100
• /
• 2011

The Random Early Detection algorithm is widely used in the queue management mechanism of the router. We find that the parameters of the RED algorithm have a significant influence on the defense performance of the random early detection algorithm and discuss the robust of the algorithm in mitigating Low-rate Denial-of-Service attack in details. Simulation results show that the defense performance can be effectively improved by adjusting the parameters of $Q_{min}$ and $Q_{max}$. Some suggestions are given for mitigating the LDoS attack at the end of this paper.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.1
• /
• pp.296-308
• /
• 2015

Advanced Encryption Standard (AES) is widely used for protecting wireless sensor network (WSN). At the Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2012, G$\acute{e}$rard et al. proposed an optimized collision attack and break a practical implementation of AES. However, the attack needs at least 256 averaged power traces and has a high computational complexity because of its byte wise operation. In this paper, we propose a novel double sieve collision attack based on bitwise collision detection, and an improved version with an error-tolerant mechanism. Practical attacks are successfully conducted on a software implementation of AES in a low-power chip which can be used in wireless sensor node. Simulation results show that our attack needs 90% less time than the work published by G$\acute{e}$rard et al. to reach a success rate of 0.9.

• The Journal of Pediatrics of Korean Medicine
• /
• v.20 no.1
• /
• pp.151-164
• /
• 2006

Objective : The objective of this study is to analyze an increasing rate, difference of attack rate in age, relationship between atopic dermatitis and breast-feeding, the relationship between atopic dermatitis and the Sasang constitution, and various treatments of atopic dermatitis. Methods : This clinical study was carried out with 22 theses which are related with diagnosis, treatments, prognosis and control of atopic dermatitis. The 22 theses are carried on J Korean Oriental Pediatrics, J Korean Oriental Ophthalmology, J Korean Oriental Med, J Korean Academy of Pediatric Allergy and Respiratory Disease, J Korean Acad Fam Med and Korean J Food & Nutr. Results : The prevalence rate, attack rate and diagnosis rate of atopic dermatitis are increased in the year of 2000, compared with those of 1995. Comparing age of patient between the year of 1992 and 2002, the attack rate of atopic dermatitis is increased quickly over 7 years old. Specific immunoglobulin E(IgE) antibodies detected in patients under 1 year old was exclusively caused by food. But for the age over 7 years old, food and inhalant allergen are detected in the year of 2002 in compare with that of 1992. Because of breast-feeding, intemperate diet adjustment during the period of maternity of family history of atopic dermatitis, the attack rate of atopic dermatitis is increased in infant. The types of patients are categorized according to Sasang constitution and Soeumin group was largest. The Oriental medicine treatments of atopic dermatitis are bath & skin hydration, avoidance from antigen, dietetic treatment, external treatment, medication and phototherapy. Conclusion : The atopic dermatitis is associated with breast-feeding, Sasang constitution types. More active approach for the treatment and prevention of Atopic dermatitis in children are needed.

• Bulletin of the Korean Chemical Society
• /
• v.32 no.10
• /
• pp.3743-3747
• /
• 2011

Kinetic studies on the reactions of Y-S-aryl phenyl phosphonochloridothioates with X-pyridines have been carried out in MeCN at $55.0^{\circ}C$. The Hammett and Bronsted plots for substituent X variations in the nucleophiles are biphasic concave upwards with a break point at X = H. The Hammett plots for substituent Y variations in the substrates are biphasic concave upwards with a break point at Y = H, and the sign of ${\rho}_Y$ is changed from unusual negative (${\rho}_Y$ < 0) with the weaker electrophiles to positive (${\rho}_Y$ > 0) with the stronger electrophiles. The stepwise mechanism is proposed on the basis of the ${\rho}_X$, ${\beta}_X$, and ${\rho}_{XY}$ values as follows: a ratelimiting leaving group departure from the intermediate involving a frontside attack and product-like TS for the stronger nucleophiles and weaker electrophiles; a rate-limiting leaving group departure from the intermediate involving a backside attack and product-like TS for the weaker nucleophiles and electrophiles; a rate-limiting bond formation involving a frontside attack for the stronger nucleophiles and electrophiles; a rate-limiting bond formation involving a backside attack for the weaker nucleophiles and stronger electrophiles. The substituent effects of X and Y on the pyridinolysis mechanisms of $R_1R_2P$(=S)Cl-type substrates are discussed.

• Journal of Intelligence and Information Systems
• /
• v.15 no.4
• /
• pp.201-212
• /
• 2009

Even though the spread spectrum method is known as most robust algorithm to general attacks, it has a drawback to the time axis attack. In this paper, I proposed a robust audio copyright protection algorithm which is robust to the time axis attack and has advantages of the spread spectrum method. Time axis attack includes the audio length variation attack with same pitch and the audio frequency variation attack. In order to detect the embedded watermark by the spread spectrum method, the detection algorithm should know the exact rate of the time axis attack. Even if there is a method to know the rate, it needs heavy computational resource and it is not possible to implement. In this paper, solving this problem, the audio signal is transformed into time-invariant domain, and the spread spectrum watermark is embedded into the audio in the domain. Therefore the proposed algorithm has the advantages of the spread spectrum method and it is also robust to the time axis attack. The time-invariant domain process is that the audio is arranged by log scale time axis, and then, the Fourier transform is taken to the audio in the log scale time axis. As a result, the algorithm can get the time-invariant watermark signal.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2C
• /
• pp.208-218
• /
• 2006

In this paper, we introduce the creation methods of attack detection model using data mining technologies that can classify the latest attack types, and can detect the modification of existing attacks as well as the novel attacks. Also, we evaluate comparatively these attack detection models in the view of detection accuracy and detection time. As the important factors for creating detection models, there are data, attribute, and detection algorithm. Thus, we used NetFlow data gathered at the real network, and KDD Cup 1999 data for the experiment in large quantities. And for attribute selection, we used a heuristic method and a theoretical method using decision tree algorithm. We evaluate comparatively detection models using a single supervised/unsupervised data mining approach and a combined supervised data mining approach. As a result, although a combined supervised data mining approach required more modeling time, it had better detection rate. All models using data mining techniques could detect the attacks within 1 second, thus these approaches could prove the real-time detection. Also, our experimental results for anomaly detection showed that our approaches provided the detection possibility for novel attack, and especially SOM model provided the additional information about existing attack that is similar to novel attack.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.346-354
• /
• 2022

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.79-85
• /
• 2022

Anomaly detection is a method to detect and block abnormal data flows in general users' data sets. The previously known method is a method of detecting and defending an attack based on a signature using the signature of an already known attack. This has the advantage of a low false positive rate, but the problem is that it is very vulnerable to a zero-day vulnerability attack or a modified attack. However, in the case of anomaly detection, there is a disadvantage that the false positive rate is high, but it has the advantage of being able to identify, detect, and block zero-day vulnerability attacks or modified attacks, so related studies are being actively conducted. In this study, we want to deal with these anomaly detection mechanisms, and we propose a new mechanism that performs both anomaly detection and classification while supplementing the high false positive rate mentioned above. In this study, the experiment was conducted with five configurations considering the characteristics of various algorithms. As a result, the model showing the best accuracy was proposed as the result of this study. After detecting an attack by applying the Extra Tree and Three-layer ANN at the same time, the attack type is classified using the Extra Tree for the classified attack data. In this study, verification was performed on the NSL-KDD data set, and the accuracy was 99.8%, 99.1%, 98.9%, 98.7%, and 97.9% for Normal, Dos, Probe, U2R, and R2L, respectively. This configuration showed superior performance compared to other models.

• Journal of Internet Computing and Services
• /
• v.24 no.4
• /
• pp.25-36
• /
• 2023

Today, as AI (Artificial Intelligence) technology is introduced in various fields, including security, the development of technology is accelerating. However, with the development of AI technology, attack techniques that cleverly bypass malicious behavior detection are also developing. In the classification process of AI models, an Adversarial attack has emerged that induces misclassification and a decrease in reliability through fine adjustment of input values. The attacks that will appear in the future are not new attacks created by an attacker but rather a method of avoiding the detection system by slightly modifying existing attacks, such as Adversarial attacks. Developing a robust model that can respond to these malware variants is necessary. In this paper, we propose two methods of generating Adversarial attacks as efficient Adversarial attack generation techniques for improving Robustness in AI models. The proposed technique is the XAI-based attack technique using the XAI technique and the Reference based attack through the model's decision boundary search. After that, a classification model was constructed through a malicious code dataset to compare performance with the PGD attack, one of the existing Adversarial attacks. In terms of generation speed, XAI-based attack, and reference-based attack take 0.35 seconds and 0.47 seconds, respectively, compared to the existing PGD attack, which takes 20 minutes, showing a very high speed, especially in the case of reference-based attack, 97.7%, which is higher than the existing PGD attack's generation rate of 75.5%. Therefore, the proposed technique enables more efficient Adversarial attacks and is expected to contribute to research to build a robust AI model in the future.

• Journal of Communications and Networks
• /
• v.15 no.1
• /
• pp.31-37
• /
• 2013

Mobile ad hoc networks (MANET) refers to a network designed for special applications for which it is difficult to use a backbone network. In MANETs, applications are mostly involved with sensitive and secret information. Since MANET assumes a trusted environment for routing, security is a major issue. In this paper we analyze the vulnerabilities of a pro-active routing protocol called optimized link state routing (OLSR) against a specific type of denial-of-service (DOS) attack called node isolation attack. Analyzing the attack, we propose a mechanism called enhanced OLSR (EOLSR) protocol which is a trust based technique to secure the OLSR nodes against the attack. Our technique is capable of finding whether a node is advertising correct topology information or not by verifying its Hello packets, thus detecting node isolation attacks. The experiment results show that our protocol is able to achieve routing security with 45% increase in packet delivery ratio and 44% reduction in packet loss rate when compared to standard OLSR under node isolation attack. Our technique is light weight because it doesn't involve high computational complexity for securing the network.